com.pulumi.gcp.certificatemanager.kotlin.CertificateArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.certificatemanager.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.certificatemanager.CertificateArgs.builder
import com.pulumi.gcp.certificatemanager.kotlin.inputs.CertificateManagedArgs
import com.pulumi.gcp.certificatemanager.kotlin.inputs.CertificateManagedArgsBuilder
import com.pulumi.gcp.certificatemanager.kotlin.inputs.CertificateSelfManagedArgs
import com.pulumi.gcp.certificatemanager.kotlin.inputs.CertificateSelfManagedArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Certificate represents a HTTP-reachable backend for a Certificate.
* ## Example Usage
* ### Certificate Manager Google Managed Certificate Dns
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
* name: "dns-auth",
* description: "The default dnss",
* domain: "subdomain.hashicorptest.com",
* });
* const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
* name: "dns-auth2",
* description: "The default dnss",
* domain: "subdomain2.hashicorptest.com",
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "dns-cert",
* description: "The default cert",
* scope: "EDGE_CACHE",
* labels: {
* env: "test",
* },
* managed: {
* domains: [
* instance.domain,
* instance2.domain,
* ],
* dnsAuthorizations: [
* instance.id,
* instance2.id,
* ],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* instance = gcp.certificatemanager.DnsAuthorization("instance",
* name="dns-auth",
* description="The default dnss",
* domain="subdomain.hashicorptest.com")
* instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
* name="dns-auth2",
* description="The default dnss",
* domain="subdomain2.hashicorptest.com")
* default = gcp.certificatemanager.Certificate("default",
* name="dns-cert",
* description="The default cert",
* scope="EDGE_CACHE",
* labels={
* "env": "test",
* },
* managed=gcp.certificatemanager.CertificateManagedArgs(
* domains=[
* instance.domain,
* instance2.domain,
* ],
* dns_authorizations=[
* instance.id,
* instance2.id,
* ],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
* {
* Name = "dns-auth",
* Description = "The default dnss",
* Domain = "subdomain.hashicorptest.com",
* });
* var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
* {
* Name = "dns-auth2",
* Description = "The default dnss",
* Domain = "subdomain2.hashicorptest.com",
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "dns-cert",
* Description = "The default cert",
* Scope = "EDGE_CACHE",
* Labels =
* {
* { "env", "test" },
* },
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations = new[]
* {
* instance.Id,
* instance2.Id,
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth2"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain2.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("dns-cert"),
* Description: pulumi.String("The default cert"),
* Scope: pulumi.String("EDGE_CACHE"),
* Labels: pulumi.StringMap{
* "env": pulumi.String("test"),
* },
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations: pulumi.StringArray{
* instance.ID(),
* instance2.ID(),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificatemanager.DnsAuthorization;
* import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
* .name("dns-auth")
* .description("The default dnss")
* .domain("subdomain.hashicorptest.com")
* .build());
* var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
* .name("dns-auth2")
* .description("The default dnss")
* .domain("subdomain2.hashicorptest.com")
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("dns-cert")
* .description("The default cert")
* .scope("EDGE_CACHE")
* .labels(Map.of("env", "test"))
* .managed(CertificateManagedArgs.builder()
* .domains(
* instance.domain(),
* instance2.domain())
* .dnsAuthorizations(
* instance.id(),
* instance2.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: dns-cert
* description: The default cert
* scope: EDGE_CACHE
* labels:
* env: test
* managed:
* domains:
* - ${instance.domain}
* - ${instance2.domain}
* dnsAuthorizations:
* - ${instance.id}
* - ${instance2.id}
* instance:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth
* description: The default dnss
* domain: subdomain.hashicorptest.com
* instance2:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth2
* description: The default dnss
* domain: subdomain2.hashicorptest.com
* ```
*
* ### Certificate Manager Google Managed Certificate Issuance Config
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pool = new gcp.certificateauthority.CaPool("pool", {
* name: "ca-pool",
* location: "us-central1",
* tier: "ENTERPRISE",
* });
* // creating certificate_issuance_config to use it in the managed certificate
* const issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig", {
* name: "issuance-config",
* description: "sample description for the certificate issuanceConfigs",
* certificateAuthorityConfig: {
* certificateAuthorityServiceConfig: {
* caPool: pool.id,
* },
* },
* lifetime: "1814400s",
* rotationWindowPercentage: 34,
* keyAlgorithm: "ECDSA_P256",
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "issuance-config-cert",
* description: "The default cert",
* scope: "EDGE_CACHE",
* managed: {
* domains: ["terraform.subdomain1.com"],
* issuanceConfig: issuanceconfig.id,
* },
* });
* const caAuthority = new gcp.certificateauthority.Authority("ca_authority", {
* location: "us-central1",
* pool: pool.name,
* certificateAuthorityId: "ca-authority",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pool = gcp.certificateauthority.CaPool("pool",
* name="ca-pool",
* location="us-central1",
* tier="ENTERPRISE")
* # creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig",
* name="issuance-config",
* description="sample description for the certificate issuanceConfigs",
* certificate_authority_config=gcp.certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs(
* certificate_authority_service_config=gcp.certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs(
* ca_pool=pool.id,
* ),
* ),
* lifetime="1814400s",
* rotation_window_percentage=34,
* key_algorithm="ECDSA_P256")
* default = gcp.certificatemanager.Certificate("default",
* name="issuance-config-cert",
* description="The default cert",
* scope="EDGE_CACHE",
* managed=gcp.certificatemanager.CertificateManagedArgs(
* domains=["terraform.subdomain1.com"],
* issuance_config=issuanceconfig.id,
* ))
* ca_authority = gcp.certificateauthority.Authority("ca_authority",
* location="us-central1",
* pool=pool.name,
* certificate_authority_id="ca-authority",
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* ),
* ),
* ),
* ),
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pool = new Gcp.CertificateAuthority.CaPool("pool", new()
* {
* Name = "ca-pool",
* Location = "us-central1",
* Tier = "ENTERPRISE",
* });
* // creating certificate_issuance_config to use it in the managed certificate
* var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig("issuanceconfig", new()
* {
* Name = "issuance-config",
* Description = "sample description for the certificate issuanceConfigs",
* CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs
* {
* CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs
* {
* CaPool = pool.Id,
* },
* },
* Lifetime = "1814400s",
* RotationWindowPercentage = 34,
* KeyAlgorithm = "ECDSA_P256",
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "issuance-config-cert",
* Description = "The default cert",
* Scope = "EDGE_CACHE",
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* "terraform.subdomain1.com",
* },
* IssuanceConfig = issuanceconfig.Id,
* },
* });
* var caAuthority = new Gcp.CertificateAuthority.Authority("ca_authority", new()
* {
* Location = "us-central1",
* Pool = pool.Name,
* CertificateAuthorityId = "ca-authority",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* },
* },
* },
* },
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pool, err := certificateauthority.NewCaPool(ctx, "pool", &certificateauthority.CaPoolArgs{
* Name: pulumi.String("ca-pool"),
* Location: pulumi.String("us-central1"),
* Tier: pulumi.String("ENTERPRISE"),
* })
* if err != nil {
* return err
* }
* // creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, "issuanceconfig", &certificatemanager.CertificateIssuanceConfigArgs{
* Name: pulumi.String("issuance-config"),
* Description: pulumi.String("sample description for the certificate issuanceConfigs"),
* CertificateAuthorityConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{
* CertificateAuthorityServiceConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{
* CaPool: pool.ID(),
* },
* },
* Lifetime: pulumi.String("1814400s"),
* RotationWindowPercentage: pulumi.Int(34),
* KeyAlgorithm: pulumi.String("ECDSA_P256"),
* })
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("issuance-config-cert"),
* Description: pulumi.String("The default cert"),
* Scope: pulumi.String("EDGE_CACHE"),
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* pulumi.String("terraform.subdomain1.com"),
* },
* IssuanceConfig: issuanceconfig.ID(),
* },
* })
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewAuthority(ctx, "ca_authority", &certificateauthority.AuthorityArgs{
* Location: pulumi.String("us-central1"),
* Pool: pool.Name,
* CertificateAuthorityId: pulumi.String("ca-authority"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* },
* },
* },
* },
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
* import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pool = new CaPool("pool", CaPoolArgs.builder()
* .name("ca-pool")
* .location("us-central1")
* .tier("ENTERPRISE")
* .build());
* // creating certificate_issuance_config to use it in the managed certificate
* var issuanceconfig = new CertificateIssuanceConfig("issuanceconfig", CertificateIssuanceConfigArgs.builder()
* .name("issuance-config")
* .description("sample description for the certificate issuanceConfigs")
* .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
* .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
* .caPool(pool.id())
* .build())
* .build())
* .lifetime("1814400s")
* .rotationWindowPercentage(34)
* .keyAlgorithm("ECDSA_P256")
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("issuance-config-cert")
* .description("The default cert")
* .scope("EDGE_CACHE")
* .managed(CertificateManagedArgs.builder()
* .domains("terraform.subdomain1.com")
* .issuanceConfig(issuanceconfig.id())
* .build())
* .build());
* var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()
* .location("us-central1")
* .pool(pool.name())
* .certificateAuthorityId("ca-authority")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .build())
* .build())
* .build())
* .build())
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: issuance-config-cert
* description: The default cert
* scope: EDGE_CACHE
* managed:
* domains:
* - terraform.subdomain1.com
* issuanceConfig: ${issuanceconfig.id}
* # creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig:
* type: gcp:certificatemanager:CertificateIssuanceConfig
* properties:
* name: issuance-config
* description: sample description for the certificate issuanceConfigs
* certificateAuthorityConfig:
* certificateAuthorityServiceConfig:
* caPool: ${pool.id}
* lifetime: 1814400s
* rotationWindowPercentage: 34
* keyAlgorithm: ECDSA_P256
* pool:
* type: gcp:certificateauthority:CaPool
* properties:
* name: ca-pool
* location: us-central1
* tier: ENTERPRISE
* caAuthority:
* type: gcp:certificateauthority:Authority
* name: ca_authority
* properties:
* location: us-central1
* pool: ${pool.name}
* certificateAuthorityId: ca-authority
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: true
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* ```
*
* ### Certificate Manager Certificate Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
* name: "dns-auth",
* description: "The default dnss",
* domain: "subdomain.hashicorptest.com",
* });
* const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
* name: "dns-auth2",
* description: "The default dnss",
* domain: "subdomain2.hashicorptest.com",
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "self-managed-cert",
* description: "Global cert",
* scope: "EDGE_CACHE",
* managed: {
* domains: [
* instance.domain,
* instance2.domain,
* ],
* dnsAuthorizations: [
* instance.id,
* instance2.id,
* ],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* instance = gcp.certificatemanager.DnsAuthorization("instance",
* name="dns-auth",
* description="The default dnss",
* domain="subdomain.hashicorptest.com")
* instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
* name="dns-auth2",
* description="The default dnss",
* domain="subdomain2.hashicorptest.com")
* default = gcp.certificatemanager.Certificate("default",
* name="self-managed-cert",
* description="Global cert",
* scope="EDGE_CACHE",
* managed=gcp.certificatemanager.CertificateManagedArgs(
* domains=[
* instance.domain,
* instance2.domain,
* ],
* dns_authorizations=[
* instance.id,
* instance2.id,
* ],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
* {
* Name = "dns-auth",
* Description = "The default dnss",
* Domain = "subdomain.hashicorptest.com",
* });
* var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
* {
* Name = "dns-auth2",
* Description = "The default dnss",
* Domain = "subdomain2.hashicorptest.com",
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "self-managed-cert",
* Description = "Global cert",
* Scope = "EDGE_CACHE",
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations = new[]
* {
* instance.Id,
* instance2.Id,
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth2"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain2.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("self-managed-cert"),
* Description: pulumi.String("Global cert"),
* Scope: pulumi.String("EDGE_CACHE"),
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations: pulumi.StringArray{
* instance.ID(),
* instance2.ID(),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificatemanager.DnsAuthorization;
* import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
* .name("dns-auth")
* .description("The default dnss")
* .domain("subdomain.hashicorptest.com")
* .build());
* var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
* .name("dns-auth2")
* .description("The default dnss")
* .domain("subdomain2.hashicorptest.com")
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("self-managed-cert")
* .description("Global cert")
* .scope("EDGE_CACHE")
* .managed(CertificateManagedArgs.builder()
* .domains(
* instance.domain(),
* instance2.domain())
* .dnsAuthorizations(
* instance.id(),
* instance2.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: self-managed-cert
* description: Global cert
* scope: EDGE_CACHE
* managed:
* domains:
* - ${instance.domain}
* - ${instance2.domain}
* dnsAuthorizations:
* - ${instance.id}
* - ${instance2.id}
* instance:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth
* description: The default dnss
* domain: subdomain.hashicorptest.com
* instance2:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth2
* description: The default dnss
* domain: subdomain2.hashicorptest.com
* ```
*
* ### Certificate Manager Self Managed Certificate Regional
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "self-managed-cert",
* description: "Regional cert",
* location: "us-central1",
* selfManaged: {
* pemCertificate: std.file({
* input: "test-fixtures/cert.pem",
* }).then(invoke => invoke.result),
* pemPrivateKey: std.file({
* input: "test-fixtures/private-key.pem",
* }).then(invoke => invoke.result),
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_std as std
* default = gcp.certificatemanager.Certificate("default",
* name="self-managed-cert",
* description="Regional cert",
* location="us-central1",
* self_managed=gcp.certificatemanager.CertificateSelfManagedArgs(
* pem_certificate=std.file(input="test-fixtures/cert.pem").result,
* pem_private_key=std.file(input="test-fixtures/private-key.pem").result,
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "self-managed-cert",
* Description = "Regional cert",
* Location = "us-central1",
* SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
* {
* PemCertificate = Std.File.Invoke(new()
* {
* Input = "test-fixtures/cert.pem",
* }).Apply(invoke => invoke.Result),
* PemPrivateKey = Std.File.Invoke(new()
* {
* Input = "test-fixtures/private-key.pem",
* }).Apply(invoke => invoke.Result),
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* invokeFile, err := std.File(ctx, &std.FileArgs{
* Input: "test-fixtures/cert.pem",
* }, nil)
* if err != nil {
* return err
* }
* invokeFile1, err := std.File(ctx, &std.FileArgs{
* Input: "test-fixtures/private-key.pem",
* }, nil)
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("self-managed-cert"),
* Description: pulumi.String("Regional cert"),
* Location: pulumi.String("us-central1"),
* SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
* PemCertificate: invokeFile.Result,
* PemPrivateKey: invokeFile1.Result,
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("self-managed-cert")
* .description("Regional cert")
* .location("us-central1")
* .selfManaged(CertificateSelfManagedArgs.builder()
* .pemCertificate(StdFunctions.file(FileArgs.builder()
* .input("test-fixtures/cert.pem")
* .build()).result())
* .pemPrivateKey(StdFunctions.file(FileArgs.builder()
* .input("test-fixtures/private-key.pem")
* .build()).result())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: self-managed-cert
* description: Regional cert
* location: us-central1
* selfManaged:
* pemCertificate:
* fn::invoke:
* Function: std:file
* Arguments:
* input: test-fixtures/cert.pem
* Return: result
* pemPrivateKey:
* fn::invoke:
* Function: std:file
* Arguments:
* input: test-fixtures/private-key.pem
* Return: result
* ```
*
* ### Certificate Manager Google Managed Certificate Issuance Config All Regions
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pool = new gcp.certificateauthority.CaPool("pool", {
* name: "ca-pool",
* location: "us-central1",
* tier: "ENTERPRISE",
* });
* // creating certificate_issuance_config to use it in the managed certificate
* const issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig", {
* name: "issuance-config",
* description: "sample description for the certificate issuanceConfigs",
* certificateAuthorityConfig: {
* certificateAuthorityServiceConfig: {
* caPool: pool.id,
* },
* },
* lifetime: "1814400s",
* rotationWindowPercentage: 34,
* keyAlgorithm: "ECDSA_P256",
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "issuance-config-cert",
* description: "sample google managed all_regions certificate with issuance config for terraform",
* scope: "ALL_REGIONS",
* managed: {
* domains: ["terraform.subdomain1.com"],
* issuanceConfig: issuanceconfig.id,
* },
* });
* const caAuthority = new gcp.certificateauthority.Authority("ca_authority", {
* location: "us-central1",
* pool: pool.name,
* certificateAuthorityId: "ca-authority",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pool = gcp.certificateauthority.CaPool("pool",
* name="ca-pool",
* location="us-central1",
* tier="ENTERPRISE")
* # creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig",
* name="issuance-config",
* description="sample description for the certificate issuanceConfigs",
* certificate_authority_config=gcp.certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs(
* certificate_authority_service_config=gcp.certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs(
* ca_pool=pool.id,
* ),
* ),
* lifetime="1814400s",
* rotation_window_percentage=34,
* key_algorithm="ECDSA_P256")
* default = gcp.certificatemanager.Certificate("default",
* name="issuance-config-cert",
* description="sample google managed all_regions certificate with issuance config for terraform",
* scope="ALL_REGIONS",
* managed=gcp.certificatemanager.CertificateManagedArgs(
* domains=["terraform.subdomain1.com"],
* issuance_config=issuanceconfig.id,
* ))
* ca_authority = gcp.certificateauthority.Authority("ca_authority",
* location="us-central1",
* pool=pool.name,
* certificate_authority_id="ca-authority",
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* ),
* ),
* ),
* ),
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pool = new Gcp.CertificateAuthority.CaPool("pool", new()
* {
* Name = "ca-pool",
* Location = "us-central1",
* Tier = "ENTERPRISE",
* });
* // creating certificate_issuance_config to use it in the managed certificate
* var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig("issuanceconfig", new()
* {
* Name = "issuance-config",
* Description = "sample description for the certificate issuanceConfigs",
* CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs
* {
* CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs
* {
* CaPool = pool.Id,
* },
* },
* Lifetime = "1814400s",
* RotationWindowPercentage = 34,
* KeyAlgorithm = "ECDSA_P256",
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "issuance-config-cert",
* Description = "sample google managed all_regions certificate with issuance config for terraform",
* Scope = "ALL_REGIONS",
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* "terraform.subdomain1.com",
* },
* IssuanceConfig = issuanceconfig.Id,
* },
* });
* var caAuthority = new Gcp.CertificateAuthority.Authority("ca_authority", new()
* {
* Location = "us-central1",
* Pool = pool.Name,
* CertificateAuthorityId = "ca-authority",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* },
* },
* },
* },
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pool, err := certificateauthority.NewCaPool(ctx, "pool", &certificateauthority.CaPoolArgs{
* Name: pulumi.String("ca-pool"),
* Location: pulumi.String("us-central1"),
* Tier: pulumi.String("ENTERPRISE"),
* })
* if err != nil {
* return err
* }
* // creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, "issuanceconfig", &certificatemanager.CertificateIssuanceConfigArgs{
* Name: pulumi.String("issuance-config"),
* Description: pulumi.String("sample description for the certificate issuanceConfigs"),
* CertificateAuthorityConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{
* CertificateAuthorityServiceConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{
* CaPool: pool.ID(),
* },
* },
* Lifetime: pulumi.String("1814400s"),
* RotationWindowPercentage: pulumi.Int(34),
* KeyAlgorithm: pulumi.String("ECDSA_P256"),
* })
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("issuance-config-cert"),
* Description: pulumi.String("sample google managed all_regions certificate with issuance config for terraform"),
* Scope: pulumi.String("ALL_REGIONS"),
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* pulumi.String("terraform.subdomain1.com"),
* },
* IssuanceConfig: issuanceconfig.ID(),
* },
* })
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewAuthority(ctx, "ca_authority", &certificateauthority.AuthorityArgs{
* Location: pulumi.String("us-central1"),
* Pool: pool.Name,
* CertificateAuthorityId: pulumi.String("ca-authority"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* },
* },
* },
* },
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
* import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pool = new CaPool("pool", CaPoolArgs.builder()
* .name("ca-pool")
* .location("us-central1")
* .tier("ENTERPRISE")
* .build());
* // creating certificate_issuance_config to use it in the managed certificate
* var issuanceconfig = new CertificateIssuanceConfig("issuanceconfig", CertificateIssuanceConfigArgs.builder()
* .name("issuance-config")
* .description("sample description for the certificate issuanceConfigs")
* .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
* .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
* .caPool(pool.id())
* .build())
* .build())
* .lifetime("1814400s")
* .rotationWindowPercentage(34)
* .keyAlgorithm("ECDSA_P256")
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("issuance-config-cert")
* .description("sample google managed all_regions certificate with issuance config for terraform")
* .scope("ALL_REGIONS")
* .managed(CertificateManagedArgs.builder()
* .domains("terraform.subdomain1.com")
* .issuanceConfig(issuanceconfig.id())
* .build())
* .build());
* var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()
* .location("us-central1")
* .pool(pool.name())
* .certificateAuthorityId("ca-authority")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .build())
* .build())
* .build())
* .build())
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: issuance-config-cert
* description: sample google managed all_regions certificate with issuance config for terraform
* scope: ALL_REGIONS
* managed:
* domains:
* - terraform.subdomain1.com
* issuanceConfig: ${issuanceconfig.id}
* # creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig:
* type: gcp:certificatemanager:CertificateIssuanceConfig
* properties:
* name: issuance-config
* description: sample description for the certificate issuanceConfigs
* certificateAuthorityConfig:
* certificateAuthorityServiceConfig:
* caPool: ${pool.id}
* lifetime: 1814400s
* rotationWindowPercentage: 34
* keyAlgorithm: ECDSA_P256
* pool:
* type: gcp:certificateauthority:CaPool
* properties:
* name: ca-pool
* location: us-central1
* tier: ENTERPRISE
* caAuthority:
* type: gcp:certificateauthority:Authority
* name: ca_authority
* properties:
* location: us-central1
* pool: ${pool.name}
* certificateAuthorityId: ca-authority
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: true
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* ```
*
* ### Certificate Manager Google Managed Certificate Dns All Regions
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
* name: "dns-auth",
* description: "The default dnss",
* domain: "subdomain.hashicorptest.com",
* });
* const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
* name: "dns-auth2",
* description: "The default dnss",
* domain: "subdomain2.hashicorptest.com",
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "dns-cert",
* description: "The default cert",
* scope: "ALL_REGIONS",
* managed: {
* domains: [
* instance.domain,
* instance2.domain,
* ],
* dnsAuthorizations: [
* instance.id,
* instance2.id,
* ],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* instance = gcp.certificatemanager.DnsAuthorization("instance",
* name="dns-auth",
* description="The default dnss",
* domain="subdomain.hashicorptest.com")
* instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
* name="dns-auth2",
* description="The default dnss",
* domain="subdomain2.hashicorptest.com")
* default = gcp.certificatemanager.Certificate("default",
* name="dns-cert",
* description="The default cert",
* scope="ALL_REGIONS",
* managed=gcp.certificatemanager.CertificateManagedArgs(
* domains=[
* instance.domain,
* instance2.domain,
* ],
* dns_authorizations=[
* instance.id,
* instance2.id,
* ],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
* {
* Name = "dns-auth",
* Description = "The default dnss",
* Domain = "subdomain.hashicorptest.com",
* });
* var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
* {
* Name = "dns-auth2",
* Description = "The default dnss",
* Domain = "subdomain2.hashicorptest.com",
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "dns-cert",
* Description = "The default cert",
* Scope = "ALL_REGIONS",
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations = new[]
* {
* instance.Id,
* instance2.Id,
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth2"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain2.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("dns-cert"),
* Description: pulumi.String("The default cert"),
* Scope: pulumi.String("ALL_REGIONS"),
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations: pulumi.StringArray{
* instance.ID(),
* instance2.ID(),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificatemanager.DnsAuthorization;
* import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
* .name("dns-auth")
* .description("The default dnss")
* .domain("subdomain.hashicorptest.com")
* .build());
* var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
* .name("dns-auth2")
* .description("The default dnss")
* .domain("subdomain2.hashicorptest.com")
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("dns-cert")
* .description("The default cert")
* .scope("ALL_REGIONS")
* .managed(CertificateManagedArgs.builder()
* .domains(
* instance.domain(),
* instance2.domain())
* .dnsAuthorizations(
* instance.id(),
* instance2.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: dns-cert
* description: The default cert
* scope: ALL_REGIONS
* managed:
* domains:
* - ${instance.domain}
* - ${instance2.domain}
* dnsAuthorizations:
* - ${instance.id}
* - ${instance2.id}
* instance:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth
* description: The default dnss
* domain: subdomain.hashicorptest.com
* instance2:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth2
* description: The default dnss
* domain: subdomain2.hashicorptest.com
* ```
*
* ### Certificate Manager Google Managed Regional Certificate Dns Auth
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
* name: "dns-auth",
* location: "us-central1",
* description: "The default dnss",
* domain: "subdomain.hashicorptest.com",
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "dns-cert",
* description: "regional managed certs",
* location: "us-central1",
* managed: {
* domains: [instance.domain],
* dnsAuthorizations: [instance.id],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* instance = gcp.certificatemanager.DnsAuthorization("instance",
* name="dns-auth",
* location="us-central1",
* description="The default dnss",
* domain="subdomain.hashicorptest.com")
* default = gcp.certificatemanager.Certificate("default",
* name="dns-cert",
* description="regional managed certs",
* location="us-central1",
* managed=gcp.certificatemanager.CertificateManagedArgs(
* domains=[instance.domain],
* dns_authorizations=[instance.id],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
* {
* Name = "dns-auth",
* Location = "us-central1",
* Description = "The default dnss",
* Domain = "subdomain.hashicorptest.com",
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "dns-cert",
* Description = "regional managed certs",
* Location = "us-central1",
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* instance.Domain,
* },
* DnsAuthorizations = new[]
* {
* instance.Id,
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth"),
* Location: pulumi.String("us-central1"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("dns-cert"),
* Description: pulumi.String("regional managed certs"),
* Location: pulumi.String("us-central1"),
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* instance.Domain,
* },
* DnsAuthorizations: pulumi.StringArray{
* instance.ID(),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificatemanager.DnsAuthorization;
* import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
* .name("dns-auth")
* .location("us-central1")
* .description("The default dnss")
* .domain("subdomain.hashicorptest.com")
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("dns-cert")
* .description("regional managed certs")
* .location("us-central1")
* .managed(CertificateManagedArgs.builder()
* .domains(instance.domain())
* .dnsAuthorizations(instance.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: dns-cert
* description: regional managed certs
* location: us-central1
* managed:
* domains:
* - ${instance.domain}
* dnsAuthorizations:
* - ${instance.id}
* instance:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth
* location: us-central1
* description: The default dnss
* domain: subdomain.hashicorptest.com
* ```
*
* ## Import
* Certificate can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/certificates/{{name}}`
* * `{{project}}/{{location}}/{{name}}`
* * `{{location}}/{{name}}`
* When using the `pulumi import` command, Certificate can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:certificatemanager/certificate:Certificate default projects/{{project}}/locations/{{location}}/certificates/{{name}}
* ```
* ```sh
* $ pulumi import gcp:certificatemanager/certificate:Certificate default {{project}}/{{location}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:certificatemanager/certificate:Certificate default {{location}}/{{name}}
* ```
* @property description A human-readable description of the resource.
* @property labels Set of label tags associated with the Certificate resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effective_labels` for all of the labels present on the resource.
* @property location The Certificate Manager location. If not specified, "global" is used.
* @property managed Configuration and state of a Managed Certificate.
* Certificate Manager provisions and renews Managed Certificates
* automatically, for as long as it's authorized to do so.
* Structure is documented below.
* @property name A user-defined name of the certificate. Certificate names must be unique
* The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,
* and all following characters must be a dash, underscore, letter or digit.
* - - -
* @property project The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
* @property scope The scope of the certificate.
* DEFAULT: Certificates with default scope are served from core Google data centers.
* If unsure, choose this option.
* EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence.
* See https://cloud.google.com/vpc/docs/edge-locations.
* ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs).
* See https://cloud.google.com/compute/docs/regions-zones
* @property selfManaged Certificate data for a SelfManaged Certificate.
* SelfManaged Certificates are uploaded by the user. Updating such
* certificates before they expire remains the user's responsibility.
* Structure is documented below.
*/
public data class CertificateArgs(
public val description: Output? = null,
public val labels: Output
© 2015 - 2024 Weber Informatics LLC | Privacy Policy