com.pulumi.gcp.networksecurity.kotlin.ServerTlsPolicy.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.networksecurity.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.networksecurity.kotlin.outputs.ServerTlsPolicyMtlsPolicy
import com.pulumi.gcp.networksecurity.kotlin.outputs.ServerTlsPolicyServerCertificate
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import com.pulumi.gcp.networksecurity.kotlin.outputs.ServerTlsPolicyMtlsPolicy.Companion.toKotlin as serverTlsPolicyMtlsPolicyToKotlin
import com.pulumi.gcp.networksecurity.kotlin.outputs.ServerTlsPolicyServerCertificate.Companion.toKotlin as serverTlsPolicyServerCertificateToKotlin
/**
* Builder for [ServerTlsPolicy].
*/
@PulumiTagMarker
public class ServerTlsPolicyResourceBuilder internal constructor() {
public var name: String? = null
public var args: ServerTlsPolicyArgs = ServerTlsPolicyArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend ServerTlsPolicyArgsBuilder.() -> Unit) {
val builder = ServerTlsPolicyArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): ServerTlsPolicy {
val builtJavaResource = com.pulumi.gcp.networksecurity.ServerTlsPolicy(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return ServerTlsPolicy(builtJavaResource)
}
}
/**
* ## Example Usage
* ### Network Security Server Tls Policy Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
* name: "my-server-tls-policy",
* labels: {
* foo: "bar",
* },
* description: "my description",
* allowOpen: false,
* serverCertificate: {
* certificateProviderInstance: {
* pluginInstance: "google_cloud_private_spiffe",
* },
* },
* mtlsPolicy: {
* clientValidationCas: [
* {
* grpcEndpoint: {
* targetUri: "unix:mypath",
* },
* },
* {
* grpcEndpoint: {
* targetUri: "unix:abc/mypath",
* },
* },
* {
* certificateProviderInstance: {
* pluginInstance: "google_cloud_private_spiffe",
* },
* },
* ],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.networksecurity.ServerTlsPolicy("default",
* name="my-server-tls-policy",
* labels={
* "foo": "bar",
* },
* description="my description",
* allow_open=False,
* server_certificate=gcp.networksecurity.ServerTlsPolicyServerCertificateArgs(
* certificate_provider_instance=gcp.networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs(
* plugin_instance="google_cloud_private_spiffe",
* ),
* ),
* mtls_policy=gcp.networksecurity.ServerTlsPolicyMtlsPolicyArgs(
* client_validation_cas=[
* gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs(
* grpc_endpoint=gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs(
* target_uri="unix:mypath",
* ),
* ),
* gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs(
* grpc_endpoint=gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs(
* target_uri="unix:abc/mypath",
* ),
* ),
* gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs(
* certificate_provider_instance=gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs(
* plugin_instance="google_cloud_private_spiffe",
* ),
* ),
* ],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
* {
* Name = "my-server-tls-policy",
* Labels =
* {
* { "foo", "bar" },
* },
* Description = "my description",
* AllowOpen = false,
* ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
* {
* CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs
* {
* PluginInstance = "google_cloud_private_spiffe",
* },
* },
* MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
* {
* ClientValidationCas = new[]
* {
* new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
* {
* GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
* {
* TargetUri = "unix:mypath",
* },
* },
* new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
* {
* GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
* {
* TargetUri = "unix:abc/mypath",
* },
* },
* new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
* {
* CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs
* {
* PluginInstance = "google_cloud_private_spiffe",
* },
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
* Name: pulumi.String("my-server-tls-policy"),
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* Description: pulumi.String("my description"),
* AllowOpen: pulumi.Bool(false),
* ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
* CertificateProviderInstance: &networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs{
* PluginInstance: pulumi.String("google_cloud_private_spiffe"),
* },
* },
* MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
* ClientValidationCas: networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArray{
* &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
* GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
* TargetUri: pulumi.String("unix:mypath"),
* },
* },
* &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
* GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
* TargetUri: pulumi.String("unix:abc/mypath"),
* },
* },
* &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
* CertificateProviderInstance: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs{
* PluginInstance: pulumi.String("google_cloud_private_spiffe"),
* },
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
* .name("my-server-tls-policy")
* .labels(Map.of("foo", "bar"))
* .description("my description")
* .allowOpen("false")
* .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
* .certificateProviderInstance(ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs.builder()
* .pluginInstance("google_cloud_private_spiffe")
* .build())
* .build())
* .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
* .clientValidationCas(
* ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
* .grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
* .targetUri("unix:mypath")
* .build())
* .build(),
* ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
* .grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
* .targetUri("unix:abc/mypath")
* .build())
* .build(),
* ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
* .certificateProviderInstance(ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs.builder()
* .pluginInstance("google_cloud_private_spiffe")
* .build())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:networksecurity:ServerTlsPolicy
* properties:
* name: my-server-tls-policy
* labels:
* foo: bar
* description: my description
* allowOpen: 'false'
* serverCertificate:
* certificateProviderInstance:
* pluginInstance: google_cloud_private_spiffe
* mtlsPolicy:
* clientValidationCas:
* - grpcEndpoint:
* targetUri: unix:mypath
* - grpcEndpoint:
* targetUri: unix:abc/mypath
* - certificateProviderInstance:
* pluginInstance: google_cloud_private_spiffe
* ```
*
* ### Network Security Server Tls Policy Advanced
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
* name: "my-server-tls-policy",
* labels: {
* foo: "bar",
* },
* description: "my description",
* location: "global",
* allowOpen: false,
* mtlsPolicy: {
* clientValidationMode: "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.networksecurity.ServerTlsPolicy("default",
* name="my-server-tls-policy",
* labels={
* "foo": "bar",
* },
* description="my description",
* location="global",
* allow_open=False,
* mtls_policy=gcp.networksecurity.ServerTlsPolicyMtlsPolicyArgs(
* client_validation_mode="ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
* {
* Name = "my-server-tls-policy",
* Labels =
* {
* { "foo", "bar" },
* },
* Description = "my description",
* Location = "global",
* AllowOpen = false,
* MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
* {
* ClientValidationMode = "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
* Name: pulumi.String("my-server-tls-policy"),
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* Description: pulumi.String("my description"),
* Location: pulumi.String("global"),
* AllowOpen: pulumi.Bool(false),
* MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
* ClientValidationMode: pulumi.String("ALLOW_INVALID_OR_MISSING_CLIENT_CERT"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
* .name("my-server-tls-policy")
* .labels(Map.of("foo", "bar"))
* .description("my description")
* .location("global")
* .allowOpen("false")
* .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
* .clientValidationMode("ALLOW_INVALID_OR_MISSING_CLIENT_CERT")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:networksecurity:ServerTlsPolicy
* properties:
* name: my-server-tls-policy
* labels:
* foo: bar
* description: my description
* location: global
* allowOpen: 'false'
* mtlsPolicy:
* clientValidationMode: ALLOW_INVALID_OR_MISSING_CLIENT_CERT
* ```
*
* ### Network Security Server Tls Policy Server Cert
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
* name: "my-server-tls-policy",
* labels: {
* foo: "bar",
* },
* description: "my description",
* location: "global",
* allowOpen: false,
* serverCertificate: {
* grpcEndpoint: {
* targetUri: "unix:mypath",
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.networksecurity.ServerTlsPolicy("default",
* name="my-server-tls-policy",
* labels={
* "foo": "bar",
* },
* description="my description",
* location="global",
* allow_open=False,
* server_certificate=gcp.networksecurity.ServerTlsPolicyServerCertificateArgs(
* grpc_endpoint=gcp.networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs(
* target_uri="unix:mypath",
* ),
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
* {
* Name = "my-server-tls-policy",
* Labels =
* {
* { "foo", "bar" },
* },
* Description = "my description",
* Location = "global",
* AllowOpen = false,
* ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
* {
* GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs
* {
* TargetUri = "unix:mypath",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
* Name: pulumi.String("my-server-tls-policy"),
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* Description: pulumi.String("my description"),
* Location: pulumi.String("global"),
* AllowOpen: pulumi.Bool(false),
* ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
* GrpcEndpoint: &networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs{
* TargetUri: pulumi.String("unix:mypath"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
* .name("my-server-tls-policy")
* .labels(Map.of("foo", "bar"))
* .description("my description")
* .location("global")
* .allowOpen("false")
* .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
* .grpcEndpoint(ServerTlsPolicyServerCertificateGrpcEndpointArgs.builder()
* .targetUri("unix:mypath")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:networksecurity:ServerTlsPolicy
* properties:
* name: my-server-tls-policy
* labels:
* foo: bar
* description: my description
* location: global
* allowOpen: 'false'
* serverCertificate:
* grpcEndpoint:
* targetUri: unix:mypath
* ```
*
* ### Network Security Server Tls Policy Mtls
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
* const project = gcp.organizations.getProject({});
* const defaultTrustConfig = new gcp.certificatemanager.TrustConfig("default", {
* name: "my-trust-config",
* description: "sample trust config description",
* location: "global",
* trustStores: [{
* trustAnchors: [{
* pemCertificate: std.file({
* input: "test-fixtures/ca_cert.pem",
* }).then(invoke => invoke.result),
* }],
* intermediateCas: [{
* pemCertificate: std.file({
* input: "test-fixtures/ca_cert.pem",
* }).then(invoke => invoke.result),
* }],
* }],
* labels: {
* foo: "bar",
* },
* });
* const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
* name: "my-server-tls-policy",
* description: "my description",
* location: "global",
* allowOpen: false,
* mtlsPolicy: {
* clientValidationMode: "REJECT_INVALID",
* clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) => `projects/${project.number}/locations/global/trustConfigs/${name}`),
* },
* labels: {
* foo: "bar",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_std as std
* project = gcp.organizations.get_project()
* default_trust_config = gcp.certificatemanager.TrustConfig("default",
* name="my-trust-config",
* description="sample trust config description",
* location="global",
* trust_stores=[gcp.certificatemanager.TrustConfigTrustStoreArgs(
* trust_anchors=[gcp.certificatemanager.TrustConfigTrustStoreTrustAnchorArgs(
* pem_certificate=std.file(input="test-fixtures/ca_cert.pem").result,
* )],
* intermediate_cas=[gcp.certificatemanager.TrustConfigTrustStoreIntermediateCaArgs(
* pem_certificate=std.file(input="test-fixtures/ca_cert.pem").result,
* )],
* )],
* labels={
* "foo": "bar",
* })
* default = gcp.networksecurity.ServerTlsPolicy("default",
* name="my-server-tls-policy",
* description="my description",
* location="global",
* allow_open=False,
* mtls_policy=gcp.networksecurity.ServerTlsPolicyMtlsPolicyArgs(
* client_validation_mode="REJECT_INVALID",
* client_validation_trust_config=default_trust_config.name.apply(lambda name: f"projects/{project.number}/locations/global/trustConfigs/{name}"),
* ),
* labels={
* "foo": "bar",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* var project = Gcp.Organizations.GetProject.Invoke();
* var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig("default", new()
* {
* Name = "my-trust-config",
* Description = "sample trust config description",
* Location = "global",
* TrustStores = new[]
* {
* new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
* {
* TrustAnchors = new[]
* {
* new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
* {
* PemCertificate = Std.File.Invoke(new()
* {
* Input = "test-fixtures/ca_cert.pem",
* }).Apply(invoke => invoke.Result),
* },
* },
* IntermediateCas = new[]
* {
* new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
* {
* PemCertificate = Std.File.Invoke(new()
* {
* Input = "test-fixtures/ca_cert.pem",
* }).Apply(invoke => invoke.Result),
* },
* },
* },
* },
* Labels =
* {
* { "foo", "bar" },
* },
* });
* var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
* {
* Name = "my-server-tls-policy",
* Description = "my description",
* Location = "global",
* AllowOpen = false,
* MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
* {
* ClientValidationMode = "REJECT_INVALID",
* ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =>
* {
* var project = values.Item1;
* var name = values.Item2;
* return $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}/locations/global/trustConfigs/{name}";
* }),
* },
* Labels =
* {
* { "foo", "bar" },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* project, err := organizations.LookupProject(ctx, nil, nil)
* if err != nil {
* return err
* }
* invokeFile, err := std.File(ctx, &std.FileArgs{
* Input: "test-fixtures/ca_cert.pem",
* }, nil)
* if err != nil {
* return err
* }
* invokeFile1, err := std.File(ctx, &std.FileArgs{
* Input: "test-fixtures/ca_cert.pem",
* }, nil)
* if err != nil {
* return err
* }
* defaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, "default", &certificatemanager.TrustConfigArgs{
* Name: pulumi.String("my-trust-config"),
* Description: pulumi.String("sample trust config description"),
* Location: pulumi.String("global"),
* TrustStores: certificatemanager.TrustConfigTrustStoreArray{
* &certificatemanager.TrustConfigTrustStoreArgs{
* TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
* &certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
* PemCertificate: invokeFile.Result,
* },
* },
* IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
* &certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
* PemCertificate: invokeFile1.Result,
* },
* },
* },
* },
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* })
* if err != nil {
* return err
* }
* _, err = networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
* Name: pulumi.String("my-server-tls-policy"),
* Description: pulumi.String("my description"),
* Location: pulumi.String("global"),
* AllowOpen: pulumi.Bool(false),
* MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
* ClientValidationMode: pulumi.String("REJECT_INVALID"),
* ClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("projects/%v/locations/global/trustConfigs/%v", project.Number, name), nil
* }).(pulumi.StringOutput),
* },
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
* import com.pulumi.gcp.certificatemanager.TrustConfig;
* import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
* import com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var project = OrganizationsFunctions.getProject();
* var defaultTrustConfig = new TrustConfig("defaultTrustConfig", TrustConfigArgs.builder()
* .name("my-trust-config")
* .description("sample trust config description")
* .location("global")
* .trustStores(TrustConfigTrustStoreArgs.builder()
* .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
* .pemCertificate(StdFunctions.file(FileArgs.builder()
* .input("test-fixtures/ca_cert.pem")
* .build()).result())
* .build())
* .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
* .pemCertificate(StdFunctions.file(FileArgs.builder()
* .input("test-fixtures/ca_cert.pem")
* .build()).result())
* .build())
* .build())
* .labels(Map.of("foo", "bar"))
* .build());
* var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
* .name("my-server-tls-policy")
* .description("my description")
* .location("global")
* .allowOpen("false")
* .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
* .clientValidationMode("REJECT_INVALID")
* .clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -> String.format("projects/%s/locations/global/trustConfigs/%s", project.applyValue(getProjectResult -> getProjectResult.number()),name)))
* .build())
* .labels(Map.of("foo", "bar"))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:networksecurity:ServerTlsPolicy
* properties:
* name: my-server-tls-policy
* description: my description
* location: global
* allowOpen: 'false'
* mtlsPolicy:
* clientValidationMode: REJECT_INVALID
* clientValidationTrustConfig: projects/${project.number}/locations/global/trustConfigs/${defaultTrustConfig.name}
* labels:
* foo: bar
* defaultTrustConfig:
* type: gcp:certificatemanager:TrustConfig
* name: default
* properties:
* name: my-trust-config
* description: sample trust config description
* location: global
* trustStores:
* - trustAnchors:
* - pemCertificate:
* fn::invoke:
* Function: std:file
* Arguments:
* input: test-fixtures/ca_cert.pem
* Return: result
* intermediateCas:
* - pemCertificate:
* fn::invoke:
* Function: std:file
* Arguments:
* input: test-fixtures/ca_cert.pem
* Return: result
* labels:
* foo: bar
* variables:
* project:
* fn::invoke:
* Function: gcp:organizations:getProject
* Arguments: {}
* ```
*
* ## Import
* ServerTlsPolicy can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`
* * `{{project}}/{{location}}/{{name}}`
* * `{{location}}/{{name}}`
* When using the `pulumi import` command, ServerTlsPolicy can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}
* ```
* ```sh
* $ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{project}}/{{location}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{location}}/{{name}}
* ```
*/
public class ServerTlsPolicy internal constructor(
override val javaResource: com.pulumi.gcp.networksecurity.ServerTlsPolicy,
) : KotlinCustomResource(javaResource, ServerTlsPolicyMapper) {
/**
* This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies.
* Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.
* Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
*/
public val allowOpen: Output?
get() = javaResource.allowOpen().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Time the ServerTlsPolicy was created in UTC.
*/
public val createTime: Output
get() = javaResource.createTime().applyValue({ args0 -> args0 })
/**
* A free-text description of the resource. Max length 1024 characters.
*/
public val description: Output?
get() = javaResource.description().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
public val effectiveLabels: Output>
get() = javaResource.effectiveLabels().applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
})
/**
* Set of label tags associated with the ServerTlsPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effective_labels` for all of the labels present on the resource.
*/
public val labels: Output>?
get() = javaResource.labels().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}).orElse(null)
})
/**
* The location of the server tls policy.
* The default value is `global`.
*/
public val location: Output?
get() = javaResource.location().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director.
* Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections.
* Structure is documented below.
*/
public val mtlsPolicy: Output?
get() = javaResource.mtlsPolicy().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
serverTlsPolicyMtlsPolicyToKotlin(args0)
})
}).orElse(null)
})
/**
* Name of the ServerTlsPolicy resource.
* - - -
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
public val project: Output
get() = javaResource.project().applyValue({ args0 -> args0 })
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
public val pulumiLabels: Output>
get() = javaResource.pulumiLabels().applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
})
/**
* Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
* Structure is documented below.
*/
public val serverCertificate: Output?
get() = javaResource.serverCertificate().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> serverTlsPolicyServerCertificateToKotlin(args0) })
}).orElse(null)
})
/**
* Time the ServerTlsPolicy was updated in UTC.
*/
public val updateTime: Output
get() = javaResource.updateTime().applyValue({ args0 -> args0 })
}
public object ServerTlsPolicyMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.networksecurity.ServerTlsPolicy::class == javaResource::class
override fun map(javaResource: Resource): ServerTlsPolicy = ServerTlsPolicy(
javaResource as
com.pulumi.gcp.networksecurity.ServerTlsPolicy,
)
}
/**
* @see [ServerTlsPolicy].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [ServerTlsPolicy].
*/
public suspend fun serverTlsPolicy(
name: String,
block: suspend ServerTlsPolicyResourceBuilder.() -> Unit,
): ServerTlsPolicy {
val builder = ServerTlsPolicyResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [ServerTlsPolicy].
* @param name The _unique_ name of the resulting resource.
*/
public fun serverTlsPolicy(name: String): ServerTlsPolicy {
val builder = ServerTlsPolicyResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy