All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.securesourcemanager.kotlin.InstanceArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.securesourcemanager.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.securesourcemanager.InstanceArgs.builder
import com.pulumi.gcp.securesourcemanager.kotlin.inputs.InstancePrivateConfigArgs
import com.pulumi.gcp.securesourcemanager.kotlin.inputs.InstancePrivateConfigArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName

/**
 * Instances are deployed to an available Google Cloud region and are accessible via their web interface.
 * To get more information about Instance, see:
 * * [API documentation](https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.instances)
 * * How-to Guides
 *     * [Official Documentation](https://cloud.google.com/secure-source-manager/docs/create-instance)
 * ## Example Usage
 * ### Secure Source Manager Instance Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const _default = new gcp.securesourcemanager.Instance("default", {
 *     location: "us-central1",
 *     instanceId: "my-instance",
 *     labels: {
 *         foo: "bar",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * default = gcp.securesourcemanager.Instance("default",
 *     location="us-central1",
 *     instance_id="my-instance",
 *     labels={
 *         "foo": "bar",
 *     })
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var @default = new Gcp.SecureSourceManager.Instance("default", new()
 *     {
 *         Location = "us-central1",
 *         InstanceId = "my-instance",
 *         Labels =
 *         {
 *             { "foo", "bar" },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securesourcemanager"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := securesourcemanager.NewInstance(ctx, "default", &securesourcemanager.InstanceArgs{
 * 			Location:   pulumi.String("us-central1"),
 * 			InstanceId: pulumi.String("my-instance"),
 * 			Labels: pulumi.StringMap{
 * 				"foo": pulumi.String("bar"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.securesourcemanager.Instance;
 * import com.pulumi.gcp.securesourcemanager.InstanceArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var default_ = new Instance("default", InstanceArgs.builder()
 *             .location("us-central1")
 *             .instanceId("my-instance")
 *             .labels(Map.of("foo", "bar"))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   default:
 *     type: gcp:securesourcemanager:Instance
 *     properties:
 *       location: us-central1
 *       instanceId: my-instance
 *       labels:
 *         foo: bar
 * ```
 * 
 * ### Secure Source Manager Instance Cmek
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const keyRing = new gcp.kms.KeyRing("key_ring", {
 *     name: "my-keyring",
 *     location: "us-central1",
 * });
 * const cryptoKey = new gcp.kms.CryptoKey("crypto_key", {
 *     name: "my-key",
 *     keyRing: keyRing.id,
 * });
 * const project = gcp.organizations.getProject({});
 * const cryptoKeyBinding = new gcp.kms.CryptoKeyIAMMember("crypto_key_binding", {
 *     cryptoKeyId: cryptoKey.id,
 *     role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
 *     member: project.then(project => `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`),
 * });
 * const _default = new gcp.securesourcemanager.Instance("default", {
 *     location: "us-central1",
 *     instanceId: "my-instance",
 *     kmsKey: cryptoKey.id,
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * key_ring = gcp.kms.KeyRing("key_ring",
 *     name="my-keyring",
 *     location="us-central1")
 * crypto_key = gcp.kms.CryptoKey("crypto_key",
 *     name="my-key",
 *     key_ring=key_ring.id)
 * project = gcp.organizations.get_project()
 * crypto_key_binding = gcp.kms.CryptoKeyIAMMember("crypto_key_binding",
 *     crypto_key_id=crypto_key.id,
 *     role="roles/cloudkms.cryptoKeyEncrypterDecrypter",
 *     member=f"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com")
 * default = gcp.securesourcemanager.Instance("default",
 *     location="us-central1",
 *     instance_id="my-instance",
 *     kms_key=crypto_key.id)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var keyRing = new Gcp.Kms.KeyRing("key_ring", new()
 *     {
 *         Name = "my-keyring",
 *         Location = "us-central1",
 *     });
 *     var cryptoKey = new Gcp.Kms.CryptoKey("crypto_key", new()
 *     {
 *         Name = "my-key",
 *         KeyRing = keyRing.Id,
 *     });
 *     var project = Gcp.Organizations.GetProject.Invoke();
 *     var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMMember("crypto_key_binding", new()
 *     {
 *         CryptoKeyId = cryptoKey.Id,
 *         Role = "roles/cloudkms.cryptoKeyEncrypterDecrypter",
 *         Member = $"serviceAccount:service-{project.Apply(getProjectResult => getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com",
 *     });
 *     var @default = new Gcp.SecureSourceManager.Instance("default", new()
 *     {
 *         Location = "us-central1",
 *         InstanceId = "my-instance",
 *         KmsKey = cryptoKey.Id,
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securesourcemanager"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		keyRing, err := kms.NewKeyRing(ctx, "key_ring", &kms.KeyRingArgs{
 * 			Name:     pulumi.String("my-keyring"),
 * 			Location: pulumi.String("us-central1"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		cryptoKey, err := kms.NewCryptoKey(ctx, "crypto_key", &kms.CryptoKeyArgs{
 * 			Name:    pulumi.String("my-key"),
 * 			KeyRing: keyRing.ID(),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		project, err := organizations.LookupProject(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = kms.NewCryptoKeyIAMMember(ctx, "crypto_key_binding", &kms.CryptoKeyIAMMemberArgs{
 * 			CryptoKeyId: cryptoKey.ID(),
 * 			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypterDecrypter"),
 * 			Member:      pulumi.String(fmt.Sprintf("serviceAccount:service-%[email protected]", project.Number)),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = securesourcemanager.NewInstance(ctx, "default", &securesourcemanager.InstanceArgs{
 * 			Location:   pulumi.String("us-central1"),
 * 			InstanceId: pulumi.String("my-instance"),
 * 			KmsKey:     cryptoKey.ID(),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.kms.KeyRing;
 * import com.pulumi.gcp.kms.KeyRingArgs;
 * import com.pulumi.gcp.kms.CryptoKey;
 * import com.pulumi.gcp.kms.CryptoKeyArgs;
 * import com.pulumi.gcp.organizations.OrganizationsFunctions;
 * import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
 * import com.pulumi.gcp.kms.CryptoKeyIAMMember;
 * import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
 * import com.pulumi.gcp.securesourcemanager.Instance;
 * import com.pulumi.gcp.securesourcemanager.InstanceArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var keyRing = new KeyRing("keyRing", KeyRingArgs.builder()
 *             .name("my-keyring")
 *             .location("us-central1")
 *             .build());
 *         var cryptoKey = new CryptoKey("cryptoKey", CryptoKeyArgs.builder()
 *             .name("my-key")
 *             .keyRing(keyRing.id())
 *             .build());
 *         final var project = OrganizationsFunctions.getProject();
 *         var cryptoKeyBinding = new CryptoKeyIAMMember("cryptoKeyBinding", CryptoKeyIAMMemberArgs.builder()
 *             .cryptoKeyId(cryptoKey.id())
 *             .role("roles/cloudkms.cryptoKeyEncrypterDecrypter")
 *             .member(String.format("serviceAccount:service-%[email protected]", project.applyValue(getProjectResult -> getProjectResult.number())))
 *             .build());
 *         var default_ = new Instance("default", InstanceArgs.builder()
 *             .location("us-central1")
 *             .instanceId("my-instance")
 *             .kmsKey(cryptoKey.id())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   keyRing:
 *     type: gcp:kms:KeyRing
 *     name: key_ring
 *     properties:
 *       name: my-keyring
 *       location: us-central1
 *   cryptoKey:
 *     type: gcp:kms:CryptoKey
 *     name: crypto_key
 *     properties:
 *       name: my-key
 *       keyRing: ${keyRing.id}
 *   cryptoKeyBinding:
 *     type: gcp:kms:CryptoKeyIAMMember
 *     name: crypto_key_binding
 *     properties:
 *       cryptoKeyId: ${cryptoKey.id}
 *       role: roles/cloudkms.cryptoKeyEncrypterDecrypter
 *       member: serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com
 *   default:
 *     type: gcp:securesourcemanager:Instance
 *     properties:
 *       location: us-central1
 *       instanceId: my-instance
 *       kmsKey: ${cryptoKey.id}
 * variables:
 *   project:
 *     fn::invoke:
 *       Function: gcp:organizations:getProject
 *       Arguments: {}
 * ```
 * 
 * ### Secure Source Manager Instance Private
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * import * as time from "@pulumi/time";
 * const caPool = new gcp.certificateauthority.CaPool("ca_pool", {
 *     name: "ca-pool",
 *     location: "us-central1",
 *     tier: "ENTERPRISE",
 *     publishingOptions: {
 *         publishCaCert: true,
 *         publishCrl: true,
 *     },
 * });
 * const rootCa = new gcp.certificateauthority.Authority("root_ca", {
 *     pool: caPool.name,
 *     certificateAuthorityId: "root-ca",
 *     location: "us-central1",
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "google",
 *                 commonName: "my-certificate-authority",
 *             },
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     certSign: true,
 *                     crlSign: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: true,
 *                 },
 *             },
 *         },
 *     },
 *     keySpec: {
 *         algorithm: "RSA_PKCS1_4096_SHA256",
 *     },
 *     deletionProtection: false,
 *     ignoreActiveCertificatesOnDeletion: true,
 *     skipGracePeriod: true,
 * });
 * const project = gcp.organizations.getProject({});
 * const caPoolBinding = new gcp.certificateauthority.CaPoolIamBinding("ca_pool_binding", {
 *     caPool: caPool.id,
 *     role: "roles/privateca.certificateRequester",
 *     members: [project.then(project => `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`)],
 * });
 * const _default = new gcp.securesourcemanager.Instance("default", {
 *     instanceId: "my-instance",
 *     location: "us-central1",
 *     privateConfig: {
 *         isPrivate: true,
 *         caPool: caPool.id,
 *     },
 * });
 * // ca pool IAM permissions can take time to propagate
 * const wait60Seconds = new time.index.Sleep("wait_60_seconds", {createDuration: "60s"});
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * import pulumi_time as time
 * ca_pool = gcp.certificateauthority.CaPool("ca_pool",
 *     name="ca-pool",
 *     location="us-central1",
 *     tier="ENTERPRISE",
 *     publishing_options=gcp.certificateauthority.CaPoolPublishingOptionsArgs(
 *         publish_ca_cert=True,
 *         publish_crl=True,
 *     ))
 * root_ca = gcp.certificateauthority.Authority("root_ca",
 *     pool=ca_pool.name,
 *     certificate_authority_id="root-ca",
 *     location="us-central1",
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="google",
 *                 common_name="my-certificate-authority",
 *             ),
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=True,
 *                 ),
 *             ),
 *         ),
 *     ),
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         algorithm="RSA_PKCS1_4096_SHA256",
 *     ),
 *     deletion_protection=False,
 *     ignore_active_certificates_on_deletion=True,
 *     skip_grace_period=True)
 * project = gcp.organizations.get_project()
 * ca_pool_binding = gcp.certificateauthority.CaPoolIamBinding("ca_pool_binding",
 *     ca_pool=ca_pool.id,
 *     role="roles/privateca.certificateRequester",
 *     members=[f"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"])
 * default = gcp.securesourcemanager.Instance("default",
 *     instance_id="my-instance",
 *     location="us-central1",
 *     private_config=gcp.securesourcemanager.InstancePrivateConfigArgs(
 *         is_private=True,
 *         ca_pool=ca_pool.id,
 *     ))
 * # ca pool IAM permissions can take time to propagate
 * wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * using Time = Pulumi.Time;
 * return await Deployment.RunAsync(() =>
 * {
 *     var caPool = new Gcp.CertificateAuthority.CaPool("ca_pool", new()
 *     {
 *         Name = "ca-pool",
 *         Location = "us-central1",
 *         Tier = "ENTERPRISE",
 *         PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs
 *         {
 *             PublishCaCert = true,
 *             PublishCrl = true,
 *         },
 *     });
 *     var rootCa = new Gcp.CertificateAuthority.Authority("root_ca", new()
 *     {
 *         Pool = caPool.Name,
 *         CertificateAuthorityId = "root-ca",
 *         Location = "us-central1",
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "google",
 *                     CommonName = "my-certificate-authority",
 *                 },
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         CertSign = true,
 *                         CrlSign = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = true,
 *                     },
 *                 },
 *             },
 *         },
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             Algorithm = "RSA_PKCS1_4096_SHA256",
 *         },
 *         DeletionProtection = false,
 *         IgnoreActiveCertificatesOnDeletion = true,
 *         SkipGracePeriod = true,
 *     });
 *     var project = Gcp.Organizations.GetProject.Invoke();
 *     var caPoolBinding = new Gcp.CertificateAuthority.CaPoolIamBinding("ca_pool_binding", new()
 *     {
 *         CaPool = caPool.Id,
 *         Role = "roles/privateca.certificateRequester",
 *         Members = new[]
 *         {
 *             $"serviceAccount:service-{project.Apply(getProjectResult => getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com",
 *         },
 *     });
 *     var @default = new Gcp.SecureSourceManager.Instance("default", new()
 *     {
 *         InstanceId = "my-instance",
 *         Location = "us-central1",
 *         PrivateConfig = new Gcp.SecureSourceManager.Inputs.InstancePrivateConfigArgs
 *         {
 *             IsPrivate = true,
 *             CaPool = caPool.Id,
 *         },
 *     });
 *     // ca pool IAM permissions can take time to propagate
 *     var wait60Seconds = new Time.Index.Sleep("wait_60_seconds", new()
 *     {
 *         CreateDuration = "60s",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securesourcemanager"
 * 	"github.com/pulumi/pulumi-time/sdk/go/time"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		caPool, err := certificateauthority.NewCaPool(ctx, "ca_pool", &certificateauthority.CaPoolArgs{
 * 			Name:     pulumi.String("ca-pool"),
 * 			Location: pulumi.String("us-central1"),
 * 			Tier:     pulumi.String("ENTERPRISE"),
 * 			PublishingOptions: &certificateauthority.CaPoolPublishingOptionsArgs{
 * 				PublishCaCert: pulumi.Bool(true),
 * 				PublishCrl:    pulumi.Bool(true),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = certificateauthority.NewAuthority(ctx, "root_ca", &certificateauthority.AuthorityArgs{
 * 			Pool:                   caPool.Name,
 * 			CertificateAuthorityId: pulumi.String("root-ca"),
 * 			Location:               pulumi.String("us-central1"),
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("google"),
 * 						CommonName:   pulumi.String("my-certificate-authority"),
 * 					},
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa: pulumi.Bool(true),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							CertSign: pulumi.Bool(true),
 * 							CrlSign:  pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth: pulumi.Bool(true),
 * 						},
 * 					},
 * 				},
 * 			},
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
 * 			},
 * 			DeletionProtection:                 pulumi.Bool(false),
 * 			IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
 * 			SkipGracePeriod:                    pulumi.Bool(true),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		project, err := organizations.LookupProject(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = certificateauthority.NewCaPoolIamBinding(ctx, "ca_pool_binding", &certificateauthority.CaPoolIamBindingArgs{
 * 			CaPool: caPool.ID(),
 * 			Role:   pulumi.String("roles/privateca.certificateRequester"),
 * 			Members: pulumi.StringArray{
 * 				pulumi.String(fmt.Sprintf("serviceAccount:service-%[email protected]", project.Number)),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = securesourcemanager.NewInstance(ctx, "default", &securesourcemanager.InstanceArgs{
 * 			InstanceId: pulumi.String("my-instance"),
 * 			Location:   pulumi.String("us-central1"),
 * 			PrivateConfig: &securesourcemanager.InstancePrivateConfigArgs{
 * 				IsPrivate: pulumi.Bool(true),
 * 				CaPool:    caPool.ID(),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		// ca pool IAM permissions can take time to propagate
 * 		_, err = time.NewSleep(ctx, "wait_60_seconds", &time.SleepArgs{
 * 			CreateDuration: "60s",
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.certificateauthority.CaPool;
 * import com.pulumi.gcp.certificateauthority.CaPoolArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;
 * import com.pulumi.gcp.certificateauthority.Authority;
 * import com.pulumi.gcp.certificateauthority.AuthorityArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
 * import com.pulumi.gcp.organizations.OrganizationsFunctions;
 * import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
 * import com.pulumi.gcp.certificateauthority.CaPoolIamBinding;
 * import com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;
 * import com.pulumi.gcp.securesourcemanager.Instance;
 * import com.pulumi.gcp.securesourcemanager.InstanceArgs;
 * import com.pulumi.gcp.securesourcemanager.inputs.InstancePrivateConfigArgs;
 * import com.pulumi.time.sleep;
 * import com.pulumi.time.SleepArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var caPool = new CaPool("caPool", CaPoolArgs.builder()
 *             .name("ca-pool")
 *             .location("us-central1")
 *             .tier("ENTERPRISE")
 *             .publishingOptions(CaPoolPublishingOptionsArgs.builder()
 *                 .publishCaCert(true)
 *                 .publishCrl(true)
 *                 .build())
 *             .build());
 *         var rootCa = new Authority("rootCa", AuthorityArgs.builder()
 *             .pool(caPool.name())
 *             .certificateAuthorityId("root-ca")
 *             .location("us-central1")
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("google")
 *                         .commonName("my-certificate-authority")
 *                         .build())
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(true)
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .build())
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .algorithm("RSA_PKCS1_4096_SHA256")
 *                 .build())
 *             .deletionProtection(false)
 *             .ignoreActiveCertificatesOnDeletion(true)
 *             .skipGracePeriod(true)
 *             .build());
 *         final var project = OrganizationsFunctions.getProject();
 *         var caPoolBinding = new CaPoolIamBinding("caPoolBinding", CaPoolIamBindingArgs.builder()
 *             .caPool(caPool.id())
 *             .role("roles/privateca.certificateRequester")
 *             .members(String.format("serviceAccount:service-%[email protected]", project.applyValue(getProjectResult -> getProjectResult.number())))
 *             .build());
 *         var default_ = new Instance("default", InstanceArgs.builder()
 *             .instanceId("my-instance")
 *             .location("us-central1")
 *             .privateConfig(InstancePrivateConfigArgs.builder()
 *                 .isPrivate(true)
 *                 .caPool(caPool.id())
 *                 .build())
 *             .build());
 *         // ca pool IAM permissions can take time to propagate
 *         var wait60Seconds = new Sleep("wait60Seconds", SleepArgs.builder()
 *             .createDuration("60s")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   caPool:
 *     type: gcp:certificateauthority:CaPool
 *     name: ca_pool
 *     properties:
 *       name: ca-pool
 *       location: us-central1
 *       tier: ENTERPRISE
 *       publishingOptions:
 *         publishCaCert: true
 *         publishCrl: true
 *   rootCa:
 *     type: gcp:certificateauthority:Authority
 *     name: root_ca
 *     properties:
 *       pool: ${caPool.name}
 *       certificateAuthorityId: root-ca
 *       location: us-central1
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: google
 *             commonName: my-certificate-authority
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *           keyUsage:
 *             baseKeyUsage:
 *               certSign: true
 *               crlSign: true
 *             extendedKeyUsage:
 *               serverAuth: true
 *       keySpec:
 *         algorithm: RSA_PKCS1_4096_SHA256
 *       deletionProtection: false
 *       ignoreActiveCertificatesOnDeletion: true
 *       skipGracePeriod: true
 *   caPoolBinding:
 *     type: gcp:certificateauthority:CaPoolIamBinding
 *     name: ca_pool_binding
 *     properties:
 *       caPool: ${caPool.id}
 *       role: roles/privateca.certificateRequester
 *       members:
 *         - serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com
 *   default:
 *     type: gcp:securesourcemanager:Instance
 *     properties:
 *       instanceId: my-instance
 *       location: us-central1
 *       privateConfig:
 *         isPrivate: true
 *         caPool: ${caPool.id}
 *   # ca pool IAM permissions can take time to propagate
 *   wait60Seconds:
 *     type: time:sleep
 *     name: wait_60_seconds
 *     properties:
 *       createDuration: 60s
 * variables:
 *   project:
 *     fn::invoke:
 *       Function: gcp:organizations:getProject
 *       Arguments: {}
 * ```
 * 
 * ## Import
 * Instance can be imported using any of these accepted formats:
 * * `projects/{{project}}/locations/{{location}}/instances/{{instance_id}}`
 * * `{{project}}/{{location}}/{{instance_id}}`
 * * `{{location}}/{{instance_id}}`
 * * `{{instance_id}}`
 * When using the `pulumi import` command, Instance can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:securesourcemanager/instance:Instance default projects/{{project}}/locations/{{location}}/instances/{{instance_id}}
 * ```
 * ```sh
 * $ pulumi import gcp:securesourcemanager/instance:Instance default {{project}}/{{location}}/{{instance_id}}
 * ```
 * ```sh
 * $ pulumi import gcp:securesourcemanager/instance:Instance default {{location}}/{{instance_id}}
 * ```
 * ```sh
 * $ pulumi import gcp:securesourcemanager/instance:Instance default {{instance_id}}
 * ```
 * @property instanceId The name for the Instance.
 * - - -
 * @property kmsKey Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
 * @property labels Labels as key value pairs.
 * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
 * Please refer to the field `effective_labels` for all of the labels present on the resource.
 * @property location The location for the Instance.
 * @property privateConfig Private settings for private instance.
 * Structure is documented below.
 * @property project The ID of the project in which the resource belongs.
 * If it is not provided, the provider project is used.
 * */*/*/*/
 */
public data class InstanceArgs(
    public val instanceId: Output? = null,
    public val kmsKey: Output? = null,
    public val labels: Output>? = null,
    public val location: Output? = null,
    public val privateConfig: Output? = null,
    public val project: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.securesourcemanager.InstanceArgs =
        com.pulumi.gcp.securesourcemanager.InstanceArgs.builder()
            .instanceId(instanceId?.applyValue({ args0 -> args0 }))
            .kmsKey(kmsKey?.applyValue({ args0 -> args0 }))
            .labels(labels?.applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }))
            .location(location?.applyValue({ args0 -> args0 }))
            .privateConfig(privateConfig?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .project(project?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [InstanceArgs].
 */
@PulumiTagMarker
public class InstanceArgsBuilder internal constructor() {
    private var instanceId: Output? = null

    private var kmsKey: Output? = null

    private var labels: Output>? = null

    private var location: Output? = null

    private var privateConfig: Output? = null

    private var project: Output? = null

    /**
     * @param value The name for the Instance.
     * - - -
     */
    @JvmName("rgtsurxafefdgiam")
    public suspend fun instanceId(`value`: Output) {
        this.instanceId = value
    }

    /**
     * @param value Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
     * */*/*/*/
     */
    @JvmName("wgxpkbatidoxqbhd")
    public suspend fun kmsKey(`value`: Output) {
        this.kmsKey = value
    }

    /**
     * @param value Labels as key value pairs.
     * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
     * Please refer to the field `effective_labels` for all of the labels present on the resource.
     */
    @JvmName("kedtsakycusjknpq")
    public suspend fun labels(`value`: Output>) {
        this.labels = value
    }

    /**
     * @param value The location for the Instance.
     */
    @JvmName("smktogjrarvbvaae")
    public suspend fun location(`value`: Output) {
        this.location = value
    }

    /**
     * @param value Private settings for private instance.
     * Structure is documented below.
     */
    @JvmName("mohtqtkskruskask")
    public suspend fun privateConfig(`value`: Output) {
        this.privateConfig = value
    }

    /**
     * @param value The ID of the project in which the resource belongs.
     * If it is not provided, the provider project is used.
     */
    @JvmName("jecmvruuihcpgpbh")
    public suspend fun project(`value`: Output) {
        this.project = value
    }

    /**
     * @param value The name for the Instance.
     * - - -
     */
    @JvmName("lritlxjqeikxtprj")
    public suspend fun instanceId(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.instanceId = mapped
    }

    /**
     * @param value Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
     * */*/*/*/
     */
    @JvmName("lpnbakuihoiqvubb")
    public suspend fun kmsKey(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.kmsKey = mapped
    }

    /**
     * @param value Labels as key value pairs.
     * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
     * Please refer to the field `effective_labels` for all of the labels present on the resource.
     */
    @JvmName("wxhjjkekradrowyx")
    public suspend fun labels(`value`: Map?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.labels = mapped
    }

    /**
     * @param values Labels as key value pairs.
     * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
     * Please refer to the field `effective_labels` for all of the labels present on the resource.
     */
    @JvmName("ggfvaiygqfjiktoq")
    public fun labels(vararg values: Pair) {
        val toBeMapped = values.toMap()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.labels = mapped
    }

    /**
     * @param value The location for the Instance.
     */
    @JvmName("mpyameehqjnoxiud")
    public suspend fun location(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.location = mapped
    }

    /**
     * @param value Private settings for private instance.
     * Structure is documented below.
     */
    @JvmName("rchqxfehsyiouboc")
    public suspend fun privateConfig(`value`: InstancePrivateConfigArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.privateConfig = mapped
    }

    /**
     * @param argument Private settings for private instance.
     * Structure is documented below.
     */
    @JvmName("fyxenbwrcscspcbh")
    public suspend fun privateConfig(argument: suspend InstancePrivateConfigArgsBuilder.() -> Unit) {
        val toBeMapped = InstancePrivateConfigArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.privateConfig = mapped
    }

    /**
     * @param value The ID of the project in which the resource belongs.
     * If it is not provided, the provider project is used.
     */
    @JvmName("ebjcxktasbuphfrx")
    public suspend fun project(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.project = mapped
    }

    internal fun build(): InstanceArgs = InstanceArgs(
        instanceId = instanceId,
        kmsKey = kmsKey,
        labels = labels,
        location = location,
        privateConfig = privateConfig,
        project = project,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy