com.pulumi.gcp.securesourcemanager.kotlin.InstanceArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.securesourcemanager.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.securesourcemanager.InstanceArgs.builder
import com.pulumi.gcp.securesourcemanager.kotlin.inputs.InstancePrivateConfigArgs
import com.pulumi.gcp.securesourcemanager.kotlin.inputs.InstancePrivateConfigArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Instances are deployed to an available Google Cloud region and are accessible via their web interface.
* To get more information about Instance, see:
* * [API documentation](https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.instances)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/secure-source-manager/docs/create-instance)
* ## Example Usage
* ### Secure Source Manager Instance Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.securesourcemanager.Instance("default", {
* location: "us-central1",
* instanceId: "my-instance",
* labels: {
* foo: "bar",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.securesourcemanager.Instance("default",
* location="us-central1",
* instance_id="my-instance",
* labels={
* "foo": "bar",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.SecureSourceManager.Instance("default", new()
* {
* Location = "us-central1",
* InstanceId = "my-instance",
* Labels =
* {
* { "foo", "bar" },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securesourcemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := securesourcemanager.NewInstance(ctx, "default", &securesourcemanager.InstanceArgs{
* Location: pulumi.String("us-central1"),
* InstanceId: pulumi.String("my-instance"),
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.securesourcemanager.Instance;
* import com.pulumi.gcp.securesourcemanager.InstanceArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new Instance("default", InstanceArgs.builder()
* .location("us-central1")
* .instanceId("my-instance")
* .labels(Map.of("foo", "bar"))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:securesourcemanager:Instance
* properties:
* location: us-central1
* instanceId: my-instance
* labels:
* foo: bar
* ```
*
* ### Secure Source Manager Instance Cmek
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const keyRing = new gcp.kms.KeyRing("key_ring", {
* name: "my-keyring",
* location: "us-central1",
* });
* const cryptoKey = new gcp.kms.CryptoKey("crypto_key", {
* name: "my-key",
* keyRing: keyRing.id,
* });
* const project = gcp.organizations.getProject({});
* const cryptoKeyBinding = new gcp.kms.CryptoKeyIAMMember("crypto_key_binding", {
* cryptoKeyId: cryptoKey.id,
* role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
* member: project.then(project => `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`),
* });
* const _default = new gcp.securesourcemanager.Instance("default", {
* location: "us-central1",
* instanceId: "my-instance",
* kmsKey: cryptoKey.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* key_ring = gcp.kms.KeyRing("key_ring",
* name="my-keyring",
* location="us-central1")
* crypto_key = gcp.kms.CryptoKey("crypto_key",
* name="my-key",
* key_ring=key_ring.id)
* project = gcp.organizations.get_project()
* crypto_key_binding = gcp.kms.CryptoKeyIAMMember("crypto_key_binding",
* crypto_key_id=crypto_key.id,
* role="roles/cloudkms.cryptoKeyEncrypterDecrypter",
* member=f"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com")
* default = gcp.securesourcemanager.Instance("default",
* location="us-central1",
* instance_id="my-instance",
* kms_key=crypto_key.id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var keyRing = new Gcp.Kms.KeyRing("key_ring", new()
* {
* Name = "my-keyring",
* Location = "us-central1",
* });
* var cryptoKey = new Gcp.Kms.CryptoKey("crypto_key", new()
* {
* Name = "my-key",
* KeyRing = keyRing.Id,
* });
* var project = Gcp.Organizations.GetProject.Invoke();
* var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMMember("crypto_key_binding", new()
* {
* CryptoKeyId = cryptoKey.Id,
* Role = "roles/cloudkms.cryptoKeyEncrypterDecrypter",
* Member = $"serviceAccount:service-{project.Apply(getProjectResult => getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com",
* });
* var @default = new Gcp.SecureSourceManager.Instance("default", new()
* {
* Location = "us-central1",
* InstanceId = "my-instance",
* KmsKey = cryptoKey.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securesourcemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* keyRing, err := kms.NewKeyRing(ctx, "key_ring", &kms.KeyRingArgs{
* Name: pulumi.String("my-keyring"),
* Location: pulumi.String("us-central1"),
* })
* if err != nil {
* return err
* }
* cryptoKey, err := kms.NewCryptoKey(ctx, "crypto_key", &kms.CryptoKeyArgs{
* Name: pulumi.String("my-key"),
* KeyRing: keyRing.ID(),
* })
* if err != nil {
* return err
* }
* project, err := organizations.LookupProject(ctx, nil, nil)
* if err != nil {
* return err
* }
* _, err = kms.NewCryptoKeyIAMMember(ctx, "crypto_key_binding", &kms.CryptoKeyIAMMemberArgs{
* CryptoKeyId: cryptoKey.ID(),
* Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypterDecrypter"),
* Member: pulumi.String(fmt.Sprintf("serviceAccount:service-%[email protected]", project.Number)),
* })
* if err != nil {
* return err
* }
* _, err = securesourcemanager.NewInstance(ctx, "default", &securesourcemanager.InstanceArgs{
* Location: pulumi.String("us-central1"),
* InstanceId: pulumi.String("my-instance"),
* KmsKey: cryptoKey.ID(),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KeyRing;
* import com.pulumi.gcp.kms.KeyRingArgs;
* import com.pulumi.gcp.kms.CryptoKey;
* import com.pulumi.gcp.kms.CryptoKeyArgs;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
* import com.pulumi.gcp.kms.CryptoKeyIAMMember;
* import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
* import com.pulumi.gcp.securesourcemanager.Instance;
* import com.pulumi.gcp.securesourcemanager.InstanceArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var keyRing = new KeyRing("keyRing", KeyRingArgs.builder()
* .name("my-keyring")
* .location("us-central1")
* .build());
* var cryptoKey = new CryptoKey("cryptoKey", CryptoKeyArgs.builder()
* .name("my-key")
* .keyRing(keyRing.id())
* .build());
* final var project = OrganizationsFunctions.getProject();
* var cryptoKeyBinding = new CryptoKeyIAMMember("cryptoKeyBinding", CryptoKeyIAMMemberArgs.builder()
* .cryptoKeyId(cryptoKey.id())
* .role("roles/cloudkms.cryptoKeyEncrypterDecrypter")
* .member(String.format("serviceAccount:service-%[email protected]", project.applyValue(getProjectResult -> getProjectResult.number())))
* .build());
* var default_ = new Instance("default", InstanceArgs.builder()
* .location("us-central1")
* .instanceId("my-instance")
* .kmsKey(cryptoKey.id())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* keyRing:
* type: gcp:kms:KeyRing
* name: key_ring
* properties:
* name: my-keyring
* location: us-central1
* cryptoKey:
* type: gcp:kms:CryptoKey
* name: crypto_key
* properties:
* name: my-key
* keyRing: ${keyRing.id}
* cryptoKeyBinding:
* type: gcp:kms:CryptoKeyIAMMember
* name: crypto_key_binding
* properties:
* cryptoKeyId: ${cryptoKey.id}
* role: roles/cloudkms.cryptoKeyEncrypterDecrypter
* member: serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com
* default:
* type: gcp:securesourcemanager:Instance
* properties:
* location: us-central1
* instanceId: my-instance
* kmsKey: ${cryptoKey.id}
* variables:
* project:
* fn::invoke:
* Function: gcp:organizations:getProject
* Arguments: {}
* ```
*
* ### Secure Source Manager Instance Private
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as time from "@pulumi/time";
* const caPool = new gcp.certificateauthority.CaPool("ca_pool", {
* name: "ca-pool",
* location: "us-central1",
* tier: "ENTERPRISE",
* publishingOptions: {
* publishCaCert: true,
* publishCrl: true,
* },
* });
* const rootCa = new gcp.certificateauthority.Authority("root_ca", {
* pool: caPool.name,
* certificateAuthorityId: "root-ca",
* location: "us-central1",
* config: {
* subjectConfig: {
* subject: {
* organization: "google",
* commonName: "my-certificate-authority",
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* ignoreActiveCertificatesOnDeletion: true,
* skipGracePeriod: true,
* });
* const project = gcp.organizations.getProject({});
* const caPoolBinding = new gcp.certificateauthority.CaPoolIamBinding("ca_pool_binding", {
* caPool: caPool.id,
* role: "roles/privateca.certificateRequester",
* members: [project.then(project => `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`)],
* });
* const _default = new gcp.securesourcemanager.Instance("default", {
* instanceId: "my-instance",
* location: "us-central1",
* privateConfig: {
* isPrivate: true,
* caPool: caPool.id,
* },
* });
* // ca pool IAM permissions can take time to propagate
* const wait60Seconds = new time.index.Sleep("wait_60_seconds", {createDuration: "60s"});
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_time as time
* ca_pool = gcp.certificateauthority.CaPool("ca_pool",
* name="ca-pool",
* location="us-central1",
* tier="ENTERPRISE",
* publishing_options=gcp.certificateauthority.CaPoolPublishingOptionsArgs(
* publish_ca_cert=True,
* publish_crl=True,
* ))
* root_ca = gcp.certificateauthority.Authority("root_ca",
* pool=ca_pool.name,
* certificate_authority_id="root-ca",
* location="us-central1",
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="google",
* common_name="my-certificate-authority",
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* ),
* ),
* ),
* ),
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* deletion_protection=False,
* ignore_active_certificates_on_deletion=True,
* skip_grace_period=True)
* project = gcp.organizations.get_project()
* ca_pool_binding = gcp.certificateauthority.CaPoolIamBinding("ca_pool_binding",
* ca_pool=ca_pool.id,
* role="roles/privateca.certificateRequester",
* members=[f"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"])
* default = gcp.securesourcemanager.Instance("default",
* instance_id="my-instance",
* location="us-central1",
* private_config=gcp.securesourcemanager.InstancePrivateConfigArgs(
* is_private=True,
* ca_pool=ca_pool.id,
* ))
* # ca pool IAM permissions can take time to propagate
* wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Time = Pulumi.Time;
* return await Deployment.RunAsync(() =>
* {
* var caPool = new Gcp.CertificateAuthority.CaPool("ca_pool", new()
* {
* Name = "ca-pool",
* Location = "us-central1",
* Tier = "ENTERPRISE",
* PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs
* {
* PublishCaCert = true,
* PublishCrl = true,
* },
* });
* var rootCa = new Gcp.CertificateAuthority.Authority("root_ca", new()
* {
* Pool = caPool.Name,
* CertificateAuthorityId = "root-ca",
* Location = "us-central1",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "google",
* CommonName = "my-certificate-authority",
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* },
* },
* },
* },
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* IgnoreActiveCertificatesOnDeletion = true,
* SkipGracePeriod = true,
* });
* var project = Gcp.Organizations.GetProject.Invoke();
* var caPoolBinding = new Gcp.CertificateAuthority.CaPoolIamBinding("ca_pool_binding", new()
* {
* CaPool = caPool.Id,
* Role = "roles/privateca.certificateRequester",
* Members = new[]
* {
* $"serviceAccount:service-{project.Apply(getProjectResult => getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com",
* },
* });
* var @default = new Gcp.SecureSourceManager.Instance("default", new()
* {
* InstanceId = "my-instance",
* Location = "us-central1",
* PrivateConfig = new Gcp.SecureSourceManager.Inputs.InstancePrivateConfigArgs
* {
* IsPrivate = true,
* CaPool = caPool.Id,
* },
* });
* // ca pool IAM permissions can take time to propagate
* var wait60Seconds = new Time.Index.Sleep("wait_60_seconds", new()
* {
* CreateDuration = "60s",
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securesourcemanager"
* "github.com/pulumi/pulumi-time/sdk/go/time"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* caPool, err := certificateauthority.NewCaPool(ctx, "ca_pool", &certificateauthority.CaPoolArgs{
* Name: pulumi.String("ca-pool"),
* Location: pulumi.String("us-central1"),
* Tier: pulumi.String("ENTERPRISE"),
* PublishingOptions: &certificateauthority.CaPoolPublishingOptionsArgs{
* PublishCaCert: pulumi.Bool(true),
* PublishCrl: pulumi.Bool(true),
* },
* })
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewAuthority(ctx, "root_ca", &certificateauthority.AuthorityArgs{
* Pool: caPool.Name,
* CertificateAuthorityId: pulumi.String("root-ca"),
* Location: pulumi.String("us-central1"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("google"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* },
* },
* },
* },
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* SkipGracePeriod: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* project, err := organizations.LookupProject(ctx, nil, nil)
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewCaPoolIamBinding(ctx, "ca_pool_binding", &certificateauthority.CaPoolIamBindingArgs{
* CaPool: caPool.ID(),
* Role: pulumi.String("roles/privateca.certificateRequester"),
* Members: pulumi.StringArray{
* pulumi.String(fmt.Sprintf("serviceAccount:service-%[email protected]", project.Number)),
* },
* })
* if err != nil {
* return err
* }
* _, err = securesourcemanager.NewInstance(ctx, "default", &securesourcemanager.InstanceArgs{
* InstanceId: pulumi.String("my-instance"),
* Location: pulumi.String("us-central1"),
* PrivateConfig: &securesourcemanager.InstancePrivateConfigArgs{
* IsPrivate: pulumi.Bool(true),
* CaPool: caPool.ID(),
* },
* })
* if err != nil {
* return err
* }
* // ca pool IAM permissions can take time to propagate
* _, err = time.NewSleep(ctx, "wait_60_seconds", &time.SleepArgs{
* CreateDuration: "60s",
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
* import com.pulumi.gcp.certificateauthority.CaPoolIamBinding;
* import com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;
* import com.pulumi.gcp.securesourcemanager.Instance;
* import com.pulumi.gcp.securesourcemanager.InstanceArgs;
* import com.pulumi.gcp.securesourcemanager.inputs.InstancePrivateConfigArgs;
* import com.pulumi.time.sleep;
* import com.pulumi.time.SleepArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var caPool = new CaPool("caPool", CaPoolArgs.builder()
* .name("ca-pool")
* .location("us-central1")
* .tier("ENTERPRISE")
* .publishingOptions(CaPoolPublishingOptionsArgs.builder()
* .publishCaCert(true)
* .publishCrl(true)
* .build())
* .build());
* var rootCa = new Authority("rootCa", AuthorityArgs.builder()
* .pool(caPool.name())
* .certificateAuthorityId("root-ca")
* .location("us-central1")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("google")
* .commonName("my-certificate-authority")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .build())
* .build())
* .build())
* .build())
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .ignoreActiveCertificatesOnDeletion(true)
* .skipGracePeriod(true)
* .build());
* final var project = OrganizationsFunctions.getProject();
* var caPoolBinding = new CaPoolIamBinding("caPoolBinding", CaPoolIamBindingArgs.builder()
* .caPool(caPool.id())
* .role("roles/privateca.certificateRequester")
* .members(String.format("serviceAccount:service-%[email protected]", project.applyValue(getProjectResult -> getProjectResult.number())))
* .build());
* var default_ = new Instance("default", InstanceArgs.builder()
* .instanceId("my-instance")
* .location("us-central1")
* .privateConfig(InstancePrivateConfigArgs.builder()
* .isPrivate(true)
* .caPool(caPool.id())
* .build())
* .build());
* // ca pool IAM permissions can take time to propagate
* var wait60Seconds = new Sleep("wait60Seconds", SleepArgs.builder()
* .createDuration("60s")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* caPool:
* type: gcp:certificateauthority:CaPool
* name: ca_pool
* properties:
* name: ca-pool
* location: us-central1
* tier: ENTERPRISE
* publishingOptions:
* publishCaCert: true
* publishCrl: true
* rootCa:
* type: gcp:certificateauthority:Authority
* name: root_ca
* properties:
* pool: ${caPool.name}
* certificateAuthorityId: root-ca
* location: us-central1
* config:
* subjectConfig:
* subject:
* organization: google
* commonName: my-certificate-authority
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: true
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* ignoreActiveCertificatesOnDeletion: true
* skipGracePeriod: true
* caPoolBinding:
* type: gcp:certificateauthority:CaPoolIamBinding
* name: ca_pool_binding
* properties:
* caPool: ${caPool.id}
* role: roles/privateca.certificateRequester
* members:
* - serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com
* default:
* type: gcp:securesourcemanager:Instance
* properties:
* instanceId: my-instance
* location: us-central1
* privateConfig:
* isPrivate: true
* caPool: ${caPool.id}
* # ca pool IAM permissions can take time to propagate
* wait60Seconds:
* type: time:sleep
* name: wait_60_seconds
* properties:
* createDuration: 60s
* variables:
* project:
* fn::invoke:
* Function: gcp:organizations:getProject
* Arguments: {}
* ```
*
* ## Import
* Instance can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/instances/{{instance_id}}`
* * `{{project}}/{{location}}/{{instance_id}}`
* * `{{location}}/{{instance_id}}`
* * `{{instance_id}}`
* When using the `pulumi import` command, Instance can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:securesourcemanager/instance:Instance default projects/{{project}}/locations/{{location}}/instances/{{instance_id}}
* ```
* ```sh
* $ pulumi import gcp:securesourcemanager/instance:Instance default {{project}}/{{location}}/{{instance_id}}
* ```
* ```sh
* $ pulumi import gcp:securesourcemanager/instance:Instance default {{location}}/{{instance_id}}
* ```
* ```sh
* $ pulumi import gcp:securesourcemanager/instance:Instance default {{instance_id}}
* ```
* @property instanceId The name for the Instance.
* - - -
* @property kmsKey Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
* @property labels Labels as key value pairs.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effective_labels` for all of the labels present on the resource.
* @property location The location for the Instance.
* @property privateConfig Private settings for private instance.
* Structure is documented below.
* @property project The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
* */*/*/*/
*/
public data class InstanceArgs(
public val instanceId: Output? = null,
public val kmsKey: Output? = null,
public val labels: Output
© 2015 - 2024 Weber Informatics LLC | Privacy Policy