Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.pulumi.gcp.certificateauthority.kotlin.CaPool.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.certificateauthority.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.certificateauthority.kotlin.outputs.CaPoolIssuancePolicy
import com.pulumi.gcp.certificateauthority.kotlin.outputs.CaPoolPublishingOptions
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import com.pulumi.gcp.certificateauthority.kotlin.outputs.CaPoolIssuancePolicy.Companion.toKotlin as caPoolIssuancePolicyToKotlin
import com.pulumi.gcp.certificateauthority.kotlin.outputs.CaPoolPublishingOptions.Companion.toKotlin as caPoolPublishingOptionsToKotlin
/**
* Builder for [CaPool].
*/
@PulumiTagMarker
public class CaPoolResourceBuilder internal constructor() {
public var name: String? = null
public var args: CaPoolArgs = CaPoolArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend CaPoolArgsBuilder.() -> Unit) {
val builder = CaPoolArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): CaPool {
val builtJavaResource = com.pulumi.gcp.certificateauthority.CaPool(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return CaPool(builtJavaResource)
}
}
/**
* A CaPool represents a group of CertificateAuthorities that form a trust anchor. A CaPool can be used to manage
* issuance policies for one or more CertificateAuthority resources and to rotate CA certificates in and out of the
* trust anchor.
* ## Example Usage
* ### Privateca Capool Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.certificateauthority.CaPool("default", {
* name: "my-pool",
* location: "us-central1",
* tier: "ENTERPRISE",
* publishingOptions: {
* publishCaCert: true,
* publishCrl: true,
* },
* labels: {
* foo: "bar",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.certificateauthority.CaPool("default",
* name="my-pool",
* location="us-central1",
* tier="ENTERPRISE",
* publishing_options={
* "publish_ca_cert": True,
* "publish_crl": True,
* },
* labels={
* "foo": "bar",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.CaPool("default", new()
* {
* Name = "my-pool",
* Location = "us-central1",
* Tier = "ENTERPRISE",
* PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs
* {
* PublishCaCert = true,
* PublishCrl = true,
* },
* Labels =
* {
* { "foo", "bar" },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewCaPool(ctx, "default", &certificateauthority.CaPoolArgs{
* Name: pulumi.String("my-pool"),
* Location: pulumi.String("us-central1"),
* Tier: pulumi.String("ENTERPRISE"),
* PublishingOptions: &certificateauthority.CaPoolPublishingOptionsArgs{
* PublishCaCert: pulumi.Bool(true),
* PublishCrl: pulumi.Bool(true),
* },
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new CaPool("default", CaPoolArgs.builder()
* .name("my-pool")
* .location("us-central1")
* .tier("ENTERPRISE")
* .publishingOptions(CaPoolPublishingOptionsArgs.builder()
* .publishCaCert(true)
* .publishCrl(true)
* .build())
* .labels(Map.of("foo", "bar"))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:CaPool
* properties:
* name: my-pool
* location: us-central1
* tier: ENTERPRISE
* publishingOptions:
* publishCaCert: true
* publishCrl: true
* labels:
* foo: bar
* ```
*
* ### Privateca Capool All Fields
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.certificateauthority.CaPool("default", {
* name: "my-pool",
* location: "us-central1",
* tier: "ENTERPRISE",
* publishingOptions: {
* publishCaCert: false,
* publishCrl: true,
* encodingFormat: "PEM",
* },
* labels: {
* foo: "bar",
* },
* issuancePolicy: {
* allowedKeyTypes: [
* {
* ellipticCurve: {
* signatureAlgorithm: "ECDSA_P256",
* },
* },
* {
* rsa: {
* minModulusSize: "5",
* maxModulusSize: "10",
* },
* },
* ],
* maximumLifetime: "50000s",
* allowedIssuanceModes: {
* allowCsrBasedIssuance: true,
* allowConfigBasedIssuance: true,
* },
* identityConstraints: {
* allowSubjectPassthrough: true,
* allowSubjectAltNamesPassthrough: true,
* celExpression: {
* expression: "subject_alt_names.all(san, san.type == DNS || san.type == EMAIL )",
* title: "My title",
* },
* },
* baselineValues: {
* aiaOcspServers: ["example.com"],
* additionalExtensions: [{
* critical: true,
* value: "asdf",
* objectId: {
* objectIdPaths: [
* 1,
* 7,
* ],
* },
* }],
* policyIds: [
* {
* objectIdPaths: [
* 1,
* 5,
* ],
* },
* {
* objectIdPaths: [
* 1,
* 5,
* 7,
* ],
* },
* ],
* caOptions: {
* isCa: true,
* maxIssuerPathLength: 10,
* },
* keyUsage: {
* baseKeyUsage: {
* digitalSignature: true,
* contentCommitment: true,
* keyEncipherment: false,
* dataEncipherment: true,
* keyAgreement: true,
* certSign: false,
* crlSign: true,
* decipherOnly: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* clientAuth: false,
* emailProtection: true,
* codeSigning: true,
* timeStamping: true,
* },
* },
* nameConstraints: {
* critical: true,
* permittedDnsNames: [
* "*.example1.com",
* "*.example2.com",
* ],
* excludedDnsNames: [
* "*.deny.example1.com",
* "*.deny.example2.com",
* ],
* permittedIpRanges: [
* "10.0.0.0/8",
* "11.0.0.0/8",
* ],
* excludedIpRanges: [
* "10.1.1.0/24",
* "11.1.1.0/24",
* ],
* permittedEmailAddresses: [
* ".example1.com",
* ".example2.com",
* ],
* excludedEmailAddresses: [
* ".deny.example1.com",
* ".deny.example2.com",
* ],
* permittedUris: [
* ".example1.com",
* ".example2.com",
* ],
* excludedUris: [
* ".deny.example1.com",
* ".deny.example2.com",
* ],
* },
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.certificateauthority.CaPool("default",
* name="my-pool",
* location="us-central1",
* tier="ENTERPRISE",
* publishing_options={
* "publish_ca_cert": False,
* "publish_crl": True,
* "encoding_format": "PEM",
* },
* labels={
* "foo": "bar",
* },
* issuance_policy={
* "allowed_key_types": [
* {
* "elliptic_curve": {
* "signature_algorithm": "ECDSA_P256",
* },
* },
* {
* "rsa": {
* "min_modulus_size": "5",
* "max_modulus_size": "10",
* },
* },
* ],
* "maximum_lifetime": "50000s",
* "allowed_issuance_modes": {
* "allow_csr_based_issuance": True,
* "allow_config_based_issuance": True,
* },
* "identity_constraints": {
* "allow_subject_passthrough": True,
* "allow_subject_alt_names_passthrough": True,
* "cel_expression": {
* "expression": "subject_alt_names.all(san, san.type == DNS || san.type == EMAIL )",
* "title": "My title",
* },
* },
* "baseline_values": {
* "aia_ocsp_servers": ["example.com"],
* "additional_extensions": [{
* "critical": True,
* "value": "asdf",
* "object_id": {
* "object_id_paths": [
* 1,
* 7,
* ],
* },
* }],
* "policy_ids": [
* {
* "object_id_paths": [
* 1,
* 5,
* ],
* },
* {
* "object_id_paths": [
* 1,
* 5,
* 7,
* ],
* },
* ],
* "ca_options": {
* "is_ca": True,
* "max_issuer_path_length": 10,
* },
* "key_usage": {
* "base_key_usage": {
* "digital_signature": True,
* "content_commitment": True,
* "key_encipherment": False,
* "data_encipherment": True,
* "key_agreement": True,
* "cert_sign": False,
* "crl_sign": True,
* "decipher_only": True,
* },
* "extended_key_usage": {
* "server_auth": True,
* "client_auth": False,
* "email_protection": True,
* "code_signing": True,
* "time_stamping": True,
* },
* },
* "name_constraints": {
* "critical": True,
* "permitted_dns_names": [
* "*.example1.com",
* "*.example2.com",
* ],
* "excluded_dns_names": [
* "*.deny.example1.com",
* "*.deny.example2.com",
* ],
* "permitted_ip_ranges": [
* "10.0.0.0/8",
* "11.0.0.0/8",
* ],
* "excluded_ip_ranges": [
* "10.1.1.0/24",
* "11.1.1.0/24",
* ],
* "permitted_email_addresses": [
* ".example1.com",
* ".example2.com",
* ],
* "excluded_email_addresses": [
* ".deny.example1.com",
* ".deny.example2.com",
* ],
* "permitted_uris": [
* ".example1.com",
* ".example2.com",
* ],
* "excluded_uris": [
* ".deny.example1.com",
* ".deny.example2.com",
* ],
* },
* },
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.CaPool("default", new()
* {
* Name = "my-pool",
* Location = "us-central1",
* Tier = "ENTERPRISE",
* PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs
* {
* PublishCaCert = false,
* PublishCrl = true,
* EncodingFormat = "PEM",
* },
* Labels =
* {
* { "foo", "bar" },
* },
* IssuancePolicy = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyArgs
* {
* AllowedKeyTypes = new[]
* {
* new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyAllowedKeyTypeArgs
* {
* EllipticCurve = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyAllowedKeyTypeEllipticCurveArgs
* {
* SignatureAlgorithm = "ECDSA_P256",
* },
* },
* new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyAllowedKeyTypeArgs
* {
* Rsa = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyAllowedKeyTypeRsaArgs
* {
* MinModulusSize = "5",
* MaxModulusSize = "10",
* },
* },
* },
* MaximumLifetime = "50000s",
* AllowedIssuanceModes = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyAllowedIssuanceModesArgs
* {
* AllowCsrBasedIssuance = true,
* AllowConfigBasedIssuance = true,
* },
* IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyIdentityConstraintsArgs
* {
* AllowSubjectPassthrough = true,
* AllowSubjectAltNamesPassthrough = true,
* CelExpression = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyIdentityConstraintsCelExpressionArgs
* {
* Expression = "subject_alt_names.all(san, san.type == DNS || san.type == EMAIL )",
* Title = "My title",
* },
* },
* BaselineValues = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesArgs
* {
* AiaOcspServers = new[]
* {
* "example.com",
* },
* AdditionalExtensions = new[]
* {
* new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesAdditionalExtensionArgs
* {
* Critical = true,
* Value = "asdf",
* ObjectId = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesAdditionalExtensionObjectIdArgs
* {
* ObjectIdPaths = new[]
* {
* 1,
* 7,
* },
* },
* },
* },
* PolicyIds = new[]
* {
* new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesPolicyIdArgs
* {
* ObjectIdPaths = new[]
* {
* 1,
* 5,
* },
* },
* new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesPolicyIdArgs
* {
* ObjectIdPaths = new[]
* {
* 1,
* 5,
* 7,
* },
* },
* },
* CaOptions = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs
* {
* IsCa = true,
* MaxIssuerPathLength = 10,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs
* {
* DigitalSignature = true,
* ContentCommitment = true,
* KeyEncipherment = false,
* DataEncipherment = true,
* KeyAgreement = true,
* CertSign = false,
* CrlSign = true,
* DecipherOnly = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* ClientAuth = false,
* EmailProtection = true,
* CodeSigning = true,
* TimeStamping = true,
* },
* },
* NameConstraints = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesNameConstraintsArgs
* {
* Critical = true,
* PermittedDnsNames = new[]
* {
* "*.example1.com",
* "*.example2.com",
* },
* ExcludedDnsNames = new[]
* {
* "*.deny.example1.com",
* "*.deny.example2.com",
* },
* PermittedIpRanges = new[]
* {
* "10.0.0.0/8",
* "11.0.0.0/8",
* },
* ExcludedIpRanges = new[]
* {
* "10.1.1.0/24",
* "11.1.1.0/24",
* },
* PermittedEmailAddresses = new[]
* {
* ".example1.com",
* ".example2.com",
* },
* ExcludedEmailAddresses = new[]
* {
* ".deny.example1.com",
* ".deny.example2.com",
* },
* PermittedUris = new[]
* {
* ".example1.com",
* ".example2.com",
* },
* ExcludedUris = new[]
* {
* ".deny.example1.com",
* ".deny.example2.com",
* },
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewCaPool(ctx, "default", &certificateauthority.CaPoolArgs{
* Name: pulumi.String("my-pool"),
* Location: pulumi.String("us-central1"),
* Tier: pulumi.String("ENTERPRISE"),
* PublishingOptions: &certificateauthority.CaPoolPublishingOptionsArgs{
* PublishCaCert: pulumi.Bool(false),
* PublishCrl: pulumi.Bool(true),
* EncodingFormat: pulumi.String("PEM"),
* },
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* IssuancePolicy: &certificateauthority.CaPoolIssuancePolicyArgs{
* AllowedKeyTypes: certificateauthority.CaPoolIssuancePolicyAllowedKeyTypeArray{
* &certificateauthority.CaPoolIssuancePolicyAllowedKeyTypeArgs{
* EllipticCurve: &certificateauthority.CaPoolIssuancePolicyAllowedKeyTypeEllipticCurveArgs{
* SignatureAlgorithm: pulumi.String("ECDSA_P256"),
* },
* },
* &certificateauthority.CaPoolIssuancePolicyAllowedKeyTypeArgs{
* Rsa: &certificateauthority.CaPoolIssuancePolicyAllowedKeyTypeRsaArgs{
* MinModulusSize: pulumi.String("5"),
* MaxModulusSize: pulumi.String("10"),
* },
* },
* },
* MaximumLifetime: pulumi.String("50000s"),
* AllowedIssuanceModes: &certificateauthority.CaPoolIssuancePolicyAllowedIssuanceModesArgs{
* AllowCsrBasedIssuance: pulumi.Bool(true),
* AllowConfigBasedIssuance: pulumi.Bool(true),
* },
* IdentityConstraints: &certificateauthority.CaPoolIssuancePolicyIdentityConstraintsArgs{
* AllowSubjectPassthrough: pulumi.Bool(true),
* AllowSubjectAltNamesPassthrough: pulumi.Bool(true),
* CelExpression: &certificateauthority.CaPoolIssuancePolicyIdentityConstraintsCelExpressionArgs{
* Expression: pulumi.String("subject_alt_names.all(san, san.type == DNS || san.type == EMAIL )"),
* Title: pulumi.String("My title"),
* },
* },
* BaselineValues: &certificateauthority.CaPoolIssuancePolicyBaselineValuesArgs{
* AiaOcspServers: pulumi.StringArray{
* pulumi.String("example.com"),
* },
* AdditionalExtensions: certificateauthority.CaPoolIssuancePolicyBaselineValuesAdditionalExtensionArray{
* &certificateauthority.CaPoolIssuancePolicyBaselineValuesAdditionalExtensionArgs{
* Critical: pulumi.Bool(true),
* Value: pulumi.String("asdf"),
* ObjectId: &certificateauthority.CaPoolIssuancePolicyBaselineValuesAdditionalExtensionObjectIdArgs{
* ObjectIdPaths: pulumi.IntArray{
* pulumi.Int(1),
* pulumi.Int(7),
* },
* },
* },
* },
* PolicyIds: certificateauthority.CaPoolIssuancePolicyBaselineValuesPolicyIdArray{
* &certificateauthority.CaPoolIssuancePolicyBaselineValuesPolicyIdArgs{
* ObjectIdPaths: pulumi.IntArray{
* pulumi.Int(1),
* pulumi.Int(5),
* },
* },
* &certificateauthority.CaPoolIssuancePolicyBaselineValuesPolicyIdArgs{
* ObjectIdPaths: pulumi.IntArray{
* pulumi.Int(1),
* pulumi.Int(5),
* pulumi.Int(7),
* },
* },
* },
* CaOptions: &certificateauthority.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* MaxIssuerPathLength: pulumi.Int(10),
* },
* KeyUsage: &certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs{
* DigitalSignature: pulumi.Bool(true),
* ContentCommitment: pulumi.Bool(true),
* KeyEncipherment: pulumi.Bool(false),
* DataEncipherment: pulumi.Bool(true),
* KeyAgreement: pulumi.Bool(true),
* CertSign: pulumi.Bool(false),
* CrlSign: pulumi.Bool(true),
* DecipherOnly: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* ClientAuth: pulumi.Bool(false),
* EmailProtection: pulumi.Bool(true),
* CodeSigning: pulumi.Bool(true),
* TimeStamping: pulumi.Bool(true),
* },
* },
* NameConstraints: &certificateauthority.CaPoolIssuancePolicyBaselineValuesNameConstraintsArgs{
* Critical: pulumi.Bool(true),
* PermittedDnsNames: pulumi.StringArray{
* pulumi.String("*.example1.com"),
* pulumi.String("*.example2.com"),
* },
* ExcludedDnsNames: pulumi.StringArray{
* pulumi.String("*.deny.example1.com"),
* pulumi.String("*.deny.example2.com"),
* },
* PermittedIpRanges: pulumi.StringArray{
* pulumi.String("10.0.0.0/8"),
* pulumi.String("11.0.0.0/8"),
* },
* ExcludedIpRanges: pulumi.StringArray{
* pulumi.String("10.1.1.0/24"),
* pulumi.String("11.1.1.0/24"),
* },
* PermittedEmailAddresses: pulumi.StringArray{
* pulumi.String(".example1.com"),
* pulumi.String(".example2.com"),
* },
* ExcludedEmailAddresses: pulumi.StringArray{
* pulumi.String(".deny.example1.com"),
* pulumi.String(".deny.example2.com"),
* },
* PermittedUris: pulumi.StringArray{
* pulumi.String(".example1.com"),
* pulumi.String(".example2.com"),
* },
* ExcludedUris: pulumi.StringArray{
* pulumi.String(".deny.example1.com"),
* pulumi.String(".deny.example2.com"),
* },
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyAllowedIssuanceModesArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyIdentityConstraintsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyIdentityConstraintsCelExpressionArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesNameConstraintsArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new CaPool("default", CaPoolArgs.builder()
* .name("my-pool")
* .location("us-central1")
* .tier("ENTERPRISE")
* .publishingOptions(CaPoolPublishingOptionsArgs.builder()
* .publishCaCert(false)
* .publishCrl(true)
* .encodingFormat("PEM")
* .build())
* .labels(Map.of("foo", "bar"))
* .issuancePolicy(CaPoolIssuancePolicyArgs.builder()
* .allowedKeyTypes(
* CaPoolIssuancePolicyAllowedKeyTypeArgs.builder()
* .ellipticCurve(CaPoolIssuancePolicyAllowedKeyTypeEllipticCurveArgs.builder()
* .signatureAlgorithm("ECDSA_P256")
* .build())
* .build(),
* CaPoolIssuancePolicyAllowedKeyTypeArgs.builder()
* .rsa(CaPoolIssuancePolicyAllowedKeyTypeRsaArgs.builder()
* .minModulusSize(5)
* .maxModulusSize(10)
* .build())
* .build())
* .maximumLifetime("50000s")
* .allowedIssuanceModes(CaPoolIssuancePolicyAllowedIssuanceModesArgs.builder()
* .allowCsrBasedIssuance(true)
* .allowConfigBasedIssuance(true)
* .build())
* .identityConstraints(CaPoolIssuancePolicyIdentityConstraintsArgs.builder()
* .allowSubjectPassthrough(true)
* .allowSubjectAltNamesPassthrough(true)
* .celExpression(CaPoolIssuancePolicyIdentityConstraintsCelExpressionArgs.builder()
* .expression("subject_alt_names.all(san, san.type == DNS || san.type == EMAIL )")
* .title("My title")
* .build())
* .build())
* .baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()
* .aiaOcspServers("example.com")
* .additionalExtensions(CaPoolIssuancePolicyBaselineValuesAdditionalExtensionArgs.builder()
* .critical(true)
* .value("asdf")
* .objectId(CaPoolIssuancePolicyBaselineValuesAdditionalExtensionObjectIdArgs.builder()
* .objectIdPaths(
* 1,
* 7)
* .build())
* .build())
* .policyIds(
* CaPoolIssuancePolicyBaselineValuesPolicyIdArgs.builder()
* .objectIdPaths(
* 1,
* 5)
* .build(),
* CaPoolIssuancePolicyBaselineValuesPolicyIdArgs.builder()
* .objectIdPaths(
* 1,
* 5,
* 7)
* .build())
* .caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()
* .isCa(true)
* .maxIssuerPathLength(10)
* .build())
* .keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()
* .baseKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs.builder()
* .digitalSignature(true)
* .contentCommitment(true)
* .keyEncipherment(false)
* .dataEncipherment(true)
* .keyAgreement(true)
* .certSign(false)
* .crlSign(true)
* .decipherOnly(true)
* .build())
* .extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .clientAuth(false)
* .emailProtection(true)
* .codeSigning(true)
* .timeStamping(true)
* .build())
* .build())
* .nameConstraints(CaPoolIssuancePolicyBaselineValuesNameConstraintsArgs.builder()
* .critical(true)
* .permittedDnsNames(
* "*.example1.com",
* "*.example2.com")
* .excludedDnsNames(
* "*.deny.example1.com",
* "*.deny.example2.com")
* .permittedIpRanges(
* "10.0.0.0/8",
* "11.0.0.0/8")
* .excludedIpRanges(
* "10.1.1.0/24",
* "11.1.1.0/24")
* .permittedEmailAddresses(
* ".example1.com",
* ".example2.com")
* .excludedEmailAddresses(
* ".deny.example1.com",
* ".deny.example2.com")
* .permittedUris(
* ".example1.com",
* ".example2.com")
* .excludedUris(
* ".deny.example1.com",
* ".deny.example2.com")
* .build())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:CaPool
* properties:
* name: my-pool
* location: us-central1
* tier: ENTERPRISE
* publishingOptions:
* publishCaCert: false
* publishCrl: true
* encodingFormat: PEM
* labels:
* foo: bar
* issuancePolicy:
* allowedKeyTypes:
* - ellipticCurve:
* signatureAlgorithm: ECDSA_P256
* - rsa:
* minModulusSize: 5
* maxModulusSize: 10
* maximumLifetime: 50000s
* allowedIssuanceModes:
* allowCsrBasedIssuance: true
* allowConfigBasedIssuance: true
* identityConstraints:
* allowSubjectPassthrough: true
* allowSubjectAltNamesPassthrough: true
* celExpression:
* expression: subject_alt_names.all(san, san.type == DNS || san.type == EMAIL )
* title: My title
* baselineValues:
* aiaOcspServers:
* - example.com
* additionalExtensions:
* - critical: true
* value: asdf
* objectId:
* objectIdPaths:
* - 1
* - 7
* policyIds:
* - objectIdPaths:
* - 1
* - 5
* - objectIdPaths:
* - 1
* - 5
* - 7
* caOptions:
* isCa: true
* maxIssuerPathLength: 10
* keyUsage:
* baseKeyUsage:
* digitalSignature: true
* contentCommitment: true
* keyEncipherment: false
* dataEncipherment: true
* keyAgreement: true
* certSign: false
* crlSign: true
* decipherOnly: true
* extendedKeyUsage:
* serverAuth: true
* clientAuth: false
* emailProtection: true
* codeSigning: true
* timeStamping: true
* nameConstraints:
* critical: true
* permittedDnsNames:
* - '*.example1.com'
* - '*.example2.com'
* excludedDnsNames:
* - '*.deny.example1.com'
* - '*.deny.example2.com'
* permittedIpRanges:
* - 10.0.0.0/8
* - 11.0.0.0/8
* excludedIpRanges:
* - 10.1.1.0/24
* - 11.1.1.0/24
* permittedEmailAddresses:
* - .example1.com
* - .example2.com
* excludedEmailAddresses:
* - .deny.example1.com
* - .deny.example2.com
* permittedUris:
* - .example1.com
* - .example2.com
* excludedUris:
* - .deny.example1.com
* - .deny.example2.com
* ```
*
* ## Import
* CaPool can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/caPools/{{name}}`
* * `{{project}}/{{location}}/{{name}}`
* * `{{location}}/{{name}}`
* When using the `pulumi import` command, CaPool can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:certificateauthority/caPool:CaPool default projects/{{project}}/locations/{{location}}/caPools/{{name}}
* ```
* ```sh
* $ pulumi import gcp:certificateauthority/caPool:CaPool default {{project}}/{{location}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:certificateauthority/caPool:CaPool default {{location}}/{{name}}
* ```
*/
public class CaPool internal constructor(
override val javaResource: com.pulumi.gcp.certificateauthority.CaPool,
) : KotlinCustomResource(javaResource, CaPoolMapper) {
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
public val effectiveLabels: Output>
get() = javaResource.effectiveLabels().applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
})
/**
* The IssuancePolicy to control how Certificates will be issued from this CaPool.
* Structure is documented below.
*/
public val issuancePolicy: Output?
get() = javaResource.issuancePolicy().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> caPoolIssuancePolicyToKotlin(args0) })
}).orElse(null)
})
/**
* Labels with user-defined metadata.
* An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass":
* "1.3kg", "count": "3" }.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effective_labels` for all of the labels present on the resource.
*/
public val labels: Output>?
get() = javaResource.labels().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}).orElse(null)
})
/**
* Location of the CaPool. A full list of valid locations can be found by
* running `gcloud privateca locations list`.
* - - -
*/
public val location: Output
get() = javaResource.location().applyValue({ args0 -> args0 })
/**
* The name for this CaPool.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
public val project: Output
get() = javaResource.project().applyValue({ args0 -> args0 })
/**
* The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
* Structure is documented below.
*/
public val publishingOptions: Output?
get() = javaResource.publishingOptions().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> caPoolPublishingOptionsToKotlin(args0) })
}).orElse(null)
})
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
public val pulumiLabels: Output>
get() = javaResource.pulumiLabels().applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
})
/**
* The Tier of this CaPool.
* Possible values are: `ENTERPRISE`, `DEVOPS`.
*/
public val tier: Output
get() = javaResource.tier().applyValue({ args0 -> args0 })
}
public object CaPoolMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.certificateauthority.CaPool::class == javaResource::class
override fun map(javaResource: Resource): CaPool = CaPool(
javaResource as
com.pulumi.gcp.certificateauthority.CaPool,
)
}
/**
* @see [CaPool].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [CaPool].
*/
public suspend fun caPool(name: String, block: suspend CaPoolResourceBuilder.() -> Unit): CaPool {
val builder = CaPoolResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [CaPool].
* @param name The _unique_ name of the resulting resource.
*/
public fun caPool(name: String): CaPool {
val builder = CaPoolResourceBuilder()
builder.name(name)
return builder.build()
}
