Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.pulumi.gcp.networksecurity.kotlin.ServerTlsPolicyArgs.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.networksecurity.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs.builder
import com.pulumi.gcp.networksecurity.kotlin.inputs.ServerTlsPolicyMtlsPolicyArgs
import com.pulumi.gcp.networksecurity.kotlin.inputs.ServerTlsPolicyMtlsPolicyArgsBuilder
import com.pulumi.gcp.networksecurity.kotlin.inputs.ServerTlsPolicyServerCertificateArgs
import com.pulumi.gcp.networksecurity.kotlin.inputs.ServerTlsPolicyServerCertificateArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* ## Example Usage
* ### Network Security Server Tls Policy Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
* name: "my-server-tls-policy",
* labels: {
* foo: "bar",
* },
* description: "my description",
* allowOpen: false,
* serverCertificate: {
* certificateProviderInstance: {
* pluginInstance: "google_cloud_private_spiffe",
* },
* },
* mtlsPolicy: {
* clientValidationCas: [
* {
* grpcEndpoint: {
* targetUri: "unix:mypath",
* },
* },
* {
* grpcEndpoint: {
* targetUri: "unix:abc/mypath",
* },
* },
* {
* certificateProviderInstance: {
* pluginInstance: "google_cloud_private_spiffe",
* },
* },
* ],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.networksecurity.ServerTlsPolicy("default",
* name="my-server-tls-policy",
* labels={
* "foo": "bar",
* },
* description="my description",
* allow_open=False,
* server_certificate={
* "certificate_provider_instance": {
* "plugin_instance": "google_cloud_private_spiffe",
* },
* },
* mtls_policy={
* "client_validation_cas": [
* {
* "grpc_endpoint": {
* "target_uri": "unix:mypath",
* },
* },
* {
* "grpc_endpoint": {
* "target_uri": "unix:abc/mypath",
* },
* },
* {
* "certificate_provider_instance": {
* "plugin_instance": "google_cloud_private_spiffe",
* },
* },
* ],
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
* {
* Name = "my-server-tls-policy",
* Labels =
* {
* { "foo", "bar" },
* },
* Description = "my description",
* AllowOpen = false,
* ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
* {
* CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs
* {
* PluginInstance = "google_cloud_private_spiffe",
* },
* },
* MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
* {
* ClientValidationCas = new[]
* {
* new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
* {
* GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
* {
* TargetUri = "unix:mypath",
* },
* },
* new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
* {
* GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
* {
* TargetUri = "unix:abc/mypath",
* },
* },
* new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
* {
* CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs
* {
* PluginInstance = "google_cloud_private_spiffe",
* },
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
* Name: pulumi.String("my-server-tls-policy"),
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* Description: pulumi.String("my description"),
* AllowOpen: pulumi.Bool(false),
* ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
* CertificateProviderInstance: &networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs{
* PluginInstance: pulumi.String("google_cloud_private_spiffe"),
* },
* },
* MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
* ClientValidationCas: networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArray{
* &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
* GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
* TargetUri: pulumi.String("unix:mypath"),
* },
* },
* &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
* GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
* TargetUri: pulumi.String("unix:abc/mypath"),
* },
* },
* &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
* CertificateProviderInstance: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs{
* PluginInstance: pulumi.String("google_cloud_private_spiffe"),
* },
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
* .name("my-server-tls-policy")
* .labels(Map.of("foo", "bar"))
* .description("my description")
* .allowOpen("false")
* .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
* .certificateProviderInstance(ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs.builder()
* .pluginInstance("google_cloud_private_spiffe")
* .build())
* .build())
* .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
* .clientValidationCas(
* ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
* .grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
* .targetUri("unix:mypath")
* .build())
* .build(),
* ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
* .grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
* .targetUri("unix:abc/mypath")
* .build())
* .build(),
* ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
* .certificateProviderInstance(ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs.builder()
* .pluginInstance("google_cloud_private_spiffe")
* .build())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:networksecurity:ServerTlsPolicy
* properties:
* name: my-server-tls-policy
* labels:
* foo: bar
* description: my description
* allowOpen: 'false'
* serverCertificate:
* certificateProviderInstance:
* pluginInstance: google_cloud_private_spiffe
* mtlsPolicy:
* clientValidationCas:
* - grpcEndpoint:
* targetUri: unix:mypath
* - grpcEndpoint:
* targetUri: unix:abc/mypath
* - certificateProviderInstance:
* pluginInstance: google_cloud_private_spiffe
* ```
*
* ### Network Security Server Tls Policy Advanced
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
* name: "my-server-tls-policy",
* labels: {
* foo: "bar",
* },
* description: "my description",
* location: "global",
* allowOpen: false,
* mtlsPolicy: {
* clientValidationMode: "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.networksecurity.ServerTlsPolicy("default",
* name="my-server-tls-policy",
* labels={
* "foo": "bar",
* },
* description="my description",
* location="global",
* allow_open=False,
* mtls_policy={
* "client_validation_mode": "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
* {
* Name = "my-server-tls-policy",
* Labels =
* {
* { "foo", "bar" },
* },
* Description = "my description",
* Location = "global",
* AllowOpen = false,
* MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
* {
* ClientValidationMode = "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
* Name: pulumi.String("my-server-tls-policy"),
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* Description: pulumi.String("my description"),
* Location: pulumi.String("global"),
* AllowOpen: pulumi.Bool(false),
* MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
* ClientValidationMode: pulumi.String("ALLOW_INVALID_OR_MISSING_CLIENT_CERT"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
* .name("my-server-tls-policy")
* .labels(Map.of("foo", "bar"))
* .description("my description")
* .location("global")
* .allowOpen("false")
* .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
* .clientValidationMode("ALLOW_INVALID_OR_MISSING_CLIENT_CERT")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:networksecurity:ServerTlsPolicy
* properties:
* name: my-server-tls-policy
* labels:
* foo: bar
* description: my description
* location: global
* allowOpen: 'false'
* mtlsPolicy:
* clientValidationMode: ALLOW_INVALID_OR_MISSING_CLIENT_CERT
* ```
*
* ### Network Security Server Tls Policy Server Cert
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
* name: "my-server-tls-policy",
* labels: {
* foo: "bar",
* },
* description: "my description",
* location: "global",
* allowOpen: false,
* serverCertificate: {
* grpcEndpoint: {
* targetUri: "unix:mypath",
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.networksecurity.ServerTlsPolicy("default",
* name="my-server-tls-policy",
* labels={
* "foo": "bar",
* },
* description="my description",
* location="global",
* allow_open=False,
* server_certificate={
* "grpc_endpoint": {
* "target_uri": "unix:mypath",
* },
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
* {
* Name = "my-server-tls-policy",
* Labels =
* {
* { "foo", "bar" },
* },
* Description = "my description",
* Location = "global",
* AllowOpen = false,
* ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
* {
* GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs
* {
* TargetUri = "unix:mypath",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
* Name: pulumi.String("my-server-tls-policy"),
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* Description: pulumi.String("my description"),
* Location: pulumi.String("global"),
* AllowOpen: pulumi.Bool(false),
* ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
* GrpcEndpoint: &networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs{
* TargetUri: pulumi.String("unix:mypath"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
* .name("my-server-tls-policy")
* .labels(Map.of("foo", "bar"))
* .description("my description")
* .location("global")
* .allowOpen("false")
* .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
* .grpcEndpoint(ServerTlsPolicyServerCertificateGrpcEndpointArgs.builder()
* .targetUri("unix:mypath")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:networksecurity:ServerTlsPolicy
* properties:
* name: my-server-tls-policy
* labels:
* foo: bar
* description: my description
* location: global
* allowOpen: 'false'
* serverCertificate:
* grpcEndpoint:
* targetUri: unix:mypath
* ```
*
* ### Network Security Server Tls Policy Mtls
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
* const project = gcp.organizations.getProject({});
* const defaultTrustConfig = new gcp.certificatemanager.TrustConfig("default", {
* name: "my-trust-config",
* description: "sample trust config description",
* location: "global",
* trustStores: [{
* trustAnchors: [{
* pemCertificate: std.file({
* input: "test-fixtures/ca_cert.pem",
* }).then(invoke => invoke.result),
* }],
* intermediateCas: [{
* pemCertificate: std.file({
* input: "test-fixtures/ca_cert.pem",
* }).then(invoke => invoke.result),
* }],
* }],
* labels: {
* foo: "bar",
* },
* });
* const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
* name: "my-server-tls-policy",
* description: "my description",
* location: "global",
* allowOpen: false,
* mtlsPolicy: {
* clientValidationMode: "REJECT_INVALID",
* clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) => `projects/${project.number}/locations/global/trustConfigs/${name}`),
* },
* labels: {
* foo: "bar",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_std as std
* project = gcp.organizations.get_project()
* default_trust_config = gcp.certificatemanager.TrustConfig("default",
* name="my-trust-config",
* description="sample trust config description",
* location="global",
* trust_stores=[{
* "trust_anchors": [{
* "pem_certificate": std.file(input="test-fixtures/ca_cert.pem").result,
* }],
* "intermediate_cas": [{
* "pem_certificate": std.file(input="test-fixtures/ca_cert.pem").result,
* }],
* }],
* labels={
* "foo": "bar",
* })
* default = gcp.networksecurity.ServerTlsPolicy("default",
* name="my-server-tls-policy",
* description="my description",
* location="global",
* allow_open=False,
* mtls_policy={
* "client_validation_mode": "REJECT_INVALID",
* "client_validation_trust_config": default_trust_config.name.apply(lambda name: f"projects/{project.number}/locations/global/trustConfigs/{name}"),
* },
* labels={
* "foo": "bar",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* var project = Gcp.Organizations.GetProject.Invoke();
* var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig("default", new()
* {
* Name = "my-trust-config",
* Description = "sample trust config description",
* Location = "global",
* TrustStores = new[]
* {
* new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
* {
* TrustAnchors = new[]
* {
* new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
* {
* PemCertificate = Std.File.Invoke(new()
* {
* Input = "test-fixtures/ca_cert.pem",
* }).Apply(invoke => invoke.Result),
* },
* },
* IntermediateCas = new[]
* {
* new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
* {
* PemCertificate = Std.File.Invoke(new()
* {
* Input = "test-fixtures/ca_cert.pem",
* }).Apply(invoke => invoke.Result),
* },
* },
* },
* },
* Labels =
* {
* { "foo", "bar" },
* },
* });
* var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
* {
* Name = "my-server-tls-policy",
* Description = "my description",
* Location = "global",
* AllowOpen = false,
* MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
* {
* ClientValidationMode = "REJECT_INVALID",
* ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =>
* {
* var project = values.Item1;
* var name = values.Item2;
* return $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}/locations/global/trustConfigs/{name}";
* }),
* },
* Labels =
* {
* { "foo", "bar" },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* project, err := organizations.LookupProject(ctx, nil, nil)
* if err != nil {
* return err
* }
* invokeFile, err := std.File(ctx, &std.FileArgs{
* Input: "test-fixtures/ca_cert.pem",
* }, nil)
* if err != nil {
* return err
* }
* invokeFile1, err := std.File(ctx, &std.FileArgs{
* Input: "test-fixtures/ca_cert.pem",
* }, nil)
* if err != nil {
* return err
* }
* defaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, "default", &certificatemanager.TrustConfigArgs{
* Name: pulumi.String("my-trust-config"),
* Description: pulumi.String("sample trust config description"),
* Location: pulumi.String("global"),
* TrustStores: certificatemanager.TrustConfigTrustStoreArray{
* &certificatemanager.TrustConfigTrustStoreArgs{
* TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
* &certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
* PemCertificate: pulumi.String(invokeFile.Result),
* },
* },
* IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
* &certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
* PemCertificate: pulumi.String(invokeFile1.Result),
* },
* },
* },
* },
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* })
* if err != nil {
* return err
* }
* _, err = networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
* Name: pulumi.String("my-server-tls-policy"),
* Description: pulumi.String("my description"),
* Location: pulumi.String("global"),
* AllowOpen: pulumi.Bool(false),
* MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
* ClientValidationMode: pulumi.String("REJECT_INVALID"),
* ClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("projects/%v/locations/global/trustConfigs/%v", project.Number, name), nil
* }).(pulumi.StringOutput),
* },
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
* import com.pulumi.gcp.certificatemanager.TrustConfig;
* import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
* import com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
* import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
* import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var project = OrganizationsFunctions.getProject();
* var defaultTrustConfig = new TrustConfig("defaultTrustConfig", TrustConfigArgs.builder()
* .name("my-trust-config")
* .description("sample trust config description")
* .location("global")
* .trustStores(TrustConfigTrustStoreArgs.builder()
* .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
* .pemCertificate(StdFunctions.file(FileArgs.builder()
* .input("test-fixtures/ca_cert.pem")
* .build()).result())
* .build())
* .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
* .pemCertificate(StdFunctions.file(FileArgs.builder()
* .input("test-fixtures/ca_cert.pem")
* .build()).result())
* .build())
* .build())
* .labels(Map.of("foo", "bar"))
* .build());
* var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
* .name("my-server-tls-policy")
* .description("my description")
* .location("global")
* .allowOpen("false")
* .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
* .clientValidationMode("REJECT_INVALID")
* .clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -> String.format("projects/%s/locations/global/trustConfigs/%s", project.applyValue(getProjectResult -> getProjectResult.number()),name)))
* .build())
* .labels(Map.of("foo", "bar"))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:networksecurity:ServerTlsPolicy
* properties:
* name: my-server-tls-policy
* description: my description
* location: global
* allowOpen: 'false'
* mtlsPolicy:
* clientValidationMode: REJECT_INVALID
* clientValidationTrustConfig: projects/${project.number}/locations/global/trustConfigs/${defaultTrustConfig.name}
* labels:
* foo: bar
* defaultTrustConfig:
* type: gcp:certificatemanager:TrustConfig
* name: default
* properties:
* name: my-trust-config
* description: sample trust config description
* location: global
* trustStores:
* - trustAnchors:
* - pemCertificate:
* fn::invoke:
* Function: std:file
* Arguments:
* input: test-fixtures/ca_cert.pem
* Return: result
* intermediateCas:
* - pemCertificate:
* fn::invoke:
* Function: std:file
* Arguments:
* input: test-fixtures/ca_cert.pem
* Return: result
* labels:
* foo: bar
* variables:
* project:
* fn::invoke:
* Function: gcp:organizations:getProject
* Arguments: {}
* ```
*
* ## Import
* ServerTlsPolicy can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`
* * `{{project}}/{{location}}/{{name}}`
* * `{{location}}/{{name}}`
* When using the `pulumi import` command, ServerTlsPolicy can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}
* ```
* ```sh
* $ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{project}}/{{location}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{location}}/{{name}}
* ```
* @property allowOpen This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies.
* Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.
* Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
* @property description A free-text description of the resource. Max length 1024 characters.
* @property labels Set of label tags associated with the ServerTlsPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effective_labels` for all of the labels present on the resource.
* @property location The location of the server tls policy.
* The default value is `global`.
* @property mtlsPolicy This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director.
* Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections.
* Structure is documented below.
* @property name Name of the ServerTlsPolicy resource.
* - - -
* @property project The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
* @property serverCertificate Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
* Structure is documented below.
*/
public data class ServerTlsPolicyArgs(
public val allowOpen: Output? = null,
public val description: Output? = null,
public val labels: Output>? = null,
public val location: Output? = null,
public val mtlsPolicy: Output? = null,
public val name: Output? = null,
public val project: Output? = null,
public val serverCertificate: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs =
com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs.builder()
.allowOpen(allowOpen?.applyValue({ args0 -> args0 }))
.description(description?.applyValue({ args0 -> args0 }))
.labels(labels?.applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }))
.location(location?.applyValue({ args0 -> args0 }))
.mtlsPolicy(mtlsPolicy?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.name(name?.applyValue({ args0 -> args0 }))
.project(project?.applyValue({ args0 -> args0 }))
.serverCertificate(
serverCertificate?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
).build()
}
/**
* Builder for [ServerTlsPolicyArgs].
*/
@PulumiTagMarker
public class ServerTlsPolicyArgsBuilder internal constructor() {
private var allowOpen: Output? = null
private var description: Output? = null
private var labels: Output>? = null
private var location: Output? = null
private var mtlsPolicy: Output? = null
private var name: Output? = null
private var project: Output? = null
private var serverCertificate: Output? = null
/**
* @param value This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies.
* Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.
* Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
*/
@JvmName("mywsqveguivesqgu")
public suspend fun allowOpen(`value`: Output) {
this.allowOpen = value
}
/**
* @param value A free-text description of the resource. Max length 1024 characters.
*/
@JvmName("xmfwrlvbbnbggwjw")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value Set of label tags associated with the ServerTlsPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effective_labels` for all of the labels present on the resource.
*/
@JvmName("jgmkfqtnipfrdoxj")
public suspend fun labels(`value`: Output>) {
this.labels = value
}
/**
* @param value The location of the server tls policy.
* The default value is `global`.
*/
@JvmName("xyeiuqwukxmdlcuh")
public suspend fun location(`value`: Output) {
this.location = value
}
/**
* @param value This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director.
* Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections.
* Structure is documented below.
*/
@JvmName("fdwisnfdxiiebxhw")
public suspend fun mtlsPolicy(`value`: Output) {
this.mtlsPolicy = value
}
/**
* @param value Name of the ServerTlsPolicy resource.
* - - -
*/
@JvmName("voqblnjvyisuceeo")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
@JvmName("akfbxkkmudsvhbmh")
public suspend fun project(`value`: Output) {
this.project = value
}
/**
* @param value Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
* Structure is documented below.
*/
@JvmName("lsaxnhbumvhlplxq")
public suspend fun serverCertificate(`value`: Output) {
this.serverCertificate = value
}
/**
* @param value This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies.
* Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.
* Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
*/
@JvmName("vhyohtnryciprjgc")
public suspend fun allowOpen(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.allowOpen = mapped
}
/**
* @param value A free-text description of the resource. Max length 1024 characters.
*/
@JvmName("ybutbyamslmwoneg")
public suspend fun description(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.description = mapped
}
/**
* @param value Set of label tags associated with the ServerTlsPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effective_labels` for all of the labels present on the resource.
*/
@JvmName("nxpwfrwyfxoefydq")
public suspend fun labels(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.labels = mapped
}
/**
* @param values Set of label tags associated with the ServerTlsPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effective_labels` for all of the labels present on the resource.
*/
@JvmName("abyvpyrsachxobjx")
public fun labels(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.labels = mapped
}
/**
* @param value The location of the server tls policy.
* The default value is `global`.
*/
@JvmName("sajwjpvtuqwuqjuf")
public suspend fun location(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.location = mapped
}
/**
* @param value This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director.
* Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections.
* Structure is documented below.
*/
@JvmName("hpkgxhiarlnbnxhu")
public suspend fun mtlsPolicy(`value`: ServerTlsPolicyMtlsPolicyArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.mtlsPolicy = mapped
}
/**
* @param argument This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director.
* Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections.
* Structure is documented below.
*/
@JvmName("eudiigcawbkhyvlx")
public suspend fun mtlsPolicy(argument: suspend ServerTlsPolicyMtlsPolicyArgsBuilder.() -> Unit) {
val toBeMapped = ServerTlsPolicyMtlsPolicyArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.mtlsPolicy = mapped
}
/**
* @param value Name of the ServerTlsPolicy resource.
* - - -
*/
@JvmName("beyxuggucuwtjlku")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
@JvmName("imabgmfbnwgqfgse")
public suspend fun project(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.project = mapped
}
/**
* @param value Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
* Structure is documented below.
*/
@JvmName("grqfjifrfqivbgsj")
public suspend fun serverCertificate(`value`: ServerTlsPolicyServerCertificateArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.serverCertificate = mapped
}
/**
* @param argument Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
* Structure is documented below.
*/
@JvmName("wfgagefproiluyfu")
public suspend fun serverCertificate(argument: suspend ServerTlsPolicyServerCertificateArgsBuilder.() -> Unit) {
val toBeMapped = ServerTlsPolicyServerCertificateArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.serverCertificate = mapped
}
internal fun build(): ServerTlsPolicyArgs = ServerTlsPolicyArgs(
allowOpen = allowOpen,
description = description,
labels = labels,
location = location,
mtlsPolicy = mtlsPolicy,
name = name,
project = project,
serverCertificate = serverCertificate,
)
}
