com.pulumi.gcp.certificatemanager.kotlin.Certificate.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.certificatemanager.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.certificatemanager.kotlin.outputs.CertificateManaged
import com.pulumi.gcp.certificatemanager.kotlin.outputs.CertificateSelfManaged
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import com.pulumi.gcp.certificatemanager.kotlin.outputs.CertificateManaged.Companion.toKotlin as certificateManagedToKotlin
import com.pulumi.gcp.certificatemanager.kotlin.outputs.CertificateSelfManaged.Companion.toKotlin as certificateSelfManagedToKotlin
/**
* Builder for [Certificate].
*/
@PulumiTagMarker
public class CertificateResourceBuilder internal constructor() {
public var name: String? = null
public var args: CertificateArgs = CertificateArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend CertificateArgsBuilder.() -> Unit) {
val builder = CertificateArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): Certificate {
val builtJavaResource = com.pulumi.gcp.certificatemanager.Certificate(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return Certificate(builtJavaResource)
}
}
/**
* Certificate represents a HTTP-reachable backend for a Certificate.
* ## Example Usage
* ### Certificate Manager Google Managed Certificate Dns
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
* name: "dns-auth",
* description: "The default dnss",
* domain: "subdomain.hashicorptest.com",
* });
* const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
* name: "dns-auth2",
* description: "The default dnss",
* domain: "subdomain2.hashicorptest.com",
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "dns-cert",
* description: "The default cert",
* scope: "EDGE_CACHE",
* labels: {
* env: "test",
* },
* managed: {
* domains: [
* instance.domain,
* instance2.domain,
* ],
* dnsAuthorizations: [
* instance.id,
* instance2.id,
* ],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* instance = gcp.certificatemanager.DnsAuthorization("instance",
* name="dns-auth",
* description="The default dnss",
* domain="subdomain.hashicorptest.com")
* instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
* name="dns-auth2",
* description="The default dnss",
* domain="subdomain2.hashicorptest.com")
* default = gcp.certificatemanager.Certificate("default",
* name="dns-cert",
* description="The default cert",
* scope="EDGE_CACHE",
* labels={
* "env": "test",
* },
* managed={
* "domains": [
* instance.domain,
* instance2.domain,
* ],
* "dns_authorizations": [
* instance.id,
* instance2.id,
* ],
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
* {
* Name = "dns-auth",
* Description = "The default dnss",
* Domain = "subdomain.hashicorptest.com",
* });
* var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
* {
* Name = "dns-auth2",
* Description = "The default dnss",
* Domain = "subdomain2.hashicorptest.com",
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "dns-cert",
* Description = "The default cert",
* Scope = "EDGE_CACHE",
* Labels =
* {
* { "env", "test" },
* },
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations = new[]
* {
* instance.Id,
* instance2.Id,
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth2"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain2.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("dns-cert"),
* Description: pulumi.String("The default cert"),
* Scope: pulumi.String("EDGE_CACHE"),
* Labels: pulumi.StringMap{
* "env": pulumi.String("test"),
* },
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations: pulumi.StringArray{
* instance.ID(),
* instance2.ID(),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificatemanager.DnsAuthorization;
* import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
* .name("dns-auth")
* .description("The default dnss")
* .domain("subdomain.hashicorptest.com")
* .build());
* var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
* .name("dns-auth2")
* .description("The default dnss")
* .domain("subdomain2.hashicorptest.com")
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("dns-cert")
* .description("The default cert")
* .scope("EDGE_CACHE")
* .labels(Map.of("env", "test"))
* .managed(CertificateManagedArgs.builder()
* .domains(
* instance.domain(),
* instance2.domain())
* .dnsAuthorizations(
* instance.id(),
* instance2.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: dns-cert
* description: The default cert
* scope: EDGE_CACHE
* labels:
* env: test
* managed:
* domains:
* - ${instance.domain}
* - ${instance2.domain}
* dnsAuthorizations:
* - ${instance.id}
* - ${instance2.id}
* instance:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth
* description: The default dnss
* domain: subdomain.hashicorptest.com
* instance2:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth2
* description: The default dnss
* domain: subdomain2.hashicorptest.com
* ```
*
* ### Certificate Manager Google Managed Certificate Issuance Config
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pool = new gcp.certificateauthority.CaPool("pool", {
* name: "ca-pool",
* location: "us-central1",
* tier: "ENTERPRISE",
* });
* const caAuthority = new gcp.certificateauthority.Authority("ca_authority", {
* location: "us-central1",
* pool: pool.name,
* certificateAuthorityId: "ca-authority",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* // creating certificate_issuance_config to use it in the managed certificate
* const issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig", {
* name: "issuance-config",
* description: "sample description for the certificate issuanceConfigs",
* certificateAuthorityConfig: {
* certificateAuthorityServiceConfig: {
* caPool: pool.id,
* },
* },
* lifetime: "1814400s",
* rotationWindowPercentage: 34,
* keyAlgorithm: "ECDSA_P256",
* }, {
* dependsOn: [caAuthority],
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "issuance-config-cert",
* description: "The default cert",
* scope: "EDGE_CACHE",
* managed: {
* domains: ["terraform.subdomain1.com"],
* issuanceConfig: issuanceconfig.id,
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pool = gcp.certificateauthority.CaPool("pool",
* name="ca-pool",
* location="us-central1",
* tier="ENTERPRISE")
* ca_authority = gcp.certificateauthority.Authority("ca_authority",
* location="us-central1",
* pool=pool.name,
* certificate_authority_id="ca-authority",
* config={
* "subject_config": {
* "subject": {
* "organization": "HashiCorp",
* "common_name": "my-certificate-authority",
* },
* "subject_alt_name": {
* "dns_names": ["hashicorp.com"],
* },
* },
* "x509_config": {
* "ca_options": {
* "is_ca": True,
* },
* "key_usage": {
* "base_key_usage": {
* "cert_sign": True,
* "crl_sign": True,
* },
* "extended_key_usage": {
* "server_auth": True,
* },
* },
* },
* },
* key_spec={
* "algorithm": "RSA_PKCS1_4096_SHA256",
* },
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* # creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig",
* name="issuance-config",
* description="sample description for the certificate issuanceConfigs",
* certificate_authority_config={
* "certificate_authority_service_config": {
* "ca_pool": pool.id,
* },
* },
* lifetime="1814400s",
* rotation_window_percentage=34,
* key_algorithm="ECDSA_P256",
* opts = pulumi.ResourceOptions(depends_on=[ca_authority]))
* default = gcp.certificatemanager.Certificate("default",
* name="issuance-config-cert",
* description="The default cert",
* scope="EDGE_CACHE",
* managed={
* "domains": ["terraform.subdomain1.com"],
* "issuance_config": issuanceconfig.id,
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pool = new Gcp.CertificateAuthority.CaPool("pool", new()
* {
* Name = "ca-pool",
* Location = "us-central1",
* Tier = "ENTERPRISE",
* });
* var caAuthority = new Gcp.CertificateAuthority.Authority("ca_authority", new()
* {
* Location = "us-central1",
* Pool = pool.Name,
* CertificateAuthorityId = "ca-authority",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* },
* },
* },
* },
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* // creating certificate_issuance_config to use it in the managed certificate
* var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig("issuanceconfig", new()
* {
* Name = "issuance-config",
* Description = "sample description for the certificate issuanceConfigs",
* CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs
* {
* CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs
* {
* CaPool = pool.Id,
* },
* },
* Lifetime = "1814400s",
* RotationWindowPercentage = 34,
* KeyAlgorithm = "ECDSA_P256",
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* caAuthority,
* },
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "issuance-config-cert",
* Description = "The default cert",
* Scope = "EDGE_CACHE",
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* "terraform.subdomain1.com",
* },
* IssuanceConfig = issuanceconfig.Id,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pool, err := certificateauthority.NewCaPool(ctx, "pool", &certificateauthority.CaPoolArgs{
* Name: pulumi.String("ca-pool"),
* Location: pulumi.String("us-central1"),
* Tier: pulumi.String("ENTERPRISE"),
* })
* if err != nil {
* return err
* }
* caAuthority, err := certificateauthority.NewAuthority(ctx, "ca_authority", &certificateauthority.AuthorityArgs{
* Location: pulumi.String("us-central1"),
* Pool: pool.Name,
* CertificateAuthorityId: pulumi.String("ca-authority"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* },
* },
* },
* },
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* // creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, "issuanceconfig", &certificatemanager.CertificateIssuanceConfigArgs{
* Name: pulumi.String("issuance-config"),
* Description: pulumi.String("sample description for the certificate issuanceConfigs"),
* CertificateAuthorityConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{
* CertificateAuthorityServiceConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{
* CaPool: pool.ID(),
* },
* },
* Lifetime: pulumi.String("1814400s"),
* RotationWindowPercentage: pulumi.Int(34),
* KeyAlgorithm: pulumi.String("ECDSA_P256"),
* }, pulumi.DependsOn([]pulumi.Resource{
* caAuthority,
* }))
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("issuance-config-cert"),
* Description: pulumi.String("The default cert"),
* Scope: pulumi.String("EDGE_CACHE"),
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* pulumi.String("terraform.subdomain1.com"),
* },
* IssuanceConfig: issuanceconfig.ID(),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
* import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import com.pulumi.resources.CustomResourceOptions;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pool = new CaPool("pool", CaPoolArgs.builder()
* .name("ca-pool")
* .location("us-central1")
* .tier("ENTERPRISE")
* .build());
* var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()
* .location("us-central1")
* .pool(pool.name())
* .certificateAuthorityId("ca-authority")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .build())
* .build())
* .build())
* .build())
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* // creating certificate_issuance_config to use it in the managed certificate
* var issuanceconfig = new CertificateIssuanceConfig("issuanceconfig", CertificateIssuanceConfigArgs.builder()
* .name("issuance-config")
* .description("sample description for the certificate issuanceConfigs")
* .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
* .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
* .caPool(pool.id())
* .build())
* .build())
* .lifetime("1814400s")
* .rotationWindowPercentage(34)
* .keyAlgorithm("ECDSA_P256")
* .build(), CustomResourceOptions.builder()
* .dependsOn(caAuthority)
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("issuance-config-cert")
* .description("The default cert")
* .scope("EDGE_CACHE")
* .managed(CertificateManagedArgs.builder()
* .domains("terraform.subdomain1.com")
* .issuanceConfig(issuanceconfig.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: issuance-config-cert
* description: The default cert
* scope: EDGE_CACHE
* managed:
* domains:
* - terraform.subdomain1.com
* issuanceConfig: ${issuanceconfig.id}
* # creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig:
* type: gcp:certificatemanager:CertificateIssuanceConfig
* properties:
* name: issuance-config
* description: sample description for the certificate issuanceConfigs
* certificateAuthorityConfig:
* certificateAuthorityServiceConfig:
* caPool: ${pool.id}
* lifetime: 1814400s
* rotationWindowPercentage: 34
* keyAlgorithm: ECDSA_P256
* options:
* dependsOn:
* - ${caAuthority}
* pool:
* type: gcp:certificateauthority:CaPool
* properties:
* name: ca-pool
* location: us-central1
* tier: ENTERPRISE
* caAuthority:
* type: gcp:certificateauthority:Authority
* name: ca_authority
* properties:
* location: us-central1
* pool: ${pool.name}
* certificateAuthorityId: ca-authority
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: true
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* ```
*
* ### Certificate Manager Certificate Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
* name: "dns-auth",
* description: "The default dnss",
* domain: "subdomain.hashicorptest.com",
* });
* const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
* name: "dns-auth2",
* description: "The default dnss",
* domain: "subdomain2.hashicorptest.com",
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "self-managed-cert",
* description: "Global cert",
* scope: "EDGE_CACHE",
* managed: {
* domains: [
* instance.domain,
* instance2.domain,
* ],
* dnsAuthorizations: [
* instance.id,
* instance2.id,
* ],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* instance = gcp.certificatemanager.DnsAuthorization("instance",
* name="dns-auth",
* description="The default dnss",
* domain="subdomain.hashicorptest.com")
* instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
* name="dns-auth2",
* description="The default dnss",
* domain="subdomain2.hashicorptest.com")
* default = gcp.certificatemanager.Certificate("default",
* name="self-managed-cert",
* description="Global cert",
* scope="EDGE_CACHE",
* managed={
* "domains": [
* instance.domain,
* instance2.domain,
* ],
* "dns_authorizations": [
* instance.id,
* instance2.id,
* ],
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
* {
* Name = "dns-auth",
* Description = "The default dnss",
* Domain = "subdomain.hashicorptest.com",
* });
* var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
* {
* Name = "dns-auth2",
* Description = "The default dnss",
* Domain = "subdomain2.hashicorptest.com",
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "self-managed-cert",
* Description = "Global cert",
* Scope = "EDGE_CACHE",
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations = new[]
* {
* instance.Id,
* instance2.Id,
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth2"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain2.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("self-managed-cert"),
* Description: pulumi.String("Global cert"),
* Scope: pulumi.String("EDGE_CACHE"),
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations: pulumi.StringArray{
* instance.ID(),
* instance2.ID(),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificatemanager.DnsAuthorization;
* import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
* .name("dns-auth")
* .description("The default dnss")
* .domain("subdomain.hashicorptest.com")
* .build());
* var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
* .name("dns-auth2")
* .description("The default dnss")
* .domain("subdomain2.hashicorptest.com")
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("self-managed-cert")
* .description("Global cert")
* .scope("EDGE_CACHE")
* .managed(CertificateManagedArgs.builder()
* .domains(
* instance.domain(),
* instance2.domain())
* .dnsAuthorizations(
* instance.id(),
* instance2.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: self-managed-cert
* description: Global cert
* scope: EDGE_CACHE
* managed:
* domains:
* - ${instance.domain}
* - ${instance2.domain}
* dnsAuthorizations:
* - ${instance.id}
* - ${instance2.id}
* instance:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth
* description: The default dnss
* domain: subdomain.hashicorptest.com
* instance2:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth2
* description: The default dnss
* domain: subdomain2.hashicorptest.com
* ```
*
* ### Certificate Manager Self Managed Certificate Regional
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "self-managed-cert",
* description: "Regional cert",
* location: "us-central1",
* selfManaged: {
* pemCertificate: std.file({
* input: "test-fixtures/cert.pem",
* }).then(invoke => invoke.result),
* pemPrivateKey: std.file({
* input: "test-fixtures/private-key.pem",
* }).then(invoke => invoke.result),
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_std as std
* default = gcp.certificatemanager.Certificate("default",
* name="self-managed-cert",
* description="Regional cert",
* location="us-central1",
* self_managed={
* "pem_certificate": std.file(input="test-fixtures/cert.pem").result,
* "pem_private_key": std.file(input="test-fixtures/private-key.pem").result,
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "self-managed-cert",
* Description = "Regional cert",
* Location = "us-central1",
* SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
* {
* PemCertificate = Std.File.Invoke(new()
* {
* Input = "test-fixtures/cert.pem",
* }).Apply(invoke => invoke.Result),
* PemPrivateKey = Std.File.Invoke(new()
* {
* Input = "test-fixtures/private-key.pem",
* }).Apply(invoke => invoke.Result),
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* invokeFile, err := std.File(ctx, &std.FileArgs{
* Input: "test-fixtures/cert.pem",
* }, nil)
* if err != nil {
* return err
* }
* invokeFile1, err := std.File(ctx, &std.FileArgs{
* Input: "test-fixtures/private-key.pem",
* }, nil)
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("self-managed-cert"),
* Description: pulumi.String("Regional cert"),
* Location: pulumi.String("us-central1"),
* SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
* PemCertificate: pulumi.String(invokeFile.Result),
* PemPrivateKey: pulumi.String(invokeFile1.Result),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("self-managed-cert")
* .description("Regional cert")
* .location("us-central1")
* .selfManaged(CertificateSelfManagedArgs.builder()
* .pemCertificate(StdFunctions.file(FileArgs.builder()
* .input("test-fixtures/cert.pem")
* .build()).result())
* .pemPrivateKey(StdFunctions.file(FileArgs.builder()
* .input("test-fixtures/private-key.pem")
* .build()).result())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: self-managed-cert
* description: Regional cert
* location: us-central1
* selfManaged:
* pemCertificate:
* fn::invoke:
* function: std:file
* arguments:
* input: test-fixtures/cert.pem
* return: result
* pemPrivateKey:
* fn::invoke:
* function: std:file
* arguments:
* input: test-fixtures/private-key.pem
* return: result
* ```
*
* ### Certificate Manager Google Managed Certificate Issuance Config All Regions
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pool = new gcp.certificateauthority.CaPool("pool", {
* name: "ca-pool",
* location: "us-central1",
* tier: "ENTERPRISE",
* });
* const caAuthority = new gcp.certificateauthority.Authority("ca_authority", {
* location: "us-central1",
* pool: pool.name,
* certificateAuthorityId: "ca-authority",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* // creating certificate_issuance_config to use it in the managed certificate
* const issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig", {
* name: "issuance-config",
* description: "sample description for the certificate issuanceConfigs",
* certificateAuthorityConfig: {
* certificateAuthorityServiceConfig: {
* caPool: pool.id,
* },
* },
* lifetime: "1814400s",
* rotationWindowPercentage: 34,
* keyAlgorithm: "ECDSA_P256",
* }, {
* dependsOn: [caAuthority],
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "issuance-config-cert",
* description: "sample google managed all_regions certificate with issuance config for terraform",
* scope: "ALL_REGIONS",
* managed: {
* domains: ["terraform.subdomain1.com"],
* issuanceConfig: issuanceconfig.id,
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pool = gcp.certificateauthority.CaPool("pool",
* name="ca-pool",
* location="us-central1",
* tier="ENTERPRISE")
* ca_authority = gcp.certificateauthority.Authority("ca_authority",
* location="us-central1",
* pool=pool.name,
* certificate_authority_id="ca-authority",
* config={
* "subject_config": {
* "subject": {
* "organization": "HashiCorp",
* "common_name": "my-certificate-authority",
* },
* "subject_alt_name": {
* "dns_names": ["hashicorp.com"],
* },
* },
* "x509_config": {
* "ca_options": {
* "is_ca": True,
* },
* "key_usage": {
* "base_key_usage": {
* "cert_sign": True,
* "crl_sign": True,
* },
* "extended_key_usage": {
* "server_auth": True,
* },
* },
* },
* },
* key_spec={
* "algorithm": "RSA_PKCS1_4096_SHA256",
* },
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* # creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig",
* name="issuance-config",
* description="sample description for the certificate issuanceConfigs",
* certificate_authority_config={
* "certificate_authority_service_config": {
* "ca_pool": pool.id,
* },
* },
* lifetime="1814400s",
* rotation_window_percentage=34,
* key_algorithm="ECDSA_P256",
* opts = pulumi.ResourceOptions(depends_on=[ca_authority]))
* default = gcp.certificatemanager.Certificate("default",
* name="issuance-config-cert",
* description="sample google managed all_regions certificate with issuance config for terraform",
* scope="ALL_REGIONS",
* managed={
* "domains": ["terraform.subdomain1.com"],
* "issuance_config": issuanceconfig.id,
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pool = new Gcp.CertificateAuthority.CaPool("pool", new()
* {
* Name = "ca-pool",
* Location = "us-central1",
* Tier = "ENTERPRISE",
* });
* var caAuthority = new Gcp.CertificateAuthority.Authority("ca_authority", new()
* {
* Location = "us-central1",
* Pool = pool.Name,
* CertificateAuthorityId = "ca-authority",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* },
* },
* },
* },
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* // creating certificate_issuance_config to use it in the managed certificate
* var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig("issuanceconfig", new()
* {
* Name = "issuance-config",
* Description = "sample description for the certificate issuanceConfigs",
* CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs
* {
* CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs
* {
* CaPool = pool.Id,
* },
* },
* Lifetime = "1814400s",
* RotationWindowPercentage = 34,
* KeyAlgorithm = "ECDSA_P256",
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* caAuthority,
* },
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "issuance-config-cert",
* Description = "sample google managed all_regions certificate with issuance config for terraform",
* Scope = "ALL_REGIONS",
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* "terraform.subdomain1.com",
* },
* IssuanceConfig = issuanceconfig.Id,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pool, err := certificateauthority.NewCaPool(ctx, "pool", &certificateauthority.CaPoolArgs{
* Name: pulumi.String("ca-pool"),
* Location: pulumi.String("us-central1"),
* Tier: pulumi.String("ENTERPRISE"),
* })
* if err != nil {
* return err
* }
* caAuthority, err := certificateauthority.NewAuthority(ctx, "ca_authority", &certificateauthority.AuthorityArgs{
* Location: pulumi.String("us-central1"),
* Pool: pool.Name,
* CertificateAuthorityId: pulumi.String("ca-authority"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* },
* },
* },
* },
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* // creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, "issuanceconfig", &certificatemanager.CertificateIssuanceConfigArgs{
* Name: pulumi.String("issuance-config"),
* Description: pulumi.String("sample description for the certificate issuanceConfigs"),
* CertificateAuthorityConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{
* CertificateAuthorityServiceConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{
* CaPool: pool.ID(),
* },
* },
* Lifetime: pulumi.String("1814400s"),
* RotationWindowPercentage: pulumi.Int(34),
* KeyAlgorithm: pulumi.String("ECDSA_P256"),
* }, pulumi.DependsOn([]pulumi.Resource{
* caAuthority,
* }))
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("issuance-config-cert"),
* Description: pulumi.String("sample google managed all_regions certificate with issuance config for terraform"),
* Scope: pulumi.String("ALL_REGIONS"),
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* pulumi.String("terraform.subdomain1.com"),
* },
* IssuanceConfig: issuanceconfig.ID(),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
* import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import com.pulumi.resources.CustomResourceOptions;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pool = new CaPool("pool", CaPoolArgs.builder()
* .name("ca-pool")
* .location("us-central1")
* .tier("ENTERPRISE")
* .build());
* var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()
* .location("us-central1")
* .pool(pool.name())
* .certificateAuthorityId("ca-authority")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .build())
* .build())
* .build())
* .build())
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* // creating certificate_issuance_config to use it in the managed certificate
* var issuanceconfig = new CertificateIssuanceConfig("issuanceconfig", CertificateIssuanceConfigArgs.builder()
* .name("issuance-config")
* .description("sample description for the certificate issuanceConfigs")
* .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
* .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
* .caPool(pool.id())
* .build())
* .build())
* .lifetime("1814400s")
* .rotationWindowPercentage(34)
* .keyAlgorithm("ECDSA_P256")
* .build(), CustomResourceOptions.builder()
* .dependsOn(caAuthority)
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("issuance-config-cert")
* .description("sample google managed all_regions certificate with issuance config for terraform")
* .scope("ALL_REGIONS")
* .managed(CertificateManagedArgs.builder()
* .domains("terraform.subdomain1.com")
* .issuanceConfig(issuanceconfig.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: issuance-config-cert
* description: sample google managed all_regions certificate with issuance config for terraform
* scope: ALL_REGIONS
* managed:
* domains:
* - terraform.subdomain1.com
* issuanceConfig: ${issuanceconfig.id}
* # creating certificate_issuance_config to use it in the managed certificate
* issuanceconfig:
* type: gcp:certificatemanager:CertificateIssuanceConfig
* properties:
* name: issuance-config
* description: sample description for the certificate issuanceConfigs
* certificateAuthorityConfig:
* certificateAuthorityServiceConfig:
* caPool: ${pool.id}
* lifetime: 1814400s
* rotationWindowPercentage: 34
* keyAlgorithm: ECDSA_P256
* options:
* dependsOn:
* - ${caAuthority}
* pool:
* type: gcp:certificateauthority:CaPool
* properties:
* name: ca-pool
* location: us-central1
* tier: ENTERPRISE
* caAuthority:
* type: gcp:certificateauthority:Authority
* name: ca_authority
* properties:
* location: us-central1
* pool: ${pool.name}
* certificateAuthorityId: ca-authority
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: true
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* ```
*
* ### Certificate Manager Google Managed Certificate Dns All Regions
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
* name: "dns-auth",
* description: "The default dnss",
* domain: "subdomain.hashicorptest.com",
* });
* const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
* name: "dns-auth2",
* description: "The default dnss",
* domain: "subdomain2.hashicorptest.com",
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "dns-cert",
* description: "The default cert",
* scope: "ALL_REGIONS",
* managed: {
* domains: [
* instance.domain,
* instance2.domain,
* ],
* dnsAuthorizations: [
* instance.id,
* instance2.id,
* ],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* instance = gcp.certificatemanager.DnsAuthorization("instance",
* name="dns-auth",
* description="The default dnss",
* domain="subdomain.hashicorptest.com")
* instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
* name="dns-auth2",
* description="The default dnss",
* domain="subdomain2.hashicorptest.com")
* default = gcp.certificatemanager.Certificate("default",
* name="dns-cert",
* description="The default cert",
* scope="ALL_REGIONS",
* managed={
* "domains": [
* instance.domain,
* instance2.domain,
* ],
* "dns_authorizations": [
* instance.id,
* instance2.id,
* ],
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
* {
* Name = "dns-auth",
* Description = "The default dnss",
* Domain = "subdomain.hashicorptest.com",
* });
* var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
* {
* Name = "dns-auth2",
* Description = "The default dnss",
* Domain = "subdomain2.hashicorptest.com",
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "dns-cert",
* Description = "The default cert",
* Scope = "ALL_REGIONS",
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations = new[]
* {
* instance.Id,
* instance2.Id,
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth2"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain2.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("dns-cert"),
* Description: pulumi.String("The default cert"),
* Scope: pulumi.String("ALL_REGIONS"),
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* instance.Domain,
* instance2.Domain,
* },
* DnsAuthorizations: pulumi.StringArray{
* instance.ID(),
* instance2.ID(),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificatemanager.DnsAuthorization;
* import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
* .name("dns-auth")
* .description("The default dnss")
* .domain("subdomain.hashicorptest.com")
* .build());
* var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
* .name("dns-auth2")
* .description("The default dnss")
* .domain("subdomain2.hashicorptest.com")
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("dns-cert")
* .description("The default cert")
* .scope("ALL_REGIONS")
* .managed(CertificateManagedArgs.builder()
* .domains(
* instance.domain(),
* instance2.domain())
* .dnsAuthorizations(
* instance.id(),
* instance2.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: dns-cert
* description: The default cert
* scope: ALL_REGIONS
* managed:
* domains:
* - ${instance.domain}
* - ${instance2.domain}
* dnsAuthorizations:
* - ${instance.id}
* - ${instance2.id}
* instance:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth
* description: The default dnss
* domain: subdomain.hashicorptest.com
* instance2:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth2
* description: The default dnss
* domain: subdomain2.hashicorptest.com
* ```
*
* ### Certificate Manager Google Managed Regional Certificate Dns Auth
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
* name: "dns-auth",
* location: "us-central1",
* description: "The default dnss",
* domain: "subdomain.hashicorptest.com",
* });
* const _default = new gcp.certificatemanager.Certificate("default", {
* name: "dns-cert",
* description: "regional managed certs",
* location: "us-central1",
* managed: {
* domains: [instance.domain],
* dnsAuthorizations: [instance.id],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* instance = gcp.certificatemanager.DnsAuthorization("instance",
* name="dns-auth",
* location="us-central1",
* description="The default dnss",
* domain="subdomain.hashicorptest.com")
* default = gcp.certificatemanager.Certificate("default",
* name="dns-cert",
* description="regional managed certs",
* location="us-central1",
* managed={
* "domains": [instance.domain],
* "dns_authorizations": [instance.id],
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
* {
* Name = "dns-auth",
* Location = "us-central1",
* Description = "The default dnss",
* Domain = "subdomain.hashicorptest.com",
* });
* var @default = new Gcp.CertificateManager.Certificate("default", new()
* {
* Name = "dns-cert",
* Description = "regional managed certs",
* Location = "us-central1",
* Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
* {
* Domains = new[]
* {
* instance.Domain,
* },
* DnsAuthorizations = new[]
* {
* instance.Id,
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
* Name: pulumi.String("dns-auth"),
* Location: pulumi.String("us-central1"),
* Description: pulumi.String("The default dnss"),
* Domain: pulumi.String("subdomain.hashicorptest.com"),
* })
* if err != nil {
* return err
* }
* _, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
* Name: pulumi.String("dns-cert"),
* Description: pulumi.String("regional managed certs"),
* Location: pulumi.String("us-central1"),
* Managed: &certificatemanager.CertificateManagedArgs{
* Domains: pulumi.StringArray{
* instance.Domain,
* },
* DnsAuthorizations: pulumi.StringArray{
* instance.ID(),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificatemanager.DnsAuthorization;
* import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
* import com.pulumi.gcp.certificatemanager.Certificate;
* import com.pulumi.gcp.certificatemanager.CertificateArgs;
* import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
* .name("dns-auth")
* .location("us-central1")
* .description("The default dnss")
* .domain("subdomain.hashicorptest.com")
* .build());
* var default_ = new Certificate("default", CertificateArgs.builder()
* .name("dns-cert")
* .description("regional managed certs")
* .location("us-central1")
* .managed(CertificateManagedArgs.builder()
* .domains(instance.domain())
* .dnsAuthorizations(instance.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificatemanager:Certificate
* properties:
* name: dns-cert
* description: regional managed certs
* location: us-central1
* managed:
* domains:
* - ${instance.domain}
* dnsAuthorizations:
* - ${instance.id}
* instance:
* type: gcp:certificatemanager:DnsAuthorization
* properties:
* name: dns-auth
* location: us-central1
* description: The default dnss
* domain: subdomain.hashicorptest.com
* ```
*
* ## Import
* Certificate can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/certificates/{{name}}`
* * `{{project}}/{{location}}/{{name}}`
* * `{{location}}/{{name}}`
* When using the `pulumi import` command, Certificate can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:certificatemanager/certificate:Certificate default projects/{{project}}/locations/{{location}}/certificates/{{name}}
* ```
* ```sh
* $ pulumi import gcp:certificatemanager/certificate:Certificate default {{project}}/{{location}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:certificatemanager/certificate:Certificate default {{location}}/{{name}}
* ```
*/
public class Certificate internal constructor(
override val javaResource: com.pulumi.gcp.certificatemanager.Certificate,
) : KotlinCustomResource(javaResource, CertificateMapper) {
/**
* A human-readable description of the resource.
*/
public val description: Output?
get() = javaResource.description().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
public val effectiveLabels: Output
© 2015 - 2025 Weber Informatics LLC | Privacy Policy