All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.networksecurity.kotlin.ClientTlsPolicyArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.13.1.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.networksecurity.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.networksecurity.ClientTlsPolicyArgs.builder
import com.pulumi.gcp.networksecurity.kotlin.inputs.ClientTlsPolicyClientCertificateArgs
import com.pulumi.gcp.networksecurity.kotlin.inputs.ClientTlsPolicyClientCertificateArgsBuilder
import com.pulumi.gcp.networksecurity.kotlin.inputs.ClientTlsPolicyServerValidationCaArgs
import com.pulumi.gcp.networksecurity.kotlin.inputs.ClientTlsPolicyServerValidationCaArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName

/**
 * ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
 * To get more information about ClientTlsPolicy, see:
 * * [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-security/rest/v1beta1/projects.locations.clientTlsPolicies)
 * * How-to Guides
 *     * [Service Security](https://cloud.google.com/traffic-director/docs/security-use-cases)
 * ## Example Usage
 * ### Network Security Client Tls Policy Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const _default = new gcp.networksecurity.ClientTlsPolicy("default", {
 *     name: "my-client-tls-policy",
 *     labels: {
 *         foo: "bar",
 *     },
 *     description: "my description",
 *     sni: "secure.example.com",
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * default = gcp.networksecurity.ClientTlsPolicy("default",
 *     name="my-client-tls-policy",
 *     labels={
 *         "foo": "bar",
 *     },
 *     description="my description",
 *     sni="secure.example.com")
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var @default = new Gcp.NetworkSecurity.ClientTlsPolicy("default", new()
 *     {
 *         Name = "my-client-tls-policy",
 *         Labels =
 *         {
 *             { "foo", "bar" },
 *         },
 *         Description = "my description",
 *         Sni = "secure.example.com",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := networksecurity.NewClientTlsPolicy(ctx, "default", &networksecurity.ClientTlsPolicyArgs{
 * 			Name: pulumi.String("my-client-tls-policy"),
 * 			Labels: pulumi.StringMap{
 * 				"foo": pulumi.String("bar"),
 * 			},
 * 			Description: pulumi.String("my description"),
 * 			Sni:         pulumi.String("secure.example.com"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.networksecurity.ClientTlsPolicy;
 * import com.pulumi.gcp.networksecurity.ClientTlsPolicyArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var default_ = new ClientTlsPolicy("default", ClientTlsPolicyArgs.builder()
 *             .name("my-client-tls-policy")
 *             .labels(Map.of("foo", "bar"))
 *             .description("my description")
 *             .sni("secure.example.com")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   default:
 *     type: gcp:networksecurity:ClientTlsPolicy
 *     properties:
 *       name: my-client-tls-policy
 *       labels:
 *         foo: bar
 *       description: my description
 *       sni: secure.example.com
 * ```
 * 
 * ### Network Security Client Tls Policy Advanced
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const _default = new gcp.networksecurity.ClientTlsPolicy("default", {
 *     name: "my-client-tls-policy",
 *     labels: {
 *         foo: "bar",
 *     },
 *     description: "my description",
 *     clientCertificate: {
 *         certificateProviderInstance: {
 *             pluginInstance: "google_cloud_private_spiffe",
 *         },
 *     },
 *     serverValidationCas: [{
 *         grpcEndpoint: {
 *             targetUri: "unix:mypath",
 *         },
 *     }],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * default = gcp.networksecurity.ClientTlsPolicy("default",
 *     name="my-client-tls-policy",
 *     labels={
 *         "foo": "bar",
 *     },
 *     description="my description",
 *     client_certificate={
 *         "certificate_provider_instance": {
 *             "plugin_instance": "google_cloud_private_spiffe",
 *         },
 *     },
 *     server_validation_cas=[{
 *         "grpc_endpoint": {
 *             "target_uri": "unix:mypath",
 *         },
 *     }])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var @default = new Gcp.NetworkSecurity.ClientTlsPolicy("default", new()
 *     {
 *         Name = "my-client-tls-policy",
 *         Labels =
 *         {
 *             { "foo", "bar" },
 *         },
 *         Description = "my description",
 *         ClientCertificate = new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyClientCertificateArgs
 *         {
 *             CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs
 *             {
 *                 PluginInstance = "google_cloud_private_spiffe",
 *             },
 *         },
 *         ServerValidationCas = new[]
 *         {
 *             new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyServerValidationCaArgs
 *             {
 *                 GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyServerValidationCaGrpcEndpointArgs
 *                 {
 *                     TargetUri = "unix:mypath",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := networksecurity.NewClientTlsPolicy(ctx, "default", &networksecurity.ClientTlsPolicyArgs{
 * 			Name: pulumi.String("my-client-tls-policy"),
 * 			Labels: pulumi.StringMap{
 * 				"foo": pulumi.String("bar"),
 * 			},
 * 			Description: pulumi.String("my description"),
 * 			ClientCertificate: &networksecurity.ClientTlsPolicyClientCertificateArgs{
 * 				CertificateProviderInstance: &networksecurity.ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs{
 * 					PluginInstance: pulumi.String("google_cloud_private_spiffe"),
 * 				},
 * 			},
 * 			ServerValidationCas: networksecurity.ClientTlsPolicyServerValidationCaArray{
 * 				&networksecurity.ClientTlsPolicyServerValidationCaArgs{
 * 					GrpcEndpoint: &networksecurity.ClientTlsPolicyServerValidationCaGrpcEndpointArgs{
 * 						TargetUri: pulumi.String("unix:mypath"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.networksecurity.ClientTlsPolicy;
 * import com.pulumi.gcp.networksecurity.ClientTlsPolicyArgs;
 * import com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyClientCertificateArgs;
 * import com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs;
 * import com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyServerValidationCaArgs;
 * import com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyServerValidationCaGrpcEndpointArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var default_ = new ClientTlsPolicy("default", ClientTlsPolicyArgs.builder()
 *             .name("my-client-tls-policy")
 *             .labels(Map.of("foo", "bar"))
 *             .description("my description")
 *             .clientCertificate(ClientTlsPolicyClientCertificateArgs.builder()
 *                 .certificateProviderInstance(ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs.builder()
 *                     .pluginInstance("google_cloud_private_spiffe")
 *                     .build())
 *                 .build())
 *             .serverValidationCas(ClientTlsPolicyServerValidationCaArgs.builder()
 *                 .grpcEndpoint(ClientTlsPolicyServerValidationCaGrpcEndpointArgs.builder()
 *                     .targetUri("unix:mypath")
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   default:
 *     type: gcp:networksecurity:ClientTlsPolicy
 *     properties:
 *       name: my-client-tls-policy
 *       labels:
 *         foo: bar
 *       description: my description
 *       clientCertificate:
 *         certificateProviderInstance:
 *           pluginInstance: google_cloud_private_spiffe
 *       serverValidationCas:
 *         - grpcEndpoint:
 *             targetUri: unix:mypath
 * ```
 * 
 * ## Import
 * ClientTlsPolicy can be imported using any of these accepted formats:
 * * `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}`
 * * `{{project}}/{{location}}/{{name}}`
 * * `{{location}}/{{name}}`
 * When using the `pulumi import` command, ClientTlsPolicy can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}
 * ```
 * ```sh
 * $ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default {{project}}/{{location}}/{{name}}
 * ```
 * ```sh
 * $ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default {{location}}/{{name}}
 * ```
 * @property clientCertificate Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
 * Structure is documented below.
 * @property description A free-text description of the resource. Max length 1024 characters.
 * @property labels Set of label tags associated with the ClientTlsPolicy resource.
 * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
 * Please refer to the field `effective_labels` for all of the labels present on the resource.
 * @property location The location of the client tls policy.
 * The default value is `global`.
 * @property name Name of the ClientTlsPolicy resource.
 * - - -
 * @property project The ID of the project in which the resource belongs.
 * If it is not provided, the provider project is used.
 * @property serverValidationCas Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
 * Structure is documented below.
 * @property sni Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
 */
public data class ClientTlsPolicyArgs(
    public val clientCertificate: Output? = null,
    public val description: Output? = null,
    public val labels: Output>? = null,
    public val location: Output? = null,
    public val name: Output? = null,
    public val project: Output? = null,
    public val serverValidationCas: Output>? = null,
    public val sni: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.networksecurity.ClientTlsPolicyArgs =
        com.pulumi.gcp.networksecurity.ClientTlsPolicyArgs.builder()
            .clientCertificate(clientCertificate?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .description(description?.applyValue({ args0 -> args0 }))
            .labels(labels?.applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }))
            .location(location?.applyValue({ args0 -> args0 }))
            .name(name?.applyValue({ args0 -> args0 }))
            .project(project?.applyValue({ args0 -> args0 }))
            .serverValidationCas(
                serverValidationCas?.applyValue({ args0 ->
                    args0.map({ args0 ->
                        args0.let({ args0 -> args0.toJava() })
                    })
                }),
            )
            .sni(sni?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [ClientTlsPolicyArgs].
 */
@PulumiTagMarker
public class ClientTlsPolicyArgsBuilder internal constructor() {
    private var clientCertificate: Output? = null

    private var description: Output? = null

    private var labels: Output>? = null

    private var location: Output? = null

    private var name: Output? = null

    private var project: Output? = null

    private var serverValidationCas: Output>? = null

    private var sni: Output? = null

    /**
     * @param value Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
     * Structure is documented below.
     */
    @JvmName("ksumaoicspslxvev")
    public suspend fun clientCertificate(`value`: Output) {
        this.clientCertificate = value
    }

    /**
     * @param value A free-text description of the resource. Max length 1024 characters.
     */
    @JvmName("myxxlplqyijdfvrx")
    public suspend fun description(`value`: Output) {
        this.description = value
    }

    /**
     * @param value Set of label tags associated with the ClientTlsPolicy resource.
     * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
     * Please refer to the field `effective_labels` for all of the labels present on the resource.
     */
    @JvmName("umnnsgkseskqeufj")
    public suspend fun labels(`value`: Output>) {
        this.labels = value
    }

    /**
     * @param value The location of the client tls policy.
     * The default value is `global`.
     */
    @JvmName("sshvgidbbonyowmk")
    public suspend fun location(`value`: Output) {
        this.location = value
    }

    /**
     * @param value Name of the ClientTlsPolicy resource.
     * - - -
     */
    @JvmName("tmjydsxkfvrioaco")
    public suspend fun name(`value`: Output) {
        this.name = value
    }

    /**
     * @param value The ID of the project in which the resource belongs.
     * If it is not provided, the provider project is used.
     */
    @JvmName("nrbnhcixbithujdj")
    public suspend fun project(`value`: Output) {
        this.project = value
    }

    /**
     * @param value Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
     * Structure is documented below.
     */
    @JvmName("hjbplritjbnlytrp")
    public suspend fun serverValidationCas(`value`: Output>) {
        this.serverValidationCas = value
    }

    @JvmName("insedkeddxugpiae")
    public suspend fun serverValidationCas(vararg values: Output) {
        this.serverValidationCas = Output.all(values.asList())
    }

    /**
     * @param values Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
     * Structure is documented below.
     */
    @JvmName("mdjfhsfnvncncmlo")
    public suspend fun serverValidationCas(values: List>) {
        this.serverValidationCas = Output.all(values)
    }

    /**
     * @param value Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
     */
    @JvmName("crjubnuaftjsjvyd")
    public suspend fun sni(`value`: Output) {
        this.sni = value
    }

    /**
     * @param value Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
     * Structure is documented below.
     */
    @JvmName("ojuhbckujsmefjwy")
    public suspend fun clientCertificate(`value`: ClientTlsPolicyClientCertificateArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.clientCertificate = mapped
    }

    /**
     * @param argument Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
     * Structure is documented below.
     */
    @JvmName("oimocnpvrlrislig")
    public suspend fun clientCertificate(argument: suspend ClientTlsPolicyClientCertificateArgsBuilder.() -> Unit) {
        val toBeMapped = ClientTlsPolicyClientCertificateArgsBuilder().applySuspend {
            argument()
        }.build()
        val mapped = of(toBeMapped)
        this.clientCertificate = mapped
    }

    /**
     * @param value A free-text description of the resource. Max length 1024 characters.
     */
    @JvmName("dsqnihxxrwbgxcgs")
    public suspend fun description(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.description = mapped
    }

    /**
     * @param value Set of label tags associated with the ClientTlsPolicy resource.
     * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
     * Please refer to the field `effective_labels` for all of the labels present on the resource.
     */
    @JvmName("ofpxevxsnxtlhumx")
    public suspend fun labels(`value`: Map?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.labels = mapped
    }

    /**
     * @param values Set of label tags associated with the ClientTlsPolicy resource.
     * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
     * Please refer to the field `effective_labels` for all of the labels present on the resource.
     */
    @JvmName("cjmmducvprjeesqw")
    public fun labels(vararg values: Pair) {
        val toBeMapped = values.toMap()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.labels = mapped
    }

    /**
     * @param value The location of the client tls policy.
     * The default value is `global`.
     */
    @JvmName("rcktetrpykcgfmfa")
    public suspend fun location(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.location = mapped
    }

    /**
     * @param value Name of the ClientTlsPolicy resource.
     * - - -
     */
    @JvmName("tkqfudoyyxoyperw")
    public suspend fun name(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.name = mapped
    }

    /**
     * @param value The ID of the project in which the resource belongs.
     * If it is not provided, the provider project is used.
     */
    @JvmName("osshhcrynccwdsgx")
    public suspend fun project(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.project = mapped
    }

    /**
     * @param value Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
     * Structure is documented below.
     */
    @JvmName("ktxneejyboqwcvsm")
    public suspend fun serverValidationCas(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.serverValidationCas = mapped
    }

    /**
     * @param argument Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
     * Structure is documented below.
     */
    @JvmName("edcnyclimywuhxwf")
    public suspend fun serverValidationCas(argument: List Unit>) {
        val toBeMapped = argument.toList().map {
            ClientTlsPolicyServerValidationCaArgsBuilder().applySuspend { it() }.build()
        }
        val mapped = of(toBeMapped)
        this.serverValidationCas = mapped
    }

    /**
     * @param argument Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
     * Structure is documented below.
     */
    @JvmName("vlaukeprkvliuvtt")
    public suspend fun serverValidationCas(vararg argument: suspend ClientTlsPolicyServerValidationCaArgsBuilder.() -> Unit) {
        val toBeMapped = argument.toList().map {
            ClientTlsPolicyServerValidationCaArgsBuilder().applySuspend { it() }.build()
        }
        val mapped = of(toBeMapped)
        this.serverValidationCas = mapped
    }

    /**
     * @param argument Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
     * Structure is documented below.
     */
    @JvmName("oinsiqkdlafqbttp")
    public suspend fun serverValidationCas(argument: suspend ClientTlsPolicyServerValidationCaArgsBuilder.() -> Unit) {
        val toBeMapped = listOf(
            ClientTlsPolicyServerValidationCaArgsBuilder().applySuspend {
                argument()
            }.build(),
        )
        val mapped = of(toBeMapped)
        this.serverValidationCas = mapped
    }

    /**
     * @param values Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
     * Structure is documented below.
     */
    @JvmName("pgeevarbgyrknhjb")
    public suspend fun serverValidationCas(vararg values: ClientTlsPolicyServerValidationCaArgs) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.serverValidationCas = mapped
    }

    /**
     * @param value Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
     */
    @JvmName("eylhcuxchyboetmi")
    public suspend fun sni(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.sni = mapped
    }

    internal fun build(): ClientTlsPolicyArgs = ClientTlsPolicyArgs(
        clientCertificate = clientCertificate,
        description = description,
        labels = labels,
        location = location,
        name = name,
        project = project,
        serverValidationCas = serverValidationCas,
        sni = sni,
    )
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy