UNPKG

@pulumi/fastly

Version:

A Pulumi package for creating and managing fastly cloud resources.. Based on terraform-provider-fastly: version v4

pulumi.io

pulumi/pulumi-fastly

210 lines (209 loc) 7.59 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
import * as pulumi from "@pulumi/pulumi"; /** * Uploads a TLS certificate to the Fastly Platform TLS service. * * > Each TLS certificate **must** have its corresponding private key uploaded _prior_ to uploading the certificate. This * can be achieved in Pulumi using `dependsOn` * * ## Example Usage * * Basic usage with self-signed CA: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as fastly from "@pulumi/fastly"; * import * as tls from "@pulumi/tls"; * * const caKey = new tls.index.PrivateKey("ca_key", {algorithm: "RSA"}); * const key = new tls.index.PrivateKey("key", {algorithm: "RSA"}); * const ca = new tls.index.SelfSignedCert("ca", { * keyAlgorithm: caKey.algorithm, * privateKeyPem: caKey.privateKeyPem, * subject: [{ * commonName: "Example CA", * }], * isCaCertificate: true, * validityPeriodHours: 360, * allowedUses: [ * "cert_signing", * "server_auth", * ], * }); * const example = new tls.index.CertRequest("example", { * keyAlgorithm: key.algorithm, * privateKeyPem: key.privateKeyPem, * subject: [{ * commonName: "example.com", * }], * dnsNames: [ * "example.com", * "www.example.com", * ], * }); * const cert = new tls.index.LocallySignedCert("cert", { * certRequestPem: example.certRequestPem, * caKeyAlgorithm: caKey.algorithm, * caPrivateKeyPem: caKey.privateKeyPem, * caCertPem: ca.certPem, * validityPeriodHours: 360, * allowedUses: [ * "cert_signing", * "server_auth", * ], * }); * const config = fastly.getTlsConfiguration({ * tlsService: "PLATFORM", * }); * const keyTlsPrivateKey = new fastly.TlsPrivateKey("key", { * keyPem: key.privateKeyPem, * name: "tf-demo", * }); * const certTlsPlatformCertificate = new fastly.TlsPlatformCertificate("cert", { * certificateBody: cert.certPem, * intermediatesBlob: ca.certPem, * configurationId: config.then(config => config.id), * allowUntrustedRoot: true, * }, { * dependsOn: [keyTlsPrivateKey], * }); * ``` * * ## Import * * A certificate can be imported using its Fastly certificate ID, e.g. * * ```sh * $ pulumi import fastly:index/tlsPlatformCertificate:TlsPlatformCertificate demo xxxxxxxxxxx * ``` */ export declare class TlsPlatformCertificate extends pulumi.CustomResource { /** * Get an existing TlsPlatformCertificate resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TlsPlatformCertificateState, opts?: pulumi.CustomResourceOptions): TlsPlatformCertificate; /** * Returns true if the given object is an instance of TlsPlatformCertificate. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is TlsPlatformCertificate; /** * Disable checking whether the root of the certificate chain is trusted. Useful for development purposes to allow use of self-signed CAs. Defaults to false. Write-only on create. */ readonly allowUntrustedRoot: pulumi.Output<boolean | undefined>; /** * PEM-formatted certificate. */ readonly certificateBody: pulumi.Output<string>; /** * ID of TLS configuration to be used to terminate TLS traffic. */ readonly configurationId: pulumi.Output<string>; /** * Timestamp (GMT) when the certificate was created. */ readonly createdAt: pulumi.Output<string>; /** * All the domains (including wildcard domains) that are listed in any certificate's Subject Alternative Names (SAN) list. */ readonly domains: pulumi.Output<string[]>; /** * PEM-formatted certificate chain from the `certificateBody` to its root. */ readonly intermediatesBlob: pulumi.Output<string>; /** * Timestamp (GMT) when the certificate will expire. */ readonly notAfter: pulumi.Output<string>; /** * Timestamp (GMT) when the certificate will become valid. */ readonly notBefore: pulumi.Output<string>; /** * A recommendation from Fastly indicating the key associated with this certificate is in need of rotation. */ readonly replace: pulumi.Output<boolean>; /** * Timestamp (GMT) when the certificate was last updated. */ readonly updatedAt: pulumi.Output<string>; /** * Create a TlsPlatformCertificate resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: TlsPlatformCertificateArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering TlsPlatformCertificate resources. */ export interface TlsPlatformCertificateState { /** * Disable checking whether the root of the certificate chain is trusted. Useful for development purposes to allow use of self-signed CAs. Defaults to false. Write-only on create. */ allowUntrustedRoot?: pulumi.Input<boolean>; /** * PEM-formatted certificate. */ certificateBody?: pulumi.Input<string>; /** * ID of TLS configuration to be used to terminate TLS traffic. */ configurationId?: pulumi.Input<string>; /** * Timestamp (GMT) when the certificate was created. */ createdAt?: pulumi.Input<string>; /** * All the domains (including wildcard domains) that are listed in any certificate's Subject Alternative Names (SAN) list. */ domains?: pulumi.Input<pulumi.Input<string>[]>; /** * PEM-formatted certificate chain from the `certificateBody` to its root. */ intermediatesBlob?: pulumi.Input<string>; /** * Timestamp (GMT) when the certificate will expire. */ notAfter?: pulumi.Input<string>; /** * Timestamp (GMT) when the certificate will become valid. */ notBefore?: pulumi.Input<string>; /** * A recommendation from Fastly indicating the key associated with this certificate is in need of rotation. */ replace?: pulumi.Input<boolean>; /** * Timestamp (GMT) when the certificate was last updated. */ updatedAt?: pulumi.Input<string>; } /** * The set of arguments for constructing a TlsPlatformCertificate resource. */ export interface TlsPlatformCertificateArgs { /** * Disable checking whether the root of the certificate chain is trusted. Useful for development purposes to allow use of self-signed CAs. Defaults to false. Write-only on create. */ allowUntrustedRoot?: pulumi.Input<boolean>; /** * PEM-formatted certificate. */ certificateBody: pulumi.Input<string>; /** * ID of TLS configuration to be used to terminate TLS traffic. */ configurationId: pulumi.Input<string>; /** * PEM-formatted certificate chain from the `certificateBody` to its root. */ intermediatesBlob: pulumi.Input<string>; }