@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
415 lines • 17 kB
JavaScript
"use strict";
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.Authority = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* A CertificateAuthority represents an individual Certificate Authority. A
* CertificateAuthority can be used to create Certificates.
*
* To get more information about CertificateAuthority, see:
*
* * [API documentation](https://cloud.google.com/certificate-authority-service/docs/reference/rest)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/certificate-authority-service)
*
* > **Warning:** On newer versions of the provider, you must explicitly set `deletion_protection=false`
* (and run `pulumi up` to write the field to state) in order to destroy a CertificateAuthority.
* It is recommended to not set this field (or set it to true) until you're ready to destroy.
*
* ## Example Usage
*
* ### Privateca Certificate Authority Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority",
* location: "us-central1",
* deletionProtection: true,
* config: {
* subjectConfig: {
* subject: {
* organization: "ACME",
* commonName: "my-certificate-authority",
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {},
* },
* },
* },
* lifetime: `${10 * 365 * 24 * 3600}s`,
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* });
* ```
* ### Privateca Certificate Authority Subordinate
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const root_ca = new gcp.certificateauthority.Authority("root-ca", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority-root",
* location: "us-central1",
* config: {
* subjectConfig: {
* subject: {
* organization: "ACME",
* commonName: "my-certificate-authority",
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {},
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority-sub",
* location: "us-central1",
* deletionProtection: true,
* subordinateConfig: {
* certificateAuthority: root_ca.name,
* },
* config: {
* subjectConfig: {
* subject: {
* organization: "ACME",
* commonName: "my-subordinate-authority",
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* zeroMaxIssuerPathLength: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {},
* },
* },
* },
* lifetime: `${5 * 365 * 24 * 3600}s`,
* keySpec: {
* algorithm: "RSA_PKCS1_2048_SHA256",
* },
* type: "SUBORDINATE",
* });
* ```
* ### Privateca Certificate Authority Byo Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const privatecaSa = new gcp.projects.ServiceIdentity("privateca_sa", {service: "privateca.googleapis.com"});
* const privatecaSaKeyuserSignerverifier = new gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier", {
* cryptoKeyId: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* role: "roles/cloudkms.signerVerifier",
* member: privatecaSa.member,
* });
* const privatecaSaKeyuserViewer = new gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer", {
* cryptoKeyId: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* role: "roles/viewer",
* member: privatecaSa.member,
* });
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority",
* location: "us-central1",
* deletionProtection: true,
* keySpec: {
* cloudKmsKeyVersion: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* },
* config: {
* subjectConfig: {
* subject: {
* organization: "Example, Org.",
* commonName: "Example Authority",
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {},
* },
* nameConstraints: {
* critical: true,
* permittedDnsNames: ["*.example.com"],
* excludedDnsNames: ["*.deny.example.com"],
* permittedIpRanges: ["10.0.0.0/8"],
* excludedIpRanges: ["10.1.1.0/24"],
* permittedEmailAddresses: [".example.com"],
* excludedEmailAddresses: [".deny.example.com"],
* permittedUris: [".example.com"],
* excludedUris: [".deny.example.com"],
* },
* },
* },
* }, {
* dependsOn: [
* privatecaSaKeyuserSignerverifier,
* privatecaSaKeyuserViewer,
* ],
* });
* ```
* ### Privateca Certificate Authority Custom Ski
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority",
* location: "us-central1",
* deletionProtection: true,
* config: {
* subjectConfig: {
* subject: {
* organization: "ACME",
* commonName: "my-certificate-authority",
* },
* },
* subjectKeyId: {
* keyId: "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {},
* },
* },
* },
* lifetime: `${10 * 365 * 24 * 3600}s`,
* keySpec: {
* cloudKmsKeyVersion: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* },
* });
* ```
* ### Privateca Certificate Authority Basic With Custom Cdp Aia Urls
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority",
* location: "us-central1",
* deletionProtection: true,
* config: {
* subjectConfig: {
* subject: {
* organization: "ACME",
* commonName: "my-certificate-authority",
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {},
* },
* },
* },
* lifetime: `${10 * 365 * 24 * 3600}s`,
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* userDefinedAccessUrls: {
* aiaIssuingCertificateUrls: [
* "http://example.com/ca.crt",
* "http://example.com/anotherca.crt",
* ],
* crlAccessUrls: [
* "http://example.com/crl1.crt",
* "http://example.com/crl2.crt",
* ],
* },
* });
* ```
*
* ## Import
*
* CertificateAuthority can be imported using any of these accepted formats:
*
* * `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}`
*
* * `{{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}`
*
* * `{{location}}/{{pool}}/{{certificate_authority_id}}`
*
* When using the `pulumi import` command, CertificateAuthority can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:certificateauthority/authority:Authority default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}
* ```
*
* ```sh
* $ pulumi import gcp:certificateauthority/authority:Authority default {{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}
* ```
*
* ```sh
* $ pulumi import gcp:certificateauthority/authority:Authority default {{location}}/{{pool}}/{{certificate_authority_id}}
* ```
*/
class Authority extends pulumi.CustomResource {
/**
* Get an existing Authority resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new Authority(name, state, Object.assign(Object.assign({}, opts), { id: id }));
}
/**
* Returns true if the given object is an instance of Authority. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === Authority.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["accessUrls"] = state ? state.accessUrls : undefined;
resourceInputs["certificateAuthorityId"] = state ? state.certificateAuthorityId : undefined;
resourceInputs["config"] = state ? state.config : undefined;
resourceInputs["createTime"] = state ? state.createTime : undefined;
resourceInputs["deletionProtection"] = state ? state.deletionProtection : undefined;
resourceInputs["desiredState"] = state ? state.desiredState : undefined;
resourceInputs["effectiveLabels"] = state ? state.effectiveLabels : undefined;
resourceInputs["gcsBucket"] = state ? state.gcsBucket : undefined;
resourceInputs["ignoreActiveCertificatesOnDeletion"] = state ? state.ignoreActiveCertificatesOnDeletion : undefined;
resourceInputs["keySpec"] = state ? state.keySpec : undefined;
resourceInputs["labels"] = state ? state.labels : undefined;
resourceInputs["lifetime"] = state ? state.lifetime : undefined;
resourceInputs["location"] = state ? state.location : undefined;
resourceInputs["name"] = state ? state.name : undefined;
resourceInputs["pemCaCertificate"] = state ? state.pemCaCertificate : undefined;
resourceInputs["pemCaCertificates"] = state ? state.pemCaCertificates : undefined;
resourceInputs["pool"] = state ? state.pool : undefined;
resourceInputs["project"] = state ? state.project : undefined;
resourceInputs["pulumiLabels"] = state ? state.pulumiLabels : undefined;
resourceInputs["skipGracePeriod"] = state ? state.skipGracePeriod : undefined;
resourceInputs["state"] = state ? state.state : undefined;
resourceInputs["subordinateConfig"] = state ? state.subordinateConfig : undefined;
resourceInputs["type"] = state ? state.type : undefined;
resourceInputs["updateTime"] = state ? state.updateTime : undefined;
resourceInputs["userDefinedAccessUrls"] = state ? state.userDefinedAccessUrls : undefined;
}
else {
const args = argsOrState;
if ((!args || args.certificateAuthorityId === undefined) && !opts.urn) {
throw new Error("Missing required property 'certificateAuthorityId'");
}
if ((!args || args.config === undefined) && !opts.urn) {
throw new Error("Missing required property 'config'");
}
if ((!args || args.keySpec === undefined) && !opts.urn) {
throw new Error("Missing required property 'keySpec'");
}
if ((!args || args.location === undefined) && !opts.urn) {
throw new Error("Missing required property 'location'");
}
if ((!args || args.pool === undefined) && !opts.urn) {
throw new Error("Missing required property 'pool'");
}
resourceInputs["certificateAuthorityId"] = args ? args.certificateAuthorityId : undefined;
resourceInputs["config"] = args ? args.config : undefined;
resourceInputs["deletionProtection"] = args ? args.deletionProtection : undefined;
resourceInputs["desiredState"] = args ? args.desiredState : undefined;
resourceInputs["gcsBucket"] = args ? args.gcsBucket : undefined;
resourceInputs["ignoreActiveCertificatesOnDeletion"] = args ? args.ignoreActiveCertificatesOnDeletion : undefined;
resourceInputs["keySpec"] = args ? args.keySpec : undefined;
resourceInputs["labels"] = args ? args.labels : undefined;
resourceInputs["lifetime"] = args ? args.lifetime : undefined;
resourceInputs["location"] = args ? args.location : undefined;
resourceInputs["pemCaCertificate"] = args ? args.pemCaCertificate : undefined;
resourceInputs["pool"] = args ? args.pool : undefined;
resourceInputs["project"] = args ? args.project : undefined;
resourceInputs["skipGracePeriod"] = args ? args.skipGracePeriod : undefined;
resourceInputs["subordinateConfig"] = args ? args.subordinateConfig : undefined;
resourceInputs["type"] = args ? args.type : undefined;
resourceInputs["userDefinedAccessUrls"] = args ? args.userDefinedAccessUrls : undefined;
resourceInputs["accessUrls"] = undefined /*out*/;
resourceInputs["createTime"] = undefined /*out*/;
resourceInputs["effectiveLabels"] = undefined /*out*/;
resourceInputs["name"] = undefined /*out*/;
resourceInputs["pemCaCertificates"] = undefined /*out*/;
resourceInputs["pulumiLabels"] = undefined /*out*/;
resourceInputs["state"] = undefined /*out*/;
resourceInputs["updateTime"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
const secretOpts = { additionalSecretOutputs: ["effectiveLabels", "pulumiLabels"] };
opts = pulumi.mergeOptions(opts, secretOpts);
super(Authority.__pulumiType, name, resourceInputs, opts);
}
}
exports.Authority = Authority;
/** @internal */
Authority.__pulumiType = 'gcp:certificateauthority/authority:Authority';
//# sourceMappingURL=authority.js.map