@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A CaPool represents a group of CertificateAuthorities that form a trust anchor. A CaPool can be used to manage * issuance policies for one or more CertificateAuthority resources and to rotate CA certificates in and out of the * trust anchor. * * ## Example Usage * * ### Privateca Capool Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.certificateauthority.CaPool("default", { * name: "my-pool", * location: "us-central1", * tier: "ENTERPRISE", * publishingOptions: { * publishCaCert: true, * publishCrl: true, * }, * labels: { * foo: "bar", * }, * }); * ``` * ### Privateca Capool All Fields * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.certificateauthority.CaPool("default", { * name: "my-pool", * location: "us-central1", * tier: "ENTERPRISE", * publishingOptions: { * publishCaCert: false, * publishCrl: true, * encodingFormat: "PEM", * }, * labels: { * foo: "bar", * }, * issuancePolicy: { * allowedKeyTypes: [ * { * ellipticCurve: { * signatureAlgorithm: "ECDSA_P256", * }, * }, * { * rsa: { * minModulusSize: "5", * maxModulusSize: "10", * }, * }, * ], * maximumLifetime: "50000s", * allowedIssuanceModes: { * allowCsrBasedIssuance: true, * allowConfigBasedIssuance: true, * }, * identityConstraints: { * allowSubjectPassthrough: true, * allowSubjectAltNamesPassthrough: true, * celExpression: { * expression: "subject_alt_names.all(san, san.type == DNS || san.type == EMAIL )", * title: "My title", * }, * }, * baselineValues: { * aiaOcspServers: ["example.com"], * additionalExtensions: [{ * critical: true, * value: "asdf", * objectId: { * objectIdPaths: [ * 1, * 7, * ], * }, * }], * policyIds: [ * { * objectIdPaths: [ * 1, * 5, * ], * }, * { * objectIdPaths: [ * 1, * 5, * 7, * ], * }, * ], * caOptions: { * isCa: true, * maxIssuerPathLength: 10, * }, * keyUsage: { * baseKeyUsage: { * digitalSignature: true, * contentCommitment: true, * keyEncipherment: false, * dataEncipherment: true, * keyAgreement: true, * certSign: false, * crlSign: true, * decipherOnly: true, * }, * extendedKeyUsage: { * serverAuth: true, * clientAuth: false, * emailProtection: true, * codeSigning: true, * timeStamping: true, * }, * }, * nameConstraints: { * critical: true, * permittedDnsNames: [ * "*.example1.com", * "*.example2.com", * ], * excludedDnsNames: [ * "*.deny.example1.com", * "*.deny.example2.com", * ], * permittedIpRanges: [ * "10.0.0.0/8", * "11.0.0.0/8", * ], * excludedIpRanges: [ * "10.1.1.0/24", * "11.1.1.0/24", * ], * permittedEmailAddresses: [ * ".example1.com", * ".example2.com", * ], * excludedEmailAddresses: [ * ".deny.example1.com", * ".deny.example2.com", * ], * permittedUris: [ * ".example1.com", * ".example2.com", * ], * excludedUris: [ * ".deny.example1.com", * ".deny.example2.com", * ], * }, * }, * }, * }); * ``` * * ## Import * * CaPool can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/caPools/{{name}}` * * * `{{project}}/{{location}}/{{name}}` * * * `{{location}}/{{name}}` * * When using the `pulumi import` command, CaPool can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:certificateauthority/caPool:CaPool default projects/{{project}}/locations/{{location}}/caPools/{{name}} * ``` * * ```sh * $ pulumi import gcp:certificateauthority/caPool:CaPool default {{project}}/{{location}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:certificateauthority/caPool:CaPool default {{location}}/{{name}} * ``` */ export declare class CaPool extends pulumi.CustomResource { /** * Get an existing CaPool resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CaPoolState, opts?: pulumi.CustomResourceOptions): CaPool; /** * Returns true if the given object is an instance of CaPool. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is CaPool; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * The IssuancePolicy to control how Certificates will be issued from this CaPool. * Structure is documented below. */ readonly issuancePolicy: pulumi.Output<outputs.certificateauthority.CaPoolIssuancePolicy | undefined>; /** * Labels with user-defined metadata. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": * "1.3kg", "count": "3" }. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Location of the CaPool. A full list of valid locations can be found by * running `gcloud privateca locations list`. * * * - - - */ readonly location: pulumi.Output<string>; /** * The name for this CaPool. */ readonly name: pulumi.Output<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output<string>; /** * The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. * Structure is documented below. */ readonly publishingOptions: pulumi.Output<outputs.certificateauthority.CaPoolPublishingOptions | undefined>; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * The Tier of this CaPool. * Possible values are: `ENTERPRISE`, `DEVOPS`. */ readonly tier: pulumi.Output<string>; /** * Create a CaPool resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: CaPoolArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering CaPool resources. */ export interface CaPoolState { /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * The IssuancePolicy to control how Certificates will be issued from this CaPool. * Structure is documented below. */ issuancePolicy?: pulumi.Input<inputs.certificateauthority.CaPoolIssuancePolicy>; /** * Labels with user-defined metadata. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": * "1.3kg", "count": "3" }. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Location of the CaPool. A full list of valid locations can be found by * running `gcloud privateca locations list`. * * * - - - */ location?: pulumi.Input<string>; /** * The name for this CaPool. */ name?: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. * Structure is documented below. */ publishingOptions?: pulumi.Input<inputs.certificateauthority.CaPoolPublishingOptions>; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * The Tier of this CaPool. * Possible values are: `ENTERPRISE`, `DEVOPS`. */ tier?: pulumi.Input<string>; } /** * The set of arguments for constructing a CaPool resource. */ export interface CaPoolArgs { /** * The IssuancePolicy to control how Certificates will be issued from this CaPool. * Structure is documented below. */ issuancePolicy?: pulumi.Input<inputs.certificateauthority.CaPoolIssuancePolicy>; /** * Labels with user-defined metadata. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": * "1.3kg", "count": "3" }. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Location of the CaPool. A full list of valid locations can be found by * running `gcloud privateca locations list`. * * * - - - */ location: pulumi.Input<string>; /** * The name for this CaPool. */ name?: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. * Structure is documented below. */ publishingOptions?: pulumi.Input<inputs.certificateauthority.CaPoolPublishingOptions>; /** * The Tier of this CaPool. * Possible values are: `ENTERPRISE`, `DEVOPS`. */ tier: pulumi.Input<string>; }