UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi/pulumi-gcp

613 lines • 22 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.Certificate = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * A Certificate corresponds to a signed X.509 certificate issued by a Certificate. * * > **Note:** The Certificate Authority that is referenced by this resource **must** be * `tier = "ENTERPRISE"` * * ## Example Usage * * ### Privateca Certificate Generated Key * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * import * as tls from "@pulumi/tls"; * * const _default = new gcp.certificateauthority.CaPool("default", { * location: "us-central1", * name: "default", * tier: "ENTERPRISE", * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * location: "us-central1", * pool: _default.name, * certificateAuthorityId: "my-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * }, * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const certKey = new tls.PrivateKey("cert_key", {algorithm: "RSA"}); * const defaultCertificate = new gcp.certificateauthority.Certificate("default", { * location: "us-central1", * pool: _default.name, * certificateAuthority: defaultAuthority.certificateAuthorityId, * lifetime: "86000s", * name: "cert-1", * config: { * subjectConfig: { * subject: { * commonName: "san1.example.com", * countryCode: "us", * organization: "google", * organizationalUnit: "enterprise", * locality: "mountain view", * province: "california", * streetAddress: "1600 amphitheatre parkway", * }, * subjectAltName: { * emailAddresses: ["email@example.com"], * ipAddresses: ["127.0.0.1"], * uris: ["http://www.ietf.org/rfc/rfc3986.txt"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: false, * }, * }, * nameConstraints: { * critical: true, * permittedDnsNames: ["*.example.com"], * excludedDnsNames: ["*.deny.example.com"], * permittedIpRanges: ["10.0.0.0/8"], * excludedIpRanges: ["10.1.1.0/24"], * permittedEmailAddresses: [".example.com"], * excludedEmailAddresses: [".deny.example.com"], * permittedUris: [".example.com"], * excludedUris: [".deny.example.com"], * }, * }, * publicKey: { * format: "PEM", * key: std.base64encodeOutput({ * input: certKey.publicKeyPem, * }).apply(invoke => invoke.result), * }, * }, * }); * ``` * ### Privateca Certificate With Template * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificateauthority.CaPool("default", { * location: "us-central1", * name: "my-pool", * tier: "ENTERPRISE", * }); * const defaultCertificateTemplate = new gcp.certificateauthority.CertificateTemplate("default", { * location: "us-central1", * name: "my-certificate-template", * description: "An updated sample certificate template", * identityConstraints: { * allowSubjectAltNamesPassthrough: true, * allowSubjectPassthrough: true, * celExpression: { * description: "Always true", * expression: "true", * location: "any.file.anywhere", * title: "Sample expression", * }, * }, * passthroughExtensions: { * additionalExtensions: [{ * objectIdPaths: [ * 1, * 6, * ], * }], * knownExtensions: ["EXTENDED_KEY_USAGE"], * }, * predefinedValues: { * additionalExtensions: [{ * objectId: { * objectIdPaths: [ * 1, * 6, * ], * }, * value: "c3RyaW5nCg==", * critical: true, * }], * aiaOcspServers: ["string"], * caOptions: { * isCa: false, * maxIssuerPathLength: 6, * }, * keyUsage: { * baseKeyUsage: { * certSign: false, * contentCommitment: true, * crlSign: false, * dataEncipherment: true, * decipherOnly: true, * digitalSignature: true, * encipherOnly: true, * keyAgreement: true, * keyEncipherment: true, * }, * extendedKeyUsage: { * clientAuth: true, * codeSigning: true, * emailProtection: true, * ocspSigning: true, * serverAuth: true, * timeStamping: true, * }, * unknownExtendedKeyUsages: [{ * objectIdPaths: [ * 1, * 6, * ], * }], * }, * policyIds: [{ * objectIdPaths: [ * 1, * 6, * ], * }], * }, * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * location: "us-central1", * pool: _default.name, * certificateAuthorityId: "my-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: false, * }, * }, * }, * }, * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const defaultCertificate = new gcp.certificateauthority.Certificate("default", { * location: "us-central1", * pool: _default.name, * certificateAuthority: defaultAuthority.certificateAuthorityId, * name: "my-certificate", * lifetime: "860s", * pemCsr: std.file({ * input: "test-fixtures/rsa_csr.pem", * }).then(invoke => invoke.result), * certificateTemplate: defaultCertificateTemplate.id, * }); * ``` * ### Privateca Certificate Csr * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificateauthority.CaPool("default", { * location: "us-central1", * name: "my-pool", * tier: "ENTERPRISE", * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * location: "us-central1", * pool: _default.name, * certificateAuthorityId: "my-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: false, * }, * }, * }, * }, * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const defaultCertificate = new gcp.certificateauthority.Certificate("default", { * location: "us-central1", * pool: _default.name, * certificateAuthority: defaultAuthority.certificateAuthorityId, * name: "my-certificate", * lifetime: "860s", * pemCsr: std.file({ * input: "test-fixtures/rsa_csr.pem", * }).then(invoke => invoke.result), * }); * ``` * ### Privateca Certificate No Authority * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificateauthority.CaPool("default", { * location: "us-central1", * name: "my-pool", * tier: "ENTERPRISE", * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * location: "us-central1", * pool: _default.name, * certificateAuthorityId: "my-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * digitalSignature: true, * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * }, * lifetime: "86400s", * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const defaultCertificate = new gcp.certificateauthority.Certificate("default", { * location: "us-central1", * pool: _default.name, * name: "my-certificate", * lifetime: "860s", * config: { * subjectConfig: { * subject: { * commonName: "san1.example.com", * countryCode: "us", * organization: "google", * organizationalUnit: "enterprise", * locality: "mountain view", * province: "california", * streetAddress: "1600 amphitheatre parkway", * postalCode: "94109", * }, * }, * x509Config: { * caOptions: { * isCa: false, * }, * keyUsage: { * baseKeyUsage: { * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * publicKey: { * format: "PEM", * key: std.filebase64({ * input: "test-fixtures/rsa_public.pem", * }).then(invoke => invoke.result), * }, * }, * }, { * dependsOn: [defaultAuthority], * }); * ``` * ### Privateca Certificate Custom Ski * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificateauthority.CaPool("default", { * location: "us-central1", * name: "my-pool", * tier: "ENTERPRISE", * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * location: "us-central1", * pool: _default.name, * certificateAuthorityId: "my-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * digitalSignature: true, * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * }, * lifetime: "86400s", * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const defaultCertificate = new gcp.certificateauthority.Certificate("default", { * location: "us-central1", * pool: _default.name, * name: "my-certificate", * lifetime: "860s", * config: { * subjectConfig: { * subject: { * commonName: "san1.example.com", * countryCode: "us", * organization: "google", * organizationalUnit: "enterprise", * locality: "mountain view", * province: "california", * streetAddress: "1600 amphitheatre parkway", * postalCode: "94109", * }, * }, * subjectKeyId: { * keyId: "4cf3372289b1d411b999dbb9ebcd44744b6b2fca", * }, * x509Config: { * caOptions: { * isCa: false, * }, * keyUsage: { * baseKeyUsage: { * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * publicKey: { * format: "PEM", * key: std.filebase64({ * input: "test-fixtures/rsa_public.pem", * }).then(invoke => invoke.result), * }, * }, * }, { * dependsOn: [defaultAuthority], * }); * ``` * * ## Import * * Certificate can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}` * * * `{{project}}/{{location}}/{{pool}}/{{name}}` * * * `{{location}}/{{pool}}/{{name}}` * * When using the `pulumi import` command, Certificate can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:certificateauthority/certificate:Certificate default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}} * ``` * * ```sh * $ pulumi import gcp:certificateauthority/certificate:Certificate default {{project}}/{{location}}/{{pool}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:certificateauthority/certificate:Certificate default {{location}}/{{pool}}/{{name}} * ``` */ class Certificate extends pulumi.CustomResource { /** * Get an existing Certificate resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new Certificate(name, state, Object.assign(Object.assign({}, opts), { id: id })); } /** * Returns true if the given object is an instance of Certificate. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === Certificate.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["certificateAuthority"] = state ? state.certificateAuthority : undefined; resourceInputs["certificateDescriptions"] = state ? state.certificateDescriptions : undefined; resourceInputs["certificateTemplate"] = state ? state.certificateTemplate : undefined; resourceInputs["config"] = state ? state.config : undefined; resourceInputs["createTime"] = state ? state.createTime : undefined; resourceInputs["effectiveLabels"] = state ? state.effectiveLabels : undefined; resourceInputs["issuerCertificateAuthority"] = state ? state.issuerCertificateAuthority : undefined; resourceInputs["labels"] = state ? state.labels : undefined; resourceInputs["lifetime"] = state ? state.lifetime : undefined; resourceInputs["location"] = state ? state.location : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["pemCertificate"] = state ? state.pemCertificate : undefined; resourceInputs["pemCertificateChains"] = state ? state.pemCertificateChains : undefined; resourceInputs["pemCsr"] = state ? state.pemCsr : undefined; resourceInputs["pool"] = state ? state.pool : undefined; resourceInputs["project"] = state ? state.project : undefined; resourceInputs["pulumiLabels"] = state ? state.pulumiLabels : undefined; resourceInputs["revocationDetails"] = state ? state.revocationDetails : undefined; resourceInputs["updateTime"] = state ? state.updateTime : undefined; } else { const args = argsOrState; if ((!args || args.location === undefined) && !opts.urn) { throw new Error("Missing required property 'location'"); } if ((!args || args.pool === undefined) && !opts.urn) { throw new Error("Missing required property 'pool'"); } resourceInputs["certificateAuthority"] = args ? args.certificateAuthority : undefined; resourceInputs["certificateTemplate"] = args ? args.certificateTemplate : undefined; resourceInputs["config"] = args ? args.config : undefined; resourceInputs["labels"] = args ? args.labels : undefined; resourceInputs["lifetime"] = args ? args.lifetime : undefined; resourceInputs["location"] = args ? args.location : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["pemCsr"] = args ? args.pemCsr : undefined; resourceInputs["pool"] = args ? args.pool : undefined; resourceInputs["project"] = args ? args.project : undefined; resourceInputs["certificateDescriptions"] = undefined /*out*/; resourceInputs["createTime"] = undefined /*out*/; resourceInputs["effectiveLabels"] = undefined /*out*/; resourceInputs["issuerCertificateAuthority"] = undefined /*out*/; resourceInputs["pemCertificate"] = undefined /*out*/; resourceInputs["pemCertificateChains"] = undefined /*out*/; resourceInputs["pulumiLabels"] = undefined /*out*/; resourceInputs["revocationDetails"] = undefined /*out*/; resourceInputs["updateTime"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); const secretOpts = { additionalSecretOutputs: ["effectiveLabels", "pulumiLabels"] }; opts = pulumi.mergeOptions(opts, secretOpts); super(Certificate.__pulumiType, name, resourceInputs, opts); } } exports.Certificate = Certificate; /** @internal */ Certificate.__pulumiType = 'gcp:certificateauthority/certificate:Certificate'; //# sourceMappingURL=certificate.js.map