@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; /** * Represents a RegionTargetHttpsProxy resource, which is used by one or more * forwarding rules to route incoming HTTPS requests to a URL map. * * To get more information about RegionTargetHttpsProxy, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetHttpsProxies) * * How-to Guides * * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/http/target-proxies) * * ## Example Usage * * ### Region Target Https Proxy Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const defaultRegionSslCertificate = new gcp.compute.RegionSslCertificate("default", { * region: "us-central1", * name: "my-certificate", * privateKey: std.file({ * input: "path/to/private.key", * }).then(invoke => invoke.result), * certificate: std.file({ * input: "path/to/certificate.crt", * }).then(invoke => invoke.result), * }); * const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", { * region: "us-central1", * name: "http-health-check", * httpHealthCheck: { * port: 80, * }, * }); * const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "backend-service", * protocol: "HTTP", * loadBalancingScheme: "INTERNAL_MANAGED", * timeoutSec: 10, * healthChecks: defaultRegionHealthCheck.id, * }); * const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", { * region: "us-central1", * name: "url-map", * description: "a description", * defaultService: defaultRegionBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultRegionBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultRegionBackendService.id, * }], * }], * }); * const _default = new gcp.compute.RegionTargetHttpsProxy("default", { * region: "us-central1", * name: "test-proxy", * urlMap: defaultRegionUrlMap.id, * sslCertificates: [defaultRegionSslCertificate.id], * }); * ``` * ### Region Target Https Proxy Http Keep Alive Timeout * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const defaultRegionSslCertificate = new gcp.compute.RegionSslCertificate("default", { * region: "us-central1", * name: "my-certificate", * privateKey: std.file({ * input: "path/to/private.key", * }).then(invoke => invoke.result), * certificate: std.file({ * input: "path/to/certificate.crt", * }).then(invoke => invoke.result), * }); * const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", { * region: "us-central1", * name: "http-health-check", * httpHealthCheck: { * port: 80, * }, * }); * const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "backend-service", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * loadBalancingScheme: "INTERNAL_MANAGED", * healthChecks: defaultRegionHealthCheck.id, * }); * const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", { * region: "us-central1", * name: "url-map", * description: "a description", * defaultService: defaultRegionBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultRegionBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultRegionBackendService.id, * }], * }], * }); * const _default = new gcp.compute.RegionTargetHttpsProxy("default", { * region: "us-central1", * name: "test-http-keep-alive-timeout-proxy", * httpKeepAliveTimeoutSec: 600, * urlMap: defaultRegionUrlMap.id, * sslCertificates: [defaultRegionSslCertificate.id], * }); * ``` * ### Region Target Https Proxy Mtls * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const project = gcp.organizations.getProject({}); * const defaultTrustConfig = new gcp.certificatemanager.TrustConfig("default", { * location: "us-central1", * name: "my-trust-config", * description: "sample description for trust config", * trustStores: [{ * trustAnchors: [{ * pemCertificate: std.file({ * input: "test-fixtures/ca_cert.pem", * }).then(invoke => invoke.result), * }], * intermediateCas: [{ * pemCertificate: std.file({ * input: "test-fixtures/ca_cert.pem", * }).then(invoke => invoke.result), * }], * }], * labels: { * foo: "bar", * }, * }); * const defaultServerTlsPolicy = new gcp.networksecurity.ServerTlsPolicy("default", { * location: "us-central1", * name: "my-tls-policy", * description: "my description", * allowOpen: false, * mtlsPolicy: { * clientValidationMode: "REJECT_INVALID", * clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) => `projects/${project.number}/locations/us-central1/trustConfigs/${name}`), * }, * }); * const defaultRegionSslCertificate = new gcp.compute.RegionSslCertificate("default", { * region: "us-central1", * name: "my-certificate", * privateKey: std.file({ * input: "path/to/private.key", * }).then(invoke => invoke.result), * certificate: std.file({ * input: "path/to/certificate.crt", * }).then(invoke => invoke.result), * }); * const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", { * region: "us-central1", * name: "http-health-check", * checkIntervalSec: 1, * timeoutSec: 1, * httpHealthCheck: { * port: 80, * }, * }); * const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "backend-service", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * loadBalancingScheme: "INTERNAL_MANAGED", * healthChecks: defaultRegionHealthCheck.id, * }); * const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", { * region: "us-central1", * name: "url-map", * description: "a description", * defaultService: defaultRegionBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultRegionBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultRegionBackendService.id, * }], * }], * }); * const _default = new gcp.compute.RegionTargetHttpsProxy("default", { * region: "us-central1", * name: "test-mtls-proxy", * urlMap: defaultRegionUrlMap.id, * sslCertificates: [defaultRegionSslCertificate.id], * serverTlsPolicy: defaultServerTlsPolicy.id, * }); * ``` * ### Region Target Https Proxy Certificate Manager Certificate * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const defaultCertificate = new gcp.certificatemanager.Certificate("default", { * name: "my-certificate", * location: "us-central1", * selfManaged: { * pemCertificate: std.file({ * input: "test-fixtures/cert.pem", * }).then(invoke => invoke.result), * pemPrivateKey: std.file({ * input: "test-fixtures/private-key.pem", * }).then(invoke => invoke.result), * }, * }); * const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", { * name: "backend-service", * region: "us-central1", * protocol: "HTTPS", * timeoutSec: 30, * loadBalancingScheme: "INTERNAL_MANAGED", * }); * const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", { * name: "url-map", * defaultService: defaultRegionBackendService.id, * region: "us-central1", * }); * const _default = new gcp.compute.RegionTargetHttpsProxy("default", { * name: "target-http-proxy", * urlMap: defaultRegionUrlMap.id, * certificateManagerCertificates: [pulumi.interpolate`//certificatemanager.googleapis.com/${defaultCertificate.id}`], * }); * ``` * * ## Import * * RegionTargetHttpsProxy can be imported using any of these accepted formats: * * * `projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}` * * * `{{project}}/{{region}}/{{name}}` * * * `{{region}}/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, RegionTargetHttpsProxy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default {{project}}/{{region}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default {{region}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default {{name}} * ``` */ export declare class RegionTargetHttpsProxy extends pulumi.CustomResource { /** * Get an existing RegionTargetHttpsProxy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RegionTargetHttpsProxyState, opts?: pulumi.CustomResourceOptions): RegionTargetHttpsProxy; /** * Returns true if the given object is an instance of RegionTargetHttpsProxy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is RegionTargetHttpsProxy; /** * URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. * sslCertificates and certificateManagerCertificates can't be defined together. * Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the selfLink `projects/{project}/locations/{location}/certificates/{resourceName}` */ readonly certificateManagerCertificates: pulumi.Output<string[] | undefined>; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output<string>; /** * An optional description of this resource. */ readonly description: pulumi.Output<string | undefined>; /** * Specifies how long to keep a connection open, after completing a response, * while there is no matching traffic (in seconds). If an HTTP keepalive is * not specified, a default value (600 seconds) will be used. For Regioanl * HTTP(S) load balancer, the minimum allowed value is 5 seconds and the * maximum allowed value is 600 seconds. */ readonly httpKeepAliveTimeoutSec: pulumi.Output<number | undefined>; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. */ readonly name: pulumi.Output<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output<string>; /** * The unique identifier for the resource. */ readonly proxyId: pulumi.Output<number>; /** * The Region in which the created target https proxy should reside. * If it is not provided, the provider region is used. */ readonly region: pulumi.Output<string>; /** * The URI of the created resource. */ readonly selfLink: pulumi.Output<string>; /** * A URL referring to a networksecurity.ServerTlsPolicy * resource that describes how the proxy should authenticate inbound * traffic. serverTlsPolicy only applies to a global TargetHttpsProxy * attached to globalForwardingRules with the loadBalancingScheme * set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. * For details which ServerTlsPolicy resources are accepted with * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. * If you remove this field from your configuration at the same time as * deleting or recreating a referenced ServerTlsPolicy resource, you will * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy * within the ServerTlsPolicy resource to avoid this. */ readonly serverTlsPolicy: pulumi.Output<string | undefined>; /** * URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. * At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. * sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. */ readonly sslCertificates: pulumi.Output<string[] | undefined>; /** * A reference to the Region SslPolicy resource that will be associated with * the TargetHttpsProxy resource. If not set, the TargetHttpsProxy * resource will not have any SSL policy configured. */ readonly sslPolicy: pulumi.Output<string | undefined>; /** * A reference to the RegionUrlMap resource that defines the mapping from URL * to the RegionBackendService. */ readonly urlMap: pulumi.Output<string>; /** * Create a RegionTargetHttpsProxy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RegionTargetHttpsProxyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering RegionTargetHttpsProxy resources. */ export interface RegionTargetHttpsProxyState { /** * URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. * sslCertificates and certificateManagerCertificates can't be defined together. * Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the selfLink `projects/{project}/locations/{location}/certificates/{resourceName}` */ certificateManagerCertificates?: pulumi.Input<pulumi.Input<string>[]>; /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input<string>; /** * An optional description of this resource. */ description?: pulumi.Input<string>; /** * Specifies how long to keep a connection open, after completing a response, * while there is no matching traffic (in seconds). If an HTTP keepalive is * not specified, a default value (600 seconds) will be used. For Regioanl * HTTP(S) load balancer, the minimum allowed value is 5 seconds and the * maximum allowed value is 600 seconds. */ httpKeepAliveTimeoutSec?: pulumi.Input<number>; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. */ name?: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * The unique identifier for the resource. */ proxyId?: pulumi.Input<number>; /** * The Region in which the created target https proxy should reside. * If it is not provided, the provider region is used. */ region?: pulumi.Input<string>; /** * The URI of the created resource. */ selfLink?: pulumi.Input<string>; /** * A URL referring to a networksecurity.ServerTlsPolicy * resource that describes how the proxy should authenticate inbound * traffic. serverTlsPolicy only applies to a global TargetHttpsProxy * attached to globalForwardingRules with the loadBalancingScheme * set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. * For details which ServerTlsPolicy resources are accepted with * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. * If you remove this field from your configuration at the same time as * deleting or recreating a referenced ServerTlsPolicy resource, you will * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy * within the ServerTlsPolicy resource to avoid this. */ serverTlsPolicy?: pulumi.Input<string>; /** * URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. * At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. * sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. */ sslCertificates?: pulumi.Input<pulumi.Input<string>[]>; /** * A reference to the Region SslPolicy resource that will be associated with * the TargetHttpsProxy resource. If not set, the TargetHttpsProxy * resource will not have any SSL policy configured. */ sslPolicy?: pulumi.Input<string>; /** * A reference to the RegionUrlMap resource that defines the mapping from URL * to the RegionBackendService. */ urlMap?: pulumi.Input<string>; } /** * The set of arguments for constructing a RegionTargetHttpsProxy resource. */ export interface RegionTargetHttpsProxyArgs { /** * URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. * sslCertificates and certificateManagerCertificates can't be defined together. * Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the selfLink `projects/{project}/locations/{location}/certificates/{resourceName}` */ certificateManagerCertificates?: pulumi.Input<pulumi.Input<string>[]>; /** * An optional description of this resource. */ description?: pulumi.Input<string>; /** * Specifies how long to keep a connection open, after completing a response, * while there is no matching traffic (in seconds). If an HTTP keepalive is * not specified, a default value (600 seconds) will be used. For Regioanl * HTTP(S) load balancer, the minimum allowed value is 5 seconds and the * maximum allowed value is 600 seconds. */ httpKeepAliveTimeoutSec?: pulumi.Input<number>; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. */ name?: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * The Region in which the created target https proxy should reside. * If it is not provided, the provider region is used. */ region?: pulumi.Input<string>; /** * A URL referring to a networksecurity.ServerTlsPolicy * resource that describes how the proxy should authenticate inbound * traffic. serverTlsPolicy only applies to a global TargetHttpsProxy * attached to globalForwardingRules with the loadBalancingScheme * set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. * For details which ServerTlsPolicy resources are accepted with * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. * If you remove this field from your configuration at the same time as * deleting or recreating a referenced ServerTlsPolicy resource, you will * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy * within the ServerTlsPolicy resource to avoid this. */ serverTlsPolicy?: pulumi.Input<string>; /** * URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. * At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. * sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. */ sslCertificates?: pulumi.Input<pulumi.Input<string>[]>; /** * A reference to the Region SslPolicy resource that will be associated with * the TargetHttpsProxy resource. If not set, the TargetHttpsProxy * resource will not have any SSL policy configured. */ sslPolicy?: pulumi.Input<string>; /** * A reference to the RegionUrlMap resource that defines the mapping from URL * to the RegionBackendService. */ urlMap: pulumi.Input<string>; }