@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
276 lines (275 loc) • 10.8 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
*
* To get more information about ClientTlsPolicy, see:
*
* * [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-security/rest/v1beta1/projects.locations.clientTlsPolicies)
* * How-to Guides
* * [Service Security](https://cloud.google.com/traffic-director/docs/security-use-cases)
*
* ## Example Usage
*
* ### Network Security Client Tls Policy Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = new gcp.networksecurity.ClientTlsPolicy("default", {
* name: "my-client-tls-policy",
* labels: {
* foo: "bar",
* },
* description: "my description",
* sni: "secure.example.com",
* });
* ```
* ### Network Security Client Tls Policy Advanced
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = new gcp.networksecurity.ClientTlsPolicy("default", {
* name: "my-client-tls-policy",
* labels: {
* foo: "bar",
* },
* description: "my description",
* clientCertificate: {
* certificateProviderInstance: {
* pluginInstance: "google_cloud_private_spiffe",
* },
* },
* serverValidationCas: [{
* grpcEndpoint: {
* targetUri: "unix:mypath",
* },
* }],
* });
* ```
*
* ## Import
*
* ClientTlsPolicy can be imported using any of these accepted formats:
*
* * `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}`
*
* * `{{project}}/{{location}}/{{name}}`
*
* * `{{location}}/{{name}}`
*
* When using the `pulumi import` command, ClientTlsPolicy can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default {{project}}/{{location}}/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default {{location}}/{{name}}
* ```
*/
export declare class ClientTlsPolicy extends pulumi.CustomResource {
/**
* Get an existing ClientTlsPolicy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientTlsPolicyState, opts?: pulumi.CustomResourceOptions): ClientTlsPolicy;
/**
* Returns true if the given object is an instance of ClientTlsPolicy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is ClientTlsPolicy;
/**
* Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
* Structure is documented below.
*/
readonly clientCertificate: pulumi.Output<outputs.networksecurity.ClientTlsPolicyClientCertificate | undefined>;
/**
* Time the ClientTlsPolicy was created in UTC.
*/
readonly createTime: pulumi.Output<string>;
/**
* A free-text description of the resource. Max length 1024 characters.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
readonly effectiveLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* Set of label tags associated with the ClientTlsPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
readonly labels: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The location of the client tls policy.
* The default value is `global`.
*/
readonly location: pulumi.Output<string | undefined>;
/**
* Name of the ClientTlsPolicy resource.
*/
readonly name: pulumi.Output<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
readonly project: pulumi.Output<string>;
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
readonly pulumiLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
* Structure is documented below.
*/
readonly serverValidationCas: pulumi.Output<outputs.networksecurity.ClientTlsPolicyServerValidationCa[] | undefined>;
/**
* Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
*/
readonly sni: pulumi.Output<string | undefined>;
/**
* Time the ClientTlsPolicy was updated in UTC.
*/
readonly updateTime: pulumi.Output<string>;
/**
* Create a ClientTlsPolicy resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args?: ClientTlsPolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering ClientTlsPolicy resources.
*/
export interface ClientTlsPolicyState {
/**
* Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
* Structure is documented below.
*/
clientCertificate?: pulumi.Input<inputs.networksecurity.ClientTlsPolicyClientCertificate>;
/**
* Time the ClientTlsPolicy was created in UTC.
*/
createTime?: pulumi.Input<string>;
/**
* A free-text description of the resource. Max length 1024 characters.
*/
description?: pulumi.Input<string>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
effectiveLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Set of label tags associated with the ClientTlsPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The location of the client tls policy.
* The default value is `global`.
*/
location?: pulumi.Input<string>;
/**
* Name of the ClientTlsPolicy resource.
*/
name?: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
pulumiLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
* Structure is documented below.
*/
serverValidationCas?: pulumi.Input<pulumi.Input<inputs.networksecurity.ClientTlsPolicyServerValidationCa>[]>;
/**
* Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
*/
sni?: pulumi.Input<string>;
/**
* Time the ClientTlsPolicy was updated in UTC.
*/
updateTime?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a ClientTlsPolicy resource.
*/
export interface ClientTlsPolicyArgs {
/**
* Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
* Structure is documented below.
*/
clientCertificate?: pulumi.Input<inputs.networksecurity.ClientTlsPolicyClientCertificate>;
/**
* A free-text description of the resource. Max length 1024 characters.
*/
description?: pulumi.Input<string>;
/**
* Set of label tags associated with the ClientTlsPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The location of the client tls policy.
* The default value is `global`.
*/
location?: pulumi.Input<string>;
/**
* Name of the ClientTlsPolicy resource.
*/
name?: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
* Structure is documented below.
*/
serverValidationCas?: pulumi.Input<pulumi.Input<inputs.networksecurity.ClientTlsPolicyServerValidationCa>[]>;
/**
* Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
*/
sni?: pulumi.Input<string>;
}