@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
313 lines • 11.7 kB
JavaScript
"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.TlsInspectionPolicy = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* The TlsInspectionPolicy resource contains references to CA pools in Certificate Authority Service and associated metadata.
*
* To get more information about TlsInspectionPolicy, see:
*
* * [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/network-security/rest/v1/projects.locations.tlsInspectionPolicies)
* * How-to Guides
* * [Use TlsInspectionPolicy](https://cloud.google.com/secure-web-proxy/docs/tls-inspection-overview)
*
* ## Example Usage
*
* ### Network Security Tls Inspection Policy Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = new gcp.certificateauthority.CaPool("default", {
* name: "my-basic-ca-pool",
* location: "us-central1",
* tier: "DEVOPS",
* publishingOptions: {
* publishCaCert: false,
* publishCrl: false,
* },
* issuancePolicy: {
* maximumLifetime: "1209600s",
* baselineValues: {
* caOptions: {
* isCa: false,
* },
* keyUsage: {
* baseKeyUsage: {},
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* },
* });
* const defaultAuthority = new gcp.certificateauthority.Authority("default", {
* pool: _default.name,
* certificateAuthorityId: "my-basic-certificate-authority",
* location: "us-central1",
* lifetime: "86400s",
* type: "SELF_SIGNED",
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* config: {
* subjectConfig: {
* subject: {
* organization: "Test LLC",
* commonName: "my-ca",
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: false,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* });
* const project = gcp.organizations.getProject({});
* const tlsInspectionPermission = new gcp.certificateauthority.CaPoolIamMember("tls_inspection_permission", {
* caPool: _default.id,
* role: "roles/privateca.certificateManager",
* member: project.then(project => `serviceAccount:service-${project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com`),
* });
* const defaultTlsInspectionPolicy = new gcp.networksecurity.TlsInspectionPolicy("default", {
* name: "my-tls-inspection-policy",
* location: "us-central1",
* caPool: _default.id,
* excludePublicCaSet: false,
* }, {
* dependsOn: [
* _default,
* defaultAuthority,
* tlsInspectionPermission,
* ],
* });
* ```
* ### Network Security Tls Inspection Policy Custom
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
*
* const _default = new gcp.certificateauthority.CaPool("default", {
* name: "my-basic-ca-pool",
* location: "us-central1",
* tier: "DEVOPS",
* publishingOptions: {
* publishCaCert: false,
* publishCrl: false,
* },
* issuancePolicy: {
* maximumLifetime: "1209600s",
* baselineValues: {
* caOptions: {
* isCa: false,
* },
* keyUsage: {
* baseKeyUsage: {},
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* },
* });
* const defaultAuthority = new gcp.certificateauthority.Authority("default", {
* pool: _default.name,
* certificateAuthorityId: "my-basic-certificate-authority",
* location: "us-central1",
* lifetime: "86400s",
* type: "SELF_SIGNED",
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* config: {
* subjectConfig: {
* subject: {
* organization: "Test LLC",
* commonName: "my-ca",
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: false,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* });
* const nsSa = new gcp.projects.ServiceIdentity("ns_sa", {service: "networksecurity.googleapis.com"});
* const defaultCaPoolIamMember = new gcp.certificateauthority.CaPoolIamMember("default", {
* caPool: _default.id,
* role: "roles/privateca.certificateManager",
* member: nsSa.member,
* });
* const defaultTrustConfig = new gcp.certificatemanager.TrustConfig("default", {
* name: "my-trust-config",
* description: "sample trust config description",
* location: "us-central1",
* trustStores: [{
* trustAnchors: [{
* pemCertificate: std.file({
* input: "test-fixtures/ca_cert.pem",
* }).then(invoke => invoke.result),
* }],
* intermediateCas: [{
* pemCertificate: std.file({
* input: "test-fixtures/ca_cert.pem",
* }).then(invoke => invoke.result),
* }],
* }],
* });
* const defaultTlsInspectionPolicy = new gcp.networksecurity.TlsInspectionPolicy("default", {
* name: "my-tls-inspection-policy",
* location: "us-central1",
* caPool: _default.id,
* excludePublicCaSet: false,
* minTlsVersion: "TLS_1_0",
* trustConfig: defaultTrustConfig.id,
* tlsFeatureProfile: "PROFILE_CUSTOM",
* customTlsFeatures: [
* "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
* "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
* "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
* "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
* "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
* "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
* "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
* "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
* "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
* "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
* "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
* "TLS_RSA_WITH_AES_128_CBC_SHA",
* "TLS_RSA_WITH_AES_128_GCM_SHA256",
* "TLS_RSA_WITH_AES_256_CBC_SHA",
* "TLS_RSA_WITH_AES_256_GCM_SHA384",
* ],
* }, {
* dependsOn: [
* defaultAuthority,
* defaultCaPoolIamMember,
* ],
* });
* ```
*
* ## Import
*
* TlsInspectionPolicy can be imported using any of these accepted formats:
*
* * `projects/{{project}}/locations/{{location}}/tlsInspectionPolicies/{{name}}`
*
* * `{{project}}/{{location}}/{{name}}`
*
* * `{{location}}/{{name}}`
*
* When using the `pulumi import` command, TlsInspectionPolicy can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default projects/{{project}}/locations/{{location}}/tlsInspectionPolicies/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default {{project}}/{{location}}/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default {{location}}/{{name}}
* ```
*/
class TlsInspectionPolicy extends pulumi.CustomResource {
/**
* Get an existing TlsInspectionPolicy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new TlsInspectionPolicy(name, state, { ...opts, id: id });
}
/**
* Returns true if the given object is an instance of TlsInspectionPolicy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === TlsInspectionPolicy.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["caPool"] = state?.caPool;
resourceInputs["createTime"] = state?.createTime;
resourceInputs["customTlsFeatures"] = state?.customTlsFeatures;
resourceInputs["description"] = state?.description;
resourceInputs["excludePublicCaSet"] = state?.excludePublicCaSet;
resourceInputs["location"] = state?.location;
resourceInputs["minTlsVersion"] = state?.minTlsVersion;
resourceInputs["name"] = state?.name;
resourceInputs["project"] = state?.project;
resourceInputs["tlsFeatureProfile"] = state?.tlsFeatureProfile;
resourceInputs["trustConfig"] = state?.trustConfig;
resourceInputs["updateTime"] = state?.updateTime;
}
else {
const args = argsOrState;
if (args?.caPool === undefined && !opts.urn) {
throw new Error("Missing required property 'caPool'");
}
resourceInputs["caPool"] = args?.caPool;
resourceInputs["customTlsFeatures"] = args?.customTlsFeatures;
resourceInputs["description"] = args?.description;
resourceInputs["excludePublicCaSet"] = args?.excludePublicCaSet;
resourceInputs["location"] = args?.location;
resourceInputs["minTlsVersion"] = args?.minTlsVersion;
resourceInputs["name"] = args?.name;
resourceInputs["project"] = args?.project;
resourceInputs["tlsFeatureProfile"] = args?.tlsFeatureProfile;
resourceInputs["trustConfig"] = args?.trustConfig;
resourceInputs["createTime"] = undefined /*out*/;
resourceInputs["updateTime"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(TlsInspectionPolicy.__pulumiType, name, resourceInputs, opts);
}
}
exports.TlsInspectionPolicy = TlsInspectionPolicy;
/** @internal */
TlsInspectionPolicy.__pulumiType = 'gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy';
//# sourceMappingURL=tlsInspectionPolicy.js.map