UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi/pulumi-gcp

630 lines • 22.5 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.Certificate = void 0; const pulumi = __importStar(require("@pulumi/pulumi")); const utilities = __importStar(require("../utilities")); /** * A Certificate corresponds to a signed X.509 certificate issued by a Certificate. * * > **Note:** The Certificate Authority that is referenced by this resource **must** be * `tier = "ENTERPRISE"` * * ## Example Usage * * ### Privateca Certificate Generated Key * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * import * as tls from "@pulumi/tls"; * * const _default = new gcp.certificateauthority.CaPool("default", { * location: "us-central1", * name: "default", * tier: "ENTERPRISE", * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * location: "us-central1", * pool: _default.name, * certificateAuthorityId: "my-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * }, * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const certKey = new tls.PrivateKey("cert_key", {algorithm: "RSA"}); * const defaultCertificate = new gcp.certificateauthority.Certificate("default", { * location: "us-central1", * pool: _default.name, * certificateAuthority: defaultAuthority.certificateAuthorityId, * lifetime: "86000s", * name: "cert-1", * config: { * subjectConfig: { * subject: { * commonName: "san1.example.com", * countryCode: "us", * organization: "google", * organizationalUnit: "enterprise", * locality: "mountain view", * province: "california", * streetAddress: "1600 amphitheatre parkway", * }, * subjectAltName: { * emailAddresses: ["email@example.com"], * ipAddresses: ["127.0.0.1"], * uris: ["http://www.ietf.org/rfc/rfc3986.txt"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: false, * }, * }, * nameConstraints: { * critical: true, * permittedDnsNames: ["*.example.com"], * excludedDnsNames: ["*.deny.example.com"], * permittedIpRanges: ["10.0.0.0/8"], * excludedIpRanges: ["10.1.1.0/24"], * permittedEmailAddresses: [".example.com"], * excludedEmailAddresses: [".deny.example.com"], * permittedUris: [".example.com"], * excludedUris: [".deny.example.com"], * }, * }, * publicKey: { * format: "PEM", * key: std.base64encodeOutput({ * input: certKey.publicKeyPem, * }).apply(invoke => invoke.result), * }, * }, * }); * ``` * ### Privateca Certificate With Template * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificateauthority.CaPool("default", { * location: "us-central1", * name: "my-pool", * tier: "ENTERPRISE", * }); * const defaultCertificateTemplate = new gcp.certificateauthority.CertificateTemplate("default", { * location: "us-central1", * name: "my-certificate-template", * description: "An updated sample certificate template", * identityConstraints: { * allowSubjectAltNamesPassthrough: true, * allowSubjectPassthrough: true, * celExpression: { * description: "Always true", * expression: "true", * location: "any.file.anywhere", * title: "Sample expression", * }, * }, * passthroughExtensions: { * additionalExtensions: [{ * objectIdPaths: [ * 1, * 6, * ], * }], * knownExtensions: ["EXTENDED_KEY_USAGE"], * }, * predefinedValues: { * additionalExtensions: [{ * objectId: { * objectIdPaths: [ * 1, * 6, * ], * }, * value: "c3RyaW5nCg==", * critical: true, * }], * aiaOcspServers: ["string"], * caOptions: { * isCa: false, * maxIssuerPathLength: 6, * }, * keyUsage: { * baseKeyUsage: { * certSign: false, * contentCommitment: true, * crlSign: false, * dataEncipherment: true, * decipherOnly: true, * digitalSignature: true, * encipherOnly: true, * keyAgreement: true, * keyEncipherment: true, * }, * extendedKeyUsage: { * clientAuth: true, * codeSigning: true, * emailProtection: true, * ocspSigning: true, * serverAuth: true, * timeStamping: true, * }, * unknownExtendedKeyUsages: [{ * objectIdPaths: [ * 1, * 6, * ], * }], * }, * policyIds: [{ * objectIdPaths: [ * 1, * 6, * ], * }], * }, * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * location: "us-central1", * pool: _default.name, * certificateAuthorityId: "my-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: false, * }, * }, * }, * }, * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const defaultCertificate = new gcp.certificateauthority.Certificate("default", { * location: "us-central1", * pool: _default.name, * certificateAuthority: defaultAuthority.certificateAuthorityId, * name: "my-certificate", * lifetime: "860s", * pemCsr: std.file({ * input: "test-fixtures/rsa_csr.pem", * }).then(invoke => invoke.result), * certificateTemplate: defaultCertificateTemplate.id, * }); * ``` * ### Privateca Certificate Csr * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificateauthority.CaPool("default", { * location: "us-central1", * name: "my-pool", * tier: "ENTERPRISE", * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * location: "us-central1", * pool: _default.name, * certificateAuthorityId: "my-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: false, * }, * }, * }, * }, * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const defaultCertificate = new gcp.certificateauthority.Certificate("default", { * location: "us-central1", * pool: _default.name, * certificateAuthority: defaultAuthority.certificateAuthorityId, * name: "my-certificate", * lifetime: "860s", * pemCsr: std.file({ * input: "test-fixtures/rsa_csr.pem", * }).then(invoke => invoke.result), * }); * ``` * ### Privateca Certificate No Authority * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificateauthority.CaPool("default", { * location: "us-central1", * name: "my-pool", * tier: "ENTERPRISE", * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * location: "us-central1", * pool: _default.name, * certificateAuthorityId: "my-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * digitalSignature: true, * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * }, * lifetime: "86400s", * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const defaultCertificate = new gcp.certificateauthority.Certificate("default", { * location: "us-central1", * pool: _default.name, * name: "my-certificate", * lifetime: "860s", * config: { * subjectConfig: { * subject: { * commonName: "san1.example.com", * countryCode: "us", * organization: "google", * organizationalUnit: "enterprise", * locality: "mountain view", * province: "california", * streetAddress: "1600 amphitheatre parkway", * postalCode: "94109", * }, * }, * x509Config: { * caOptions: { * isCa: false, * }, * keyUsage: { * baseKeyUsage: { * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * publicKey: { * format: "PEM", * key: std.filebase64({ * input: "test-fixtures/rsa_public.pem", * }).then(invoke => invoke.result), * }, * }, * }, { * dependsOn: [defaultAuthority], * }); * ``` * ### Privateca Certificate Custom Ski * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificateauthority.CaPool("default", { * location: "us-central1", * name: "my-pool", * tier: "ENTERPRISE", * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * location: "us-central1", * pool: _default.name, * certificateAuthorityId: "my-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * digitalSignature: true, * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * }, * lifetime: "86400s", * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const defaultCertificate = new gcp.certificateauthority.Certificate("default", { * location: "us-central1", * pool: _default.name, * name: "my-certificate", * lifetime: "860s", * config: { * subjectConfig: { * subject: { * commonName: "san1.example.com", * countryCode: "us", * organization: "google", * organizationalUnit: "enterprise", * locality: "mountain view", * province: "california", * streetAddress: "1600 amphitheatre parkway", * postalCode: "94109", * }, * }, * subjectKeyId: { * keyId: "4cf3372289b1d411b999dbb9ebcd44744b6b2fca", * }, * x509Config: { * caOptions: { * isCa: false, * }, * keyUsage: { * baseKeyUsage: { * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * publicKey: { * format: "PEM", * key: std.filebase64({ * input: "test-fixtures/rsa_public.pem", * }).then(invoke => invoke.result), * }, * }, * }, { * dependsOn: [defaultAuthority], * }); * ``` * * ## Import * * Certificate can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}` * * `{{project}}/{{location}}/{{pool}}/{{name}}` * * `{{location}}/{{pool}}/{{name}}` * * When using the `pulumi import` command, Certificate can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:certificateauthority/certificate:Certificate default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}} * $ pulumi import gcp:certificateauthority/certificate:Certificate default {{project}}/{{location}}/{{pool}}/{{name}} * $ pulumi import gcp:certificateauthority/certificate:Certificate default {{location}}/{{pool}}/{{name}} * ``` */ class Certificate extends pulumi.CustomResource { /** * Get an existing Certificate resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new Certificate(name, state, { ...opts, id: id }); } /** @internal */ static __pulumiType = 'gcp:certificateauthority/certificate:Certificate'; /** * Returns true if the given object is an instance of Certificate. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === Certificate.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["certificateAuthority"] = state?.certificateAuthority; resourceInputs["certificateDescriptions"] = state?.certificateDescriptions; resourceInputs["certificateTemplate"] = state?.certificateTemplate; resourceInputs["config"] = state?.config; resourceInputs["createTime"] = state?.createTime; resourceInputs["deletionPolicy"] = state?.deletionPolicy; resourceInputs["effectiveLabels"] = state?.effectiveLabels; resourceInputs["issuerCertificateAuthority"] = state?.issuerCertificateAuthority; resourceInputs["labels"] = state?.labels; resourceInputs["lifetime"] = state?.lifetime; resourceInputs["location"] = state?.location; resourceInputs["name"] = state?.name; resourceInputs["pemCertificate"] = state?.pemCertificate; resourceInputs["pemCertificateChains"] = state?.pemCertificateChains; resourceInputs["pemCsr"] = state?.pemCsr; resourceInputs["pool"] = state?.pool; resourceInputs["project"] = state?.project; resourceInputs["pulumiLabels"] = state?.pulumiLabels; resourceInputs["revocationDetails"] = state?.revocationDetails; resourceInputs["updateTime"] = state?.updateTime; } else { const args = argsOrState; if (args?.location === undefined && !opts.urn) { throw new Error("Missing required property 'location'"); } if (args?.pool === undefined && !opts.urn) { throw new Error("Missing required property 'pool'"); } resourceInputs["certificateAuthority"] = args?.certificateAuthority; resourceInputs["certificateTemplate"] = args?.certificateTemplate; resourceInputs["config"] = args?.config; resourceInputs["deletionPolicy"] = args?.deletionPolicy; resourceInputs["labels"] = args?.labels; resourceInputs["lifetime"] = args?.lifetime; resourceInputs["location"] = args?.location; resourceInputs["name"] = args?.name; resourceInputs["pemCsr"] = args?.pemCsr; resourceInputs["pool"] = args?.pool; resourceInputs["project"] = args?.project; resourceInputs["certificateDescriptions"] = undefined /*out*/; resourceInputs["createTime"] = undefined /*out*/; resourceInputs["effectiveLabels"] = undefined /*out*/; resourceInputs["issuerCertificateAuthority"] = undefined /*out*/; resourceInputs["pemCertificate"] = undefined /*out*/; resourceInputs["pemCertificateChains"] = undefined /*out*/; resourceInputs["pulumiLabels"] = undefined /*out*/; resourceInputs["revocationDetails"] = undefined /*out*/; resourceInputs["updateTime"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); const secretOpts = { additionalSecretOutputs: ["effectiveLabels", "pulumiLabels"] }; opts = pulumi.mergeOptions(opts, secretOpts); super(Certificate.__pulumiType, name, resourceInputs, opts); } } exports.Certificate = Certificate; //# sourceMappingURL=certificate.js.map