UNPKG

@pulumi/tls

Version:

A Pulumi package to create TLS resources in Pulumi programs.

pulumi.io

pulumi/pulumi-tls

164 lines (163 loc) 10.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
import * as pulumi from "@pulumi/pulumi"; export declare class LocallySignedCert extends pulumi.CustomResource { /** * Get an existing LocallySignedCert resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LocallySignedCertState, opts?: pulumi.CustomResourceOptions): LocallySignedCert; /** * Returns true if the given object is an instance of LocallySignedCert. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is LocallySignedCert; /** * List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `anyExtended`, `certSigning`, `clientAuth`, `codeSigning`, `contentCommitment`, `crlSigning`, `dataEncipherment`, `decipherOnly`, `digitalSignature`, `emailProtection`, `encipherOnly`, `ipsecEndSystem`, `ipsecTunnel`, `ipsecUser`, `keyAgreement`, `keyEncipherment`, `microsoftCommercialCodeSigning`, `microsoftKernelCodeSigning`, `microsoftServerGatedCrypto`, `netscapeServerGatedCrypto`, `ocspSigning`, `serverAuth`, `timestamping`. */ readonly allowedUses: pulumi.Output<string[]>; /** * Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. */ readonly caCertPem: pulumi.Output<string>; /** * Name of the algorithm used when generating the private key provided in `caPrivateKeyPem`. */ readonly caKeyAlgorithm: pulumi.Output<string>; /** * Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. */ readonly caPrivateKeyPem: pulumi.Output<string>; /** * Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`. */ readonly certPem: pulumi.Output<string>; /** * Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. */ readonly certRequestPem: pulumi.Output<string>; readonly earlyRenewalHours: pulumi.Output<number>; /** * Is the generated certificate representing a Certificate Authority (CA) (default: `false`). */ readonly isCaCertificate: pulumi.Output<boolean>; /** * Is the certificate either expired (i.e. beyond the `validityPeriodHours`) or ready for an early renewal (i.e. within the `earlyRenewalHours`)? */ readonly readyForRenewal: pulumi.Output<boolean>; /** * Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`). */ readonly setSubjectKeyId: pulumi.Output<boolean>; /** * The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp. */ readonly validityEndTime: pulumi.Output<string>; /** * Number of hours, after initial issuing, that the certificate will remain valid for. */ readonly validityPeriodHours: pulumi.Output<number>; /** * The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp. */ readonly validityStartTime: pulumi.Output<string>; /** * Create a LocallySignedCert resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: LocallySignedCertArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering LocallySignedCert resources. */ export interface LocallySignedCertState { /** * List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `anyExtended`, `certSigning`, `clientAuth`, `codeSigning`, `contentCommitment`, `crlSigning`, `dataEncipherment`, `decipherOnly`, `digitalSignature`, `emailProtection`, `encipherOnly`, `ipsecEndSystem`, `ipsecTunnel`, `ipsecUser`, `keyAgreement`, `keyEncipherment`, `microsoftCommercialCodeSigning`, `microsoftKernelCodeSigning`, `microsoftServerGatedCrypto`, `netscapeServerGatedCrypto`, `ocspSigning`, `serverAuth`, `timestamping`. */ allowedUses?: pulumi.Input<pulumi.Input<string>[]>; /** * Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. */ caCertPem?: pulumi.Input<string>; /** * Name of the algorithm used when generating the private key provided in `caPrivateKeyPem`. */ caKeyAlgorithm?: pulumi.Input<string>; /** * Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. */ caPrivateKeyPem?: pulumi.Input<string>; /** * Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`. */ certPem?: pulumi.Input<string>; /** * Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. */ certRequestPem?: pulumi.Input<string>; earlyRenewalHours?: pulumi.Input<number>; /** * Is the generated certificate representing a Certificate Authority (CA) (default: `false`). */ isCaCertificate?: pulumi.Input<boolean>; /** * Is the certificate either expired (i.e. beyond the `validityPeriodHours`) or ready for an early renewal (i.e. within the `earlyRenewalHours`)? */ readyForRenewal?: pulumi.Input<boolean>; /** * Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`). */ setSubjectKeyId?: pulumi.Input<boolean>; /** * The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp. */ validityEndTime?: pulumi.Input<string>; /** * Number of hours, after initial issuing, that the certificate will remain valid for. */ validityPeriodHours?: pulumi.Input<number>; /** * The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp. */ validityStartTime?: pulumi.Input<string>; } /** * The set of arguments for constructing a LocallySignedCert resource. */ export interface LocallySignedCertArgs { /** * List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `anyExtended`, `certSigning`, `clientAuth`, `codeSigning`, `contentCommitment`, `crlSigning`, `dataEncipherment`, `decipherOnly`, `digitalSignature`, `emailProtection`, `encipherOnly`, `ipsecEndSystem`, `ipsecTunnel`, `ipsecUser`, `keyAgreement`, `keyEncipherment`, `microsoftCommercialCodeSigning`, `microsoftKernelCodeSigning`, `microsoftServerGatedCrypto`, `netscapeServerGatedCrypto`, `ocspSigning`, `serverAuth`, `timestamping`. */ allowedUses: pulumi.Input<pulumi.Input<string>[]>; /** * Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. */ caCertPem: pulumi.Input<string>; /** * Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. */ caPrivateKeyPem: pulumi.Input<string>; /** * Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. */ certRequestPem: pulumi.Input<string>; earlyRenewalHours?: pulumi.Input<number>; /** * Is the generated certificate representing a Certificate Authority (CA) (default: `false`). */ isCaCertificate?: pulumi.Input<boolean>; /** * Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`). */ setSubjectKeyId?: pulumi.Input<boolean>; /** * Number of hours, after initial issuing, that the certificate will remain valid for. */ validityPeriodHours: pulumi.Input<number>; }