pulumi-azure-kotlin/com.pulumi.azure.nginx.kotlin/CertificateArgs

CertificateArgs

data class CertificateArgs(val certificateVirtualPath: Output<String>? = null, val keyVaultSecretId: Output<String>? = null, val keyVirtualPath: Output<String>? = null, val name: Output<String>? = null, val nginxDeploymentId: Output<String>? = null) : ConvertibleToJava<CertificateArgs>

Manages a Certificate for an NGinx Deployment.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.PublicIp;
import com.pulumi.azure.network.PublicIpArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.inputs.SubnetDelegationArgs;
import com.pulumi.azure.network.inputs.SubnetDelegationServiceDelegationArgs;
import com.pulumi.azure.nginx.Deployment;
import com.pulumi.azure.nginx.DeploymentArgs;
import com.pulumi.azure.nginx.inputs.DeploymentFrontendPublicArgs;
import com.pulumi.azure.nginx.inputs.DeploymentNetworkInterfaceArgs;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Certificate;
import com.pulumi.azure.keyvault.CertificateArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificateArgs;
import com.pulumi.azure.nginx.Certificate;
import com.pulumi.azure.nginx.CertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .allocationMethod("Static")
            .sku("Standard")
            .tags(Map.of("environment", "Production"))
            .build());
        var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
            .addressSpaces("10.0.0.0/16")
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .build());
        var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .virtualNetworkName(exampleVirtualNetwork.name())
            .addressPrefixes("10.0.2.0/24")
            .delegations(SubnetDelegationArgs.builder()
                .name("delegation")
                .serviceDelegation(SubnetDelegationServiceDelegationArgs.builder()
                    .name("NGINX.NGINXPLUS/nginxDeployments")
                    .actions("Microsoft.Network/virtualNetworks/subnets/join/action")
                    .build())
                .build())
            .build());
        var exampleDeployment = new Deployment("exampleDeployment", DeploymentArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .sku("publicpreview_Monthly_gmz7xq9ge3py")
            .location(exampleResourceGroup.location())
            .managedResourceGroup("example")
            .diagnoseSupportEnabled(true)
            .frontendPublic(DeploymentFrontendPublicArgs.builder()
                .ipAddresses(examplePublicIp.id())
                .build())
            .networkInterfaces(DeploymentNetworkInterfaceArgs.builder()
                .subnetId(exampleSubnet.id())
                .build())
            .build());
        final var current = CoreFunctions.getClientConfig();
        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .skuName("premium")
            .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                .certificatePermissions(
                    "Create",
                    "Delete",
                    "DeleteIssuers",
                    "Get",
                    "GetIssuers",
                    "Import",
                    "List",
                    "ListIssuers",
                    "ManageContacts",
                    "ManageIssuers",
                    "SetIssuers",
                    "Update")
                .build())
            .build());
        var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .certificate(CertificateCertificateArgs.builder()
                .contents(Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get("certificate-to-import.pfx"))))
                .password("")
                .build())
            .build());
        var exampleNginx_certificateCertificate = new Certificate("exampleNginx/certificateCertificate", CertificateArgs.builder()
            .nginxDeploymentId(exampleDeployment.id())
            .keyVirtualPath("/src/cert/soservermekey.key")
            .certificateVirtualPath("/src/cert/server.cert")
            .keyVaultSecretId(exampleCertificate.secretId())
            .build());
    }
}
Content copied to clipboard

Import

An Nginx Certificate can be imported using the resource id, e.g.

$ pulumi import azure:nginx/certificate:Certificate example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Nginx.NginxPlus/nginxDeployments/deploy1/certificates/cer1
Content copied to clipboard

Constructors

Link copied to clipboard
fun CertificateArgs(certificateVirtualPath: Output<String>? = null, keyVaultSecretId: Output<String>? = null, keyVirtualPath: Output<String>? = null, name: Output<String>? = null, nginxDeploymentId: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): CertificateArgs

Properties

Link copied to clipboard
val certificateVirtualPath: Output<String>? = null

Specify the path to the cert file of this certificate.

Link copied to clipboard
val keyVaultSecretId: Output<String>? = null

Specify the ID of the Key Vault Secret for this certificate.

Link copied to clipboard
val keyVirtualPath: Output<String>? = null

Specify the path to the key file of this certificate.

Link copied to clipboard
val name: Output<String>? = null

The name which should be used for this Nginx Certificate. Changing this forces a new Nginx Certificate to be created.

Link copied to clipboard
val nginxDeploymentId: Output<String>? = null

The ID of the Nginx Deployment that this Certificate should be associated with. Changing this forces a new Nginx Certificate to be created.