Spring
data class SpringCloudCertificateArgs(val certificateContent: Output<String>? = null, val excludePrivateKey: Output<Boolean>? = null, val keyVaultCertificateId: Output<String>? = null, val name: Output<String>? = null, val resourceGroupName: Output<String>? = null, val serviceName: Output<String>? = null) : ConvertibleToJava<SpringCloudCertificateArgs>
Manages an Azure Spring Cloud Certificate.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
const exampleResourceGroup = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const current = azure.core.getClientConfig({});
const example = azuread.getServicePrincipal({
displayName: "Azure Spring Cloud Resource Provider",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "keyvaultcertexample",
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
tenantId: current.then(current => current.tenantId),
skuName: "standard",
accessPolicies: [
{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
secretPermissions: ["Set"],
certificatePermissions: [
"Create",
"Delete",
"Get",
"Update",
],
},
{
tenantId: current.then(current => current.tenantId),
objectId: example.then(example => example.objectId),
secretPermissions: [
"Get",
"List",
],
certificatePermissions: [
"Get",
"List",
],
},
],
});
const exampleCertificate = new azure.keyvault.Certificate("example", {
name: "cert-example",
keyVaultId: exampleKeyVault.id,
certificatePolicy: {
issuerParameters: {
name: "Self",
},
keyProperties: {
exportable: true,
keySize: 2048,
keyType: "RSA",
reuseKey: true,
},
lifetimeActions: [{
action: {
actionType: "AutoRenew",
},
trigger: {
daysBeforeExpiry: 30,
},
}],
secretProperties: {
contentType: "application/x-pkcs12",
},
x509CertificateProperties: {
keyUsages: [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
],
subject: "CN=contoso.com",
validityInMonths: 12,
},
},
});
const exampleSpringCloudService = new azure.appplatform.SpringCloudService("example", {
name: "example-springcloud",
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
});
const exampleSpringCloudCertificate = new azure.appplatform.SpringCloudCertificate("example", {
name: "example-scc",
resourceGroupName: exampleSpringCloudService.resourceGroupName,
serviceName: exampleSpringCloudService.name,
keyVaultCertificateId: exampleCertificate.id,
excludePrivateKey: true,
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
import pulumi_azuread as azuread
example_resource_group = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
current = azure.core.get_client_config()
example = azuread.get_service_principal(display_name="Azure Spring Cloud Resource Provider")
example_key_vault = azure.keyvault.KeyVault("example",
name="keyvaultcertexample",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
tenant_id=current.tenant_id,
sku_name="standard",
access_policies=[
{
"tenant_id": current.tenant_id,
"object_id": current.object_id,
"secret_permissions": ["Set"],
"certificate_permissions": [
"Create",
"Delete",
"Get",
"Update",
],
},
{
"tenant_id": current.tenant_id,
"object_id": example.object_id,
"secret_permissions": [
"Get",
"List",
],
"certificate_permissions": [
"Get",
"List",
],
},
])
example_certificate = azure.keyvault.Certificate("example",
name="cert-example",
key_vault_id=example_key_vault.id,
certificate_policy={
"issuer_parameters": {
"name": "Self",
},
"key_properties": {
"exportable": True,
"key_size": 2048,
"key_type": "RSA",
"reuse_key": True,
},
"lifetime_actions": [{
"action": {
"action_type": "AutoRenew",
},
"trigger": {
"days_before_expiry": 30,
},
}],
"secret_properties": {
"content_type": "application/x-pkcs12",
},
"x509_certificate_properties": {
"key_usages": [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
],
"subject": "CN=contoso.com",
"validity_in_months": 12,
},
})
example_spring_cloud_service = azure.appplatform.SpringCloudService("example",
name="example-springcloud",
resource_group_name=example_resource_group.name,
location=example_resource_group.location)
example_spring_cloud_certificate = azure.appplatform.SpringCloudCertificate("example",
name="example-scc",
resource_group_name=example_spring_cloud_service.resource_group_name,
service_name=example_spring_cloud_service.name,
key_vault_certificate_id=example_certificate.id,
exclude_private_key=True)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var current = Azure.Core.GetClientConfig.Invoke();
var example = AzureAD.GetServicePrincipal.Invoke(new()
{
DisplayName = "Azure Spring Cloud Resource Provider",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "keyvaultcertexample",
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "standard",
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
SecretPermissions = new[]
{
"Set",
},
CertificatePermissions = new[]
{
"Create",
"Delete",
"Get",
"Update",
},
},
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = example.Apply(getServicePrincipalResult => getServicePrincipalResult.ObjectId),
SecretPermissions = new[]
{
"Get",
"List",
},
CertificatePermissions = new[]
{
"Get",
"List",
},
},
},
});
var exampleCertificate = new Azure.KeyVault.Certificate("example", new()
{
Name = "cert-example",
KeyVaultId = exampleKeyVault.Id,
CertificatePolicy = new Azure.KeyVault.Inputs.CertificateCertificatePolicyArgs
{
IssuerParameters = new Azure.KeyVault.Inputs.CertificateCertificatePolicyIssuerParametersArgs
{
Name = "Self",
},
KeyProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyKeyPropertiesArgs
{
Exportable = true,
KeySize = 2048,
KeyType = "RSA",
ReuseKey = true,
},
LifetimeActions = new[]
{
new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionArgs
{
Action = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionActionArgs
{
ActionType = "AutoRenew",
},
Trigger = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionTriggerArgs
{
DaysBeforeExpiry = 30,
},
},
},
SecretProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicySecretPropertiesArgs
{
ContentType = "application/x-pkcs12",
},
X509CertificateProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs
{
KeyUsages = new[]
{
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
},
Subject = "CN=contoso.com",
ValidityInMonths = 12,
},
},
});
var exampleSpringCloudService = new Azure.AppPlatform.SpringCloudService("example", new()
{
Name = "example-springcloud",
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
});
var exampleSpringCloudCertificate = new Azure.AppPlatform.SpringCloudCertificate("example", new()
{
Name = "example-scc",
ResourceGroupName = exampleSpringCloudService.ResourceGroupName,
ServiceName = exampleSpringCloudService.Name,
KeyVaultCertificateId = exampleCertificate.Id,
ExcludePrivateKey = true,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/appplatform"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := azuread.LookupServicePrincipal(ctx, &azuread.LookupServicePrincipalArgs{
DisplayName: pulumi.StringRef("Azure Spring Cloud Resource Provider"),
}, nil)
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("keyvaultcertexample"),
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("standard"),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
SecretPermissions: pulumi.StringArray{
pulumi.String("Set"),
},
CertificatePermissions: pulumi.StringArray{
pulumi.String("Create"),
pulumi.String("Delete"),
pulumi.String("Get"),
pulumi.String("Update"),
},
},
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(example.ObjectId),
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
},
CertificatePermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
},
},
},
})
if err != nil {
return err
}
exampleCertificate, err := keyvault.NewCertificate(ctx, "example", &keyvault.CertificateArgs{
Name: pulumi.String("cert-example"),
KeyVaultId: exampleKeyVault.ID(),
CertificatePolicy: &keyvault.CertificateCertificatePolicyArgs{
IssuerParameters: &keyvault.CertificateCertificatePolicyIssuerParametersArgs{
Name: pulumi.String("Self"),
},
KeyProperties: &keyvault.CertificateCertificatePolicyKeyPropertiesArgs{
Exportable: pulumi.Bool(true),
KeySize: pulumi.Int(2048),
KeyType: pulumi.String("RSA"),
ReuseKey: pulumi.Bool(true),
},
LifetimeActions: keyvault.CertificateCertificatePolicyLifetimeActionArray{
&keyvault.CertificateCertificatePolicyLifetimeActionArgs{
Action: &keyvault.CertificateCertificatePolicyLifetimeActionActionArgs{
ActionType: pulumi.String("AutoRenew"),
},
Trigger: &keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs{
DaysBeforeExpiry: pulumi.Int(30),
},
},
},
SecretProperties: &keyvault.CertificateCertificatePolicySecretPropertiesArgs{
ContentType: pulumi.String("application/x-pkcs12"),
},
X509CertificateProperties: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs{
KeyUsages: pulumi.StringArray{
pulumi.String("cRLSign"),
pulumi.String("dataEncipherment"),
pulumi.String("digitalSignature"),
pulumi.String("keyAgreement"),
pulumi.String("keyCertSign"),
pulumi.String("keyEncipherment"),
},
Subject: pulumi.String("CN=contoso.com"),
ValidityInMonths: pulumi.Int(12),
},
},
})
if err != nil {
return err
}
exampleSpringCloudService, err := appplatform.NewSpringCloudService(ctx, "example", &appplatform.SpringCloudServiceArgs{
Name: pulumi.String("example-springcloud"),
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
})
if err != nil {
return err
}
_, err = appplatform.NewSpringCloudCertificate(ctx, "example", &appplatform.SpringCloudCertificateArgs{
Name: pulumi.String("example-scc"),
ResourceGroupName: exampleSpringCloudService.ResourceGroupName,
ServiceName: exampleSpringCloudService.Name,
KeyVaultCertificateId: exampleCertificate.ID(),
ExcludePrivateKey: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Certificate;
import com.pulumi.azure.keyvault.CertificateArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyIssuerParametersArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyKeyPropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicySecretPropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs;
import com.pulumi.azure.appplatform.SpringCloudService;
import com.pulumi.azure.appplatform.SpringCloudServiceArgs;
import com.pulumi.azure.appplatform.SpringCloudCertificate;
import com.pulumi.azure.appplatform.SpringCloudCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
final var current = CoreFunctions.getClientConfig();
final var example = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()
.displayName("Azure Spring Cloud Resource Provider")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("keyvaultcertexample")
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("standard")
.accessPolicies(
KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.secretPermissions("Set")
.certificatePermissions(
"Create",
"Delete",
"Get",
"Update")
.build(),
KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(example.applyValue(getServicePrincipalResult -> getServicePrincipalResult.objectId()))
.secretPermissions(
"Get",
"List")
.certificatePermissions(
"Get",
"List")
.build())
.build());
var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()
.name("cert-example")
.keyVaultId(exampleKeyVault.id())
.certificatePolicy(CertificateCertificatePolicyArgs.builder()
.issuerParameters(CertificateCertificatePolicyIssuerParametersArgs.builder()
.name("Self")
.build())
.keyProperties(CertificateCertificatePolicyKeyPropertiesArgs.builder()
.exportable(true)
.keySize(2048)
.keyType("RSA")
.reuseKey(true)
.build())
.lifetimeActions(CertificateCertificatePolicyLifetimeActionArgs.builder()
.action(CertificateCertificatePolicyLifetimeActionActionArgs.builder()
.actionType("AutoRenew")
.build())
.trigger(CertificateCertificatePolicyLifetimeActionTriggerArgs.builder()
.daysBeforeExpiry(30)
.build())
.build())
.secretProperties(CertificateCertificatePolicySecretPropertiesArgs.builder()
.contentType("application/x-pkcs12")
.build())
.x509CertificateProperties(CertificateCertificatePolicyX509CertificatePropertiesArgs.builder()
.keyUsages(
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment")
.subject("CN=contoso.com")
.validityInMonths(12)
.build())
.build())
.build());
var exampleSpringCloudService = new SpringCloudService("exampleSpringCloudService", SpringCloudServiceArgs.builder()
.name("example-springcloud")
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.build());
var exampleSpringCloudCertificate = new SpringCloudCertificate("exampleSpringCloudCertificate", SpringCloudCertificateArgs.builder()
.name("example-scc")
.resourceGroupName(exampleSpringCloudService.resourceGroupName())
.serviceName(exampleSpringCloudService.name())
.keyVaultCertificateId(exampleCertificate.id())
.excludePrivateKey(true)
.build());
}
}Content copied to clipboard
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
name: example
properties:
name: example-resources
location: West Europe
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: keyvaultcertexample
location: ${exampleResourceGroup.location}
resourceGroupName: ${exampleResourceGroup.name}
tenantId: ${current.tenantId}
skuName: standard
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
secretPermissions:
- Set
certificatePermissions:
- Create
- Delete
- Get
- Update
- tenantId: ${current.tenantId}
objectId: ${example.objectId}
secretPermissions:
- Get
- List
certificatePermissions:
- Get
- List
exampleCertificate:
type: azure:keyvault:Certificate
name: example
properties:
name: cert-example
keyVaultId: ${exampleKeyVault.id}
certificatePolicy:
issuerParameters:
name: Self
keyProperties:
exportable: true
keySize: 2048
keyType: RSA
reuseKey: true
lifetimeActions:
- action:
actionType: AutoRenew
trigger:
daysBeforeExpiry: 30
secretProperties:
contentType: application/x-pkcs12
x509CertificateProperties:
keyUsages:
- cRLSign
- dataEncipherment
- digitalSignature
- keyAgreement
- keyCertSign
- keyEncipherment
subject: CN=contoso.com
validityInMonths: 12
exampleSpringCloudService:
type: azure:appplatform:SpringCloudService
name: example
properties:
name: example-springcloud
resourceGroupName: ${exampleResourceGroup.name}
location: ${exampleResourceGroup.location}
exampleSpringCloudCertificate:
type: azure:appplatform:SpringCloudCertificate
name: example
properties:
name: example-scc
resourceGroupName: ${exampleSpringCloudService.resourceGroupName}
serviceName: ${exampleSpringCloudService.name}
keyVaultCertificateId: ${exampleCertificate.id}
excludePrivateKey: true
variables:
current:
fn::invoke:
function: azure:core:getClientConfig
arguments: {}
example:
fn::invoke:
function: azuread:getServicePrincipal
arguments:
displayName: Azure Spring Cloud Resource ProviderContent copied to clipboard
Import
Spring Cloud Certificate can be imported using the resource id, e.g.
$ pulumi import azure:appplatform/springCloudCertificate:SpringCloudCertificate example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.AppPlatform/spring/spring1/certificates/cert1Content copied to clipboard
Properties
Link copied to clipboard
The content of uploaded certificate. Changing this forces a new resource to be created.
Link copied to clipboard
Specifies whether the private key should be excluded from the Key Vault Certificate. Changing this forces a new resource to be created. Defaults to false.
Link copied to clipboard
Specifies the ID of the Key Vault Certificate resource. Changing this forces a new resource to be created.
Link copied to clipboard
Specifies the name of the resource group in which to create the Spring Cloud Certificate. Changing this forces a new resource to be created.
Link copied to clipboard
Specifies the name of the Spring Cloud Service resource. Changing this forces a new resource to be created.