pulumi-gcp-kotlin/com.pulumi.gcp.certificatemanager.kotlin/CertificateIssuanceConfigArgs

CertificateIssuanceConfigArgs

data class CertificateIssuanceConfigArgs(val certificateAuthorityConfig: Output<CertificateIssuanceConfigCertificateAuthorityConfigArgs>? = null, val description: Output<String>? = null, val keyAlgorithm: Output<String>? = null, val labels: Output<Map<String, String>>? = null, val lifetime: Output<String>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val rotationWindowPercentage: Output<Int>? = null) : ConvertibleToJava<CertificateIssuanceConfigArgs>

Certificate represents a HTTP-reachable backend for a Certificate. To get more information about CertificateIssuanceConfig, see:

Example Usage

Certificate Manager Certificate Issuance Config

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.Authority;
import com.pulumi.gcp.certificateauthority.AuthorityArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var pool = new CaPool("pool", CaPoolArgs.builder()
            .location("us-central1")
            .tier("ENTERPRISE")
            .build());
        var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()
            .location("us-central1")
            .pool(pool.name())
            .certificateAuthorityId("ca-authority")
            .config(AuthorityConfigArgs.builder()
                .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
                    .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
                        .organization("HashiCorp")
                        .commonName("my-certificate-authority")
                        .build())
                    .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
                        .dnsNames("hashicorp.com")
                        .build())
                    .build())
                .x509Config(AuthorityConfigX509ConfigArgs.builder()
                    .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
                        .isCa(true)
                        .build())
                    .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
                        .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
                            .certSign(true)
                            .crlSign(true)
                            .build())
                        .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
                            .serverAuth(true)
                            .build())
                        .build())
                    .build())
                .build())
            .keySpec(AuthorityKeySpecArgs.builder()
                .algorithm("RSA_PKCS1_4096_SHA256")
                .build())
            .deletionProtection(false)
            .skipGracePeriod(true)
            .ignoreActiveCertificatesOnDeletion(true)
            .build());
        var default_ = new CertificateIssuanceConfig("default", CertificateIssuanceConfigArgs.builder()
            .description("sample description for the certificate issuanceConfigs")
            .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
                .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
                    .caPool(pool.id())
                    .build())
                .build())
            .lifetime("1814400s")
            .rotationWindowPercentage(34)
            .keyAlgorithm("ECDSA_P256")
            .labels(Map.ofEntries(
                Map.entry("name", "wrench"),
                Map.entry("count", "3")
            ))
            .build(), CustomResourceOptions.builder()
                .dependsOn(caAuthority)
                .build());
    }
}
Content copied to clipboard

Import

CertificateIssuanceConfig can be imported using any of these accepted formats

$ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}
Content copied to clipboard
$ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default {{project}}/{{location}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default {{location}}/{{name}}
Content copied to clipboard

Constructors

Link copied to clipboard
fun CertificateIssuanceConfigArgs(certificateAuthorityConfig: Output<CertificateIssuanceConfigCertificateAuthorityConfigArgs>? = null, description: Output<String>? = null, keyAlgorithm: Output<String>? = null, labels: Output<Map<String, String>>? = null, lifetime: Output<String>? = null, location: Output<String>? = null, name: Output<String>? = null, project: Output<String>? = null, rotationWindowPercentage: Output<Int>? = null)

Functions

Link copied to clipboard
open override fun toJava(): CertificateIssuanceConfigArgs

Properties

Link copied to clipboard
val certificateAuthorityConfig: Output<CertificateIssuanceConfigCertificateAuthorityConfigArgs>? = null

The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

Link copied to clipboard
val description: Output<String>? = null

One or more paragraphs of text description of a CertificateIssuanceConfig.

Link copied to clipboard
val keyAlgorithm: Output<String>? = null

Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

Link copied to clipboard
val labels: Output<Map<String, String>>? = null

'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

Link copied to clipboard
val lifetime: Output<String>? = null

Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

Link copied to clipboard
val location: Output<String>? = null

The Certificate Manager location. If not specified, "global" is used.

Link copied to clipboard
val name: Output<String>? = null

A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

Link copied to clipboard
val project: Output<String>? = null

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Link copied to clipboard
val rotationWindowPercentage: Output<Int>? = null

It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.