Ca
data class CaPoolArgs(val issuancePolicy: Output<CaPoolIssuancePolicyArgs>? = null, val labels: Output<Map<String, String>>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val publishingOptions: Output<CaPoolPublishingOptionsArgs>? = null, val tier: Output<String>? = null) : ConvertibleToJava<CaPoolArgs>
A CaPool represents a group of CertificateAuthorities that form a trust anchor. A CaPool can be used to manage issuance policies for one or more CertificateAuthority resources and to rotate CA certificates in and out of the trust anchor.
Example Usage
Privateca Capool Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new CaPool("default", CaPoolArgs.builder()
.labels(Map.of("foo", "bar"))
.location("us-central1")
.publishingOptions(CaPoolPublishingOptionsArgs.builder()
.publishCaCert(true)
.publishCrl(true)
.build())
.tier("ENTERPRISE")
.build());
}
}Content copied to clipboard
Privateca Capool All Fields
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyAllowedIssuanceModesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesNameConstraintsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyIdentityConstraintsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyIdentityConstraintsCelExpressionArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new CaPool("default", CaPoolArgs.builder()
.issuancePolicy(CaPoolIssuancePolicyArgs.builder()
.allowedIssuanceModes(CaPoolIssuancePolicyAllowedIssuanceModesArgs.builder()
.allowConfigBasedIssuance(true)
.allowCsrBasedIssuance(true)
.build())
.allowedKeyTypes(
CaPoolIssuancePolicyAllowedKeyTypeArgs.builder()
.ellipticCurve(CaPoolIssuancePolicyAllowedKeyTypeEllipticCurveArgs.builder()
.signatureAlgorithm("ECDSA_P256")
.build())
.build(),
CaPoolIssuancePolicyAllowedKeyTypeArgs.builder()
.rsa(CaPoolIssuancePolicyAllowedKeyTypeRsaArgs.builder()
.maxModulusSize(10)
.minModulusSize(5)
.build())
.build())
.baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()
.additionalExtensions(CaPoolIssuancePolicyBaselineValuesAdditionalExtensionArgs.builder()
.critical(true)
.objectId(CaPoolIssuancePolicyBaselineValuesAdditionalExtensionObjectIdArgs.builder()
.objectIdPath(
1,
7)
.build())
.value("asdf")
.build())
.aiaOcspServers("example.com")
.caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()
.isCa(true)
.maxIssuerPathLength(10)
.build())
.keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()
.baseKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs.builder()
.certSign(false)
.contentCommitment(true)
.crlSign(true)
.dataEncipherment(true)
.decipherOnly(true)
.digitalSignature(true)
.keyAgreement(true)
.keyEncipherment(false)
.build())
.extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()
.clientAuth(false)
.codeSigning(true)
.emailProtection(true)
.serverAuth(true)
.timeStamping(true)
.build())
.build())
.nameConstraints(CaPoolIssuancePolicyBaselineValuesNameConstraintsArgs.builder()
.critical(true)
.excludedDnsNames(
"*.deny.example1.com",
"*.deny.example2.com")
.excludedEmailAddresses(
".deny.example1.com",
".deny.example2.com")
.excludedIpRanges(
"10.1.1.0/24",
"11.1.1.0/24")
.excludedUris(
".deny.example1.com",
".deny.example2.com")
.permittedDnsNames(
"*.example1.com",
"*.example2.com")
.permittedEmailAddresses(
".example1.com",
".example2.com")
.permittedIpRanges(
"10.0.0.0/8",
"11.0.0.0/8")
.permittedUris(
".example1.com",
".example2.com")
.build())
.policyIds(
CaPoolIssuancePolicyBaselineValuesPolicyIdArgs.builder()
.objectIdPath(
1,
5)
.build(),
CaPoolIssuancePolicyBaselineValuesPolicyIdArgs.builder()
.objectIdPath(
1,
5,
7)
.build())
.build())
.identityConstraints(CaPoolIssuancePolicyIdentityConstraintsArgs.builder()
.allowSubjectAltNamesPassthrough(true)
.allowSubjectPassthrough(true)
.celExpression(CaPoolIssuancePolicyIdentityConstraintsCelExpressionArgs.builder()
.expression("subject_alt_names.all(san, san.type == DNS || san.type == EMAIL )")
.title("My title")
.build())
.build())
.maximumLifetime("50000s")
.build())
.labels(Map.of("foo", "bar"))
.location("us-central1")
.publishingOptions(CaPoolPublishingOptionsArgs.builder()
.encodingFormat("PEM")
.publishCaCert(false)
.publishCrl(true)
.build())
.tier("ENTERPRISE")
.build());
}
}Content copied to clipboard
Import
CaPool can be imported using any of these accepted formats
$ pulumi import gcp:certificateauthority/caPool:CaPool default projects/{{project}}/locations/{{location}}/caPools/{{name}}Content copied to clipboard
$ pulumi import gcp:certificateauthority/caPool:CaPool default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:certificateauthority/caPool:CaPool default {{location}}/{{name}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(issuancePolicy: Output<CaPoolIssuancePolicyArgs>? = null, labels: Output<Map<String, String>>? = null, location: Output<String>? = null, name: Output<String>? = null, project: Output<String>? = null, publishingOptions: Output<CaPoolPublishingOptionsArgs>? = null, tier: Output<String>? = null)