Ca
A CaPool represents a group of CertificateAuthorities that form a trust anchor. A CaPool can be used to manage issuance policies for one or more CertificateAuthority resources and to rotate CA certificates in and out of the trust anchor.
Example Usage
Privateca Capool Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new CaPool("default", CaPoolArgs.builder()
.labels(Map.of("foo", "bar"))
.location("us-central1")
.publishingOptions(CaPoolPublishingOptionsArgs.builder()
.publishCaCert(true)
.publishCrl(true)
.build())
.tier("ENTERPRISE")
.build());
}
}Content copied to clipboard
Privateca Capool All Fields
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyAllowedIssuanceModesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesNameConstraintsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyIdentityConstraintsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyIdentityConstraintsCelExpressionArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new CaPool("default", CaPoolArgs.builder()
.issuancePolicy(CaPoolIssuancePolicyArgs.builder()
.allowedIssuanceModes(CaPoolIssuancePolicyAllowedIssuanceModesArgs.builder()
.allowConfigBasedIssuance(true)
.allowCsrBasedIssuance(true)
.build())
.allowedKeyTypes(
CaPoolIssuancePolicyAllowedKeyTypeArgs.builder()
.ellipticCurve(CaPoolIssuancePolicyAllowedKeyTypeEllipticCurveArgs.builder()
.signatureAlgorithm("ECDSA_P256")
.build())
.build(),
CaPoolIssuancePolicyAllowedKeyTypeArgs.builder()
.rsa(CaPoolIssuancePolicyAllowedKeyTypeRsaArgs.builder()
.maxModulusSize(10)
.minModulusSize(5)
.build())
.build())
.baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()
.additionalExtensions(CaPoolIssuancePolicyBaselineValuesAdditionalExtensionArgs.builder()
.critical(true)
.objectId(CaPoolIssuancePolicyBaselineValuesAdditionalExtensionObjectIdArgs.builder()
.objectIdPath(
1,
7)
.build())
.value("asdf")
.build())
.aiaOcspServers("example.com")
.caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()
.isCa(true)
.maxIssuerPathLength(10)
.build())
.keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()
.baseKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs.builder()
.certSign(false)
.contentCommitment(true)
.crlSign(true)
.dataEncipherment(true)
.decipherOnly(true)
.digitalSignature(true)
.keyAgreement(true)
.keyEncipherment(false)
.build())
.extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()
.clientAuth(false)
.codeSigning(true)
.emailProtection(true)
.serverAuth(true)
.timeStamping(true)
.build())
.build())
.nameConstraints(CaPoolIssuancePolicyBaselineValuesNameConstraintsArgs.builder()
.critical(true)
.excludedDnsNames(
"*.deny.example1.com",
"*.deny.example2.com")
.excludedEmailAddresses(
".deny.example1.com",
".deny.example2.com")
.excludedIpRanges(
"10.1.1.0/24",
"11.1.1.0/24")
.excludedUris(
".deny.example1.com",
".deny.example2.com")
.permittedDnsNames(
"*.example1.com",
"*.example2.com")
.permittedEmailAddresses(
".example1.com",
".example2.com")
.permittedIpRanges(
"10.0.0.0/8",
"11.0.0.0/8")
.permittedUris(
".example1.com",
".example2.com")
.build())
.policyIds(
CaPoolIssuancePolicyBaselineValuesPolicyIdArgs.builder()
.objectIdPath(
1,
5)
.build(),
CaPoolIssuancePolicyBaselineValuesPolicyIdArgs.builder()
.objectIdPath(
1,
5,
7)
.build())
.build())
.identityConstraints(CaPoolIssuancePolicyIdentityConstraintsArgs.builder()
.allowSubjectAltNamesPassthrough(true)
.allowSubjectPassthrough(true)
.celExpression(CaPoolIssuancePolicyIdentityConstraintsCelExpressionArgs.builder()
.expression("subject_alt_names.all(san, san.type == DNS || san.type == EMAIL )")
.title("My title")
.build())
.build())
.maximumLifetime("50000s")
.build())
.labels(Map.of("foo", "bar"))
.location("us-central1")
.publishingOptions(CaPoolPublishingOptionsArgs.builder()
.encodingFormat("PEM")
.publishCaCert(false)
.publishCrl(true)
.build())
.tier("ENTERPRISE")
.build());
}
}Content copied to clipboard
Import
CaPool can be imported using any of these accepted formats
$ pulumi import gcp:certificateauthority/caPool:CaPool default projects/{{project}}/locations/{{location}}/caPools/{{name}}Content copied to clipboard
$ pulumi import gcp:certificateauthority/caPool:CaPool default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:certificateauthority/caPool:CaPool default {{location}}/{{name}}Content copied to clipboard
Properties
Link copied to clipboard
The IssuancePolicy to control how Certificates will be issued from this CaPool. Structure is documented below.
Link copied to clipboard
The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. Structure is documented below.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard