Certificate
Certificate represents a HTTP-reachable backend for a Certificate.
Warning: All arguments including the following potentially sensitive values will be stored in the raw state as plain text:
self_managed.certificate_pem,self_managed.private_key_pem,self_managed.pem_private_key. Read more about sensitive data in state.
Example Usage
Certificate Manager Google Managed Certificate Dns
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.DnsAuthorization;
import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
.description("The default dnss")
.domain("subdomain.hashicorptest.com")
.build());
var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
.description("The default dnss")
.domain("subdomain2.hashicorptest.com")
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.description("The default cert")
.scope("EDGE_CACHE")
.managed(CertificateManagedArgs.builder()
.domains(
instance.domain(),
instance2.domain())
.dnsAuthorizations(
instance.id(),
instance2.id())
.build())
.build());
}
}Content copied to clipboard
Certificate Manager Google Managed Certificate Issuance Config
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.Authority;
import com.pulumi.gcp.certificateauthority.AuthorityArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pool = new CaPool("pool", CaPoolArgs.builder()
.location("us-central1")
.tier("ENTERPRISE")
.build());
var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()
.location("us-central1")
.pool(pool.name())
.certificateAuthorityId("ca-authority")
.config(AuthorityConfigArgs.builder()
.subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
.subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
.organization("HashiCorp")
.commonName("my-certificate-authority")
.build())
.subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
.dnsNames("hashicorp.com")
.build())
.build())
.x509Config(AuthorityConfigX509ConfigArgs.builder()
.caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
.isCa(true)
.build())
.keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.certSign(true)
.crlSign(true)
.build())
.extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(true)
.build())
.build())
.build())
.build())
.keySpec(AuthorityKeySpecArgs.builder()
.algorithm("RSA_PKCS1_4096_SHA256")
.build())
.deletionProtection(false)
.skipGracePeriod(true)
.ignoreActiveCertificatesOnDeletion(true)
.build());
var issuanceconfig = new CertificateIssuanceConfig("issuanceconfig", CertificateIssuanceConfigArgs.builder()
.description("sample description for the certificate issuanceConfigs")
.certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
.certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
.caPool(pool.id())
.build())
.build())
.lifetime("1814400s")
.rotationWindowPercentage(34)
.keyAlgorithm("ECDSA_P256")
.build(), CustomResourceOptions.builder()
.dependsOn(caAuthority)
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.description("The default cert")
.scope("EDGE_CACHE")
.managed(CertificateManagedArgs.builder()
.domains("terraform.subdomain1.com")
.issuanceConfig(issuanceconfig.id())
.build())
.build());
}
}Content copied to clipboard
Certificate Manager Certificate Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.DnsAuthorization;
import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
.description("The default dnss")
.domain("subdomain.hashicorptest.com")
.build());
var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
.description("The default dnss")
.domain("subdomain2.hashicorptest.com")
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.description("Global cert")
.scope("EDGE_CACHE")
.managed(CertificateManagedArgs.builder()
.domains(
instance.domain(),
instance2.domain())
.dnsAuthorizations(
instance.id(),
instance2.id())
.build())
.build());
}
}Content copied to clipboard
Certificate Manager Self Managed Certificate Regional
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Certificate("default", CertificateArgs.builder()
.description("Regional cert")
.location("us-central1")
.selfManaged(CertificateSelfManagedArgs.builder()
.pemCertificate(Files.readString(Paths.get("test-fixtures/cert.pem")))
.pemPrivateKey(Files.readString(Paths.get("test-fixtures/private-key.pem")))
.build())
.build());
}
}Content copied to clipboard
Import
Certificate can be imported using any of these accepted formats
$ pulumi import gcp:certificatemanager/certificate:Certificate default projects/{{project}}/locations/{{location}}/certificates/{{name}}Content copied to clipboard
$ pulumi import gcp:certificatemanager/certificate:Certificate default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:certificatemanager/certificate:Certificate default {{location}}/{{name}}Content copied to clipboard
Properties
Link copied to clipboard
A human-readable description of the resource.
Link copied to clipboard
Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
Link copied to clipboard
A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression a-zA-Z0-9_-* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). see https://cloud.google.com/compute/docs/regions-zones
Link copied to clipboard
Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.