Server
Example Usage
Network Security Server Tls Policy Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.labels(Map.of("foo", "bar"))
.description("my description")
.allowOpen("false")
.serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
.certificateProviderInstance(ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs.builder()
.pluginInstance("google_cloud_private_spiffe")
.build())
.build())
.mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
.clientValidationCas(
ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
.grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
.targetUri("unix:mypath")
.build())
.build(),
ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
.grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
.targetUri("unix:abc/mypath")
.build())
.build(),
ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
.certificateProviderInstance(ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs.builder()
.pluginInstance("google_cloud_private_spiffe")
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}Network Security Server Tls Policy Advanced
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.labels(Map.of("foo", "bar"))
.description("my description")
.location("global")
.allowOpen("false")
.mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
.clientValidationMode("ALLOW_INVALID_OR_MISSING_CLIENT_CERT")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}Network Security Server Tls Policy Server Cert
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.labels(Map.of("foo", "bar"))
.description("my description")
.location("global")
.allowOpen("false")
.serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
.grpcEndpoint(ServerTlsPolicyServerCertificateGrpcEndpointArgs.builder()
.targetUri("unix:mypath")
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}Import
ServerTlsPolicy can be imported using any of these accepted formats
$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{project}}/{{location}}/{{name}}$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{location}}/{{name}}Properties
This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
Time the ServerTlsPolicy was created in UTC.
A free-text description of the resource. Max length 1024 characters.
This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
Time the ServerTlsPolicy was updated in UTC.