pulumi-gcp-kotlin/com.pulumi.gcp.networksecurity.kotlin/TlsInspectionPolicyArgs

TlsInspectionPolicyArgs

data class TlsInspectionPolicyArgs(val caPool: Output<String>? = null, val description: Output<String>? = null, val excludePublicCaSet: Output<Boolean>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null) : ConvertibleToJava<TlsInspectionPolicyArgs>

Example Usage

Network Security Tls Inspection Policy Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.Authority;
import com.pulumi.gcp.certificateauthority.AuthorityArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
import com.pulumi.gcp.projects.ServiceIdentity;
import com.pulumi.gcp.projects.ServiceIdentityArgs;
import com.pulumi.gcp.certificateauthority.CaPoolIamMember;
import com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;
import com.pulumi.gcp.networksecurity.TlsInspectionPolicy;
import com.pulumi.gcp.networksecurity.TlsInspectionPolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var defaultCaPool = new CaPool("defaultCaPool", CaPoolArgs.builder()
            .location("us-central1")
            .tier("DEVOPS")
            .publishingOptions(CaPoolPublishingOptionsArgs.builder()
                .publishCaCert(false)
                .publishCrl(false)
                .build())
            .issuancePolicy(CaPoolIssuancePolicyArgs.builder()
                .maximumLifetime("1209600s")
                .baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()
                    .caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()
                        .isCa(false)
                        .build())
                    .keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()
                        .baseKeyUsage()
                        .extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()
                            .serverAuth(true)
                            .build())
                        .build())
                    .build())
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());
        var defaultAuthority = new Authority("defaultAuthority", AuthorityArgs.builder()
            .pool(defaultCaPool.name())
            .certificateAuthorityId("my-basic-certificate-authority")
            .location("us-central1")
            .lifetime("86400s")
            .type("SELF_SIGNED")
            .deletionProtection(false)
            .skipGracePeriod(true)
            .ignoreActiveCertificatesOnDeletion(true)
            .config(AuthorityConfigArgs.builder()
                .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
                    .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
                        .organization("Test LLC")
                        .commonName("my-ca")
                        .build())
                    .build())
                .x509Config(AuthorityConfigX509ConfigArgs.builder()
                    .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
                        .isCa(true)
                        .build())
                    .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
                        .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
                            .certSign(true)
                            .crlSign(true)
                            .build())
                        .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
                            .serverAuth(false)
                            .build())
                        .build())
                    .build())
                .build())
            .keySpec(AuthorityKeySpecArgs.builder()
                .algorithm("RSA_PKCS1_4096_SHA256")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());
        var nsSa = new ServiceIdentity("nsSa", ServiceIdentityArgs.builder()
            .service("networksecurity.googleapis.com")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());
        var tlsInspectionPermission = new CaPoolIamMember("tlsInspectionPermission", CaPoolIamMemberArgs.builder()
            .caPool(defaultCaPool.id())
            .role("roles/privateca.certificateManager")
            .member(nsSa.email().applyValue(email -> String.format("serviceAccount:%s", email)))
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());
        var defaultTlsInspectionPolicy = new TlsInspectionPolicy("defaultTlsInspectionPolicy", TlsInspectionPolicyArgs.builder()
            .location("us-central1")
            .caPool(defaultCaPool.id())
            .excludePublicCaSet(false)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(
                    defaultCaPool,
                    defaultAuthority,
                    tlsInspectionPermission)
                .build());
    }
}
Content copied to clipboard

Import

TlsInspectionPolicy can be imported using any of these accepted formats

$ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default projects/{{project}}/locations/{{location}}/tlsInspectionPolicies/{{name}}
Content copied to clipboard
$ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default {{project}}/{{location}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default {{location}}/{{name}}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(caPool: Output<String>? = null, description: Output<String>? = null, excludePublicCaSet: Output<Boolean>? = null, location: Output<String>? = null, name: Output<String>? = null, project: Output<String>? = null)

Properties

Link copied to clipboard
val caPool: Output<String>? = null

A CA pool resource used to issue interception certificates.

Link copied to clipboard
val description: Output<String>? = null

Free-text description of the resource.

Link copied to clipboard
val excludePublicCaSet: Output<Boolean>? = null

If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trustConfig. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trustConfig will be accepted.

Link copied to clipboard
val location: Output<String>? = null

The location of the tls inspection policy.

Link copied to clipboard
val name: Output<String>? = null

Short name of the TlsInspectionPolicy resource to be created.

Link copied to clipboard
val project: Output<String>? = null

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Functions

Link copied to clipboard
open override fun toJava(): TlsInspectionPolicyArgs