Certificate
data class CertificateArgs(val description: Output<String>? = null, val labels: Output<Map<String, String>>? = null, val location: Output<String>? = null, val managed: Output<CertificateManagedArgs>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val scope: Output<String>? = null, val selfManaged: Output<CertificateSelfManagedArgs>? = null) : ConvertibleToJava<CertificateArgs>
Certificate represents a HTTP-reachable backend for a Certificate.
Example Usage
Certificate Manager Google Managed Certificate Dns
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
name: "dns-auth",
description: "The default dnss",
domain: "subdomain.hashicorptest.com",
});
const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
name: "dns-auth2",
description: "The default dnss",
domain: "subdomain2.hashicorptest.com",
});
const _default = new gcp.certificatemanager.Certificate("default", {
name: "dns-cert",
description: "The default cert",
scope: "EDGE_CACHE",
labels: {
env: "test",
},
managed: {
domains: [
instance.domain,
instance2.domain,
],
dnsAuthorizations: [
instance.id,
instance2.id,
],
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
instance = gcp.certificatemanager.DnsAuthorization("instance",
name="dns-auth",
description="The default dnss",
domain="subdomain.hashicorptest.com")
instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
name="dns-auth2",
description="The default dnss",
domain="subdomain2.hashicorptest.com")
default = gcp.certificatemanager.Certificate("default",
name="dns-cert",
description="The default cert",
scope="EDGE_CACHE",
labels={
"env": "test",
},
managed={
"domains": [
instance.domain,
instance2.domain,
],
"dns_authorizations": [
instance.id,
instance2.id,
],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
{
Name = "dns-auth",
Description = "The default dnss",
Domain = "subdomain.hashicorptest.com",
});
var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
{
Name = "dns-auth2",
Description = "The default dnss",
Domain = "subdomain2.hashicorptest.com",
});
var @default = new Gcp.CertificateManager.Certificate("default", new()
{
Name = "dns-cert",
Description = "The default cert",
Scope = "EDGE_CACHE",
Labels =
{
{ "env", "test" },
},
Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
{
Domains = new[]
{
instance.Domain,
instance2.Domain,
},
DnsAuthorizations = new[]
{
instance.Id,
instance2.Id,
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
Name: pulumi.String("dns-auth"),
Description: pulumi.String("The default dnss"),
Domain: pulumi.String("subdomain.hashicorptest.com"),
})
if err != nil {
return err
}
instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
Name: pulumi.String("dns-auth2"),
Description: pulumi.String("The default dnss"),
Domain: pulumi.String("subdomain2.hashicorptest.com"),
})
if err != nil {
return err
}
_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
Name: pulumi.String("dns-cert"),
Description: pulumi.String("The default cert"),
Scope: pulumi.String("EDGE_CACHE"),
Labels: pulumi.StringMap{
"env": pulumi.String("test"),
},
Managed: &certificatemanager.CertificateManagedArgs{
Domains: pulumi.StringArray{
instance.Domain,
instance2.Domain,
},
DnsAuthorizations: pulumi.StringArray{
instance.ID(),
instance2.ID(),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.DnsAuthorization;
import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
.name("dns-auth")
.description("The default dnss")
.domain("subdomain.hashicorptest.com")
.build());
var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
.name("dns-auth2")
.description("The default dnss")
.domain("subdomain2.hashicorptest.com")
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.name("dns-cert")
.description("The default cert")
.scope("EDGE_CACHE")
.labels(Map.of("env", "test"))
.managed(CertificateManagedArgs.builder()
.domains(
instance.domain(),
instance2.domain())
.dnsAuthorizations(
instance.id(),
instance2.id())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:certificatemanager:Certificate
properties:
name: dns-cert
description: The default cert
scope: EDGE_CACHE
labels:
env: test
managed:
domains:
- ${instance.domain}
- ${instance2.domain}
dnsAuthorizations:
- ${instance.id}
- ${instance2.id}
instance:
type: gcp:certificatemanager:DnsAuthorization
properties:
name: dns-auth
description: The default dnss
domain: subdomain.hashicorptest.com
instance2:
type: gcp:certificatemanager:DnsAuthorization
properties:
name: dns-auth2
description: The default dnss
domain: subdomain2.hashicorptest.comContent copied to clipboard
Certificate Manager Google Managed Certificate Issuance Config
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const pool = new gcp.certificateauthority.CaPool("pool", {
name: "ca-pool",
location: "us-central1",
tier: "ENTERPRISE",
});
const caAuthority = new gcp.certificateauthority.Authority("ca_authority", {
location: "us-central1",
pool: pool.name,
certificateAuthorityId: "ca-authority",
config: {
subjectConfig: {
subject: {
organization: "HashiCorp",
commonName: "my-certificate-authority",
},
subjectAltName: {
dnsNames: ["hashicorp.com"],
},
},
x509Config: {
caOptions: {
isCa: true,
},
keyUsage: {
baseKeyUsage: {
certSign: true,
crlSign: true,
},
extendedKeyUsage: {
serverAuth: true,
},
},
},
},
keySpec: {
algorithm: "RSA_PKCS1_4096_SHA256",
},
deletionProtection: false,
skipGracePeriod: true,
ignoreActiveCertificatesOnDeletion: true,
});
// creating certificate_issuance_config to use it in the managed certificate
const issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig", {
name: "issuance-config",
description: "sample description for the certificate issuanceConfigs",
certificateAuthorityConfig: {
certificateAuthorityServiceConfig: {
caPool: pool.id,
},
},
lifetime: "1814400s",
rotationWindowPercentage: 34,
keyAlgorithm: "ECDSA_P256",
}, {
dependsOn: [caAuthority],
});
const _default = new gcp.certificatemanager.Certificate("default", {
name: "issuance-config-cert",
description: "The default cert",
scope: "EDGE_CACHE",
managed: {
domains: ["terraform.subdomain1.com"],
issuanceConfig: issuanceconfig.id,
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
pool = gcp.certificateauthority.CaPool("pool",
name="ca-pool",
location="us-central1",
tier="ENTERPRISE")
ca_authority = gcp.certificateauthority.Authority("ca_authority",
location="us-central1",
pool=pool.name,
certificate_authority_id="ca-authority",
config={
"subject_config": {
"subject": {
"organization": "HashiCorp",
"common_name": "my-certificate-authority",
},
"subject_alt_name": {
"dns_names": ["hashicorp.com"],
},
},
"x509_config": {
"ca_options": {
"is_ca": True,
},
"key_usage": {
"base_key_usage": {
"cert_sign": True,
"crl_sign": True,
},
"extended_key_usage": {
"server_auth": True,
},
},
},
},
key_spec={
"algorithm": "RSA_PKCS1_4096_SHA256",
},
deletion_protection=False,
skip_grace_period=True,
ignore_active_certificates_on_deletion=True)
# creating certificate_issuance_config to use it in the managed certificate
issuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig",
name="issuance-config",
description="sample description for the certificate issuanceConfigs",
certificate_authority_config={
"certificate_authority_service_config": {
"ca_pool": pool.id,
},
},
lifetime="1814400s",
rotation_window_percentage=34,
key_algorithm="ECDSA_P256",
opts = pulumi.ResourceOptions(depends_on=[ca_authority]))
default = gcp.certificatemanager.Certificate("default",
name="issuance-config-cert",
description="The default cert",
scope="EDGE_CACHE",
managed={
"domains": ["terraform.subdomain1.com"],
"issuance_config": issuanceconfig.id,
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var pool = new Gcp.CertificateAuthority.CaPool("pool", new()
{
Name = "ca-pool",
Location = "us-central1",
Tier = "ENTERPRISE",
});
var caAuthority = new Gcp.CertificateAuthority.Authority("ca_authority", new()
{
Location = "us-central1",
Pool = pool.Name,
CertificateAuthorityId = "ca-authority",
Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
{
SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
{
Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
{
Organization = "HashiCorp",
CommonName = "my-certificate-authority",
},
SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
{
DnsNames = new[]
{
"hashicorp.com",
},
},
},
X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
{
CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
{
IsCa = true,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
{
CertSign = true,
CrlSign = true,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
{
ServerAuth = true,
},
},
},
},
KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
{
Algorithm = "RSA_PKCS1_4096_SHA256",
},
DeletionProtection = false,
SkipGracePeriod = true,
IgnoreActiveCertificatesOnDeletion = true,
});
// creating certificate_issuance_config to use it in the managed certificate
var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig("issuanceconfig", new()
{
Name = "issuance-config",
Description = "sample description for the certificate issuanceConfigs",
CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs
{
CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs
{
CaPool = pool.Id,
},
},
Lifetime = "1814400s",
RotationWindowPercentage = 34,
KeyAlgorithm = "ECDSA_P256",
}, new CustomResourceOptions
{
DependsOn =
{
caAuthority,
},
});
var @default = new Gcp.CertificateManager.Certificate("default", new()
{
Name = "issuance-config-cert",
Description = "The default cert",
Scope = "EDGE_CACHE",
Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
{
Domains = new[]
{
"terraform.subdomain1.com",
},
IssuanceConfig = issuanceconfig.Id,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pool, err := certificateauthority.NewCaPool(ctx, "pool", &certificateauthority.CaPoolArgs{
Name: pulumi.String("ca-pool"),
Location: pulumi.String("us-central1"),
Tier: pulumi.String("ENTERPRISE"),
})
if err != nil {
return err
}
caAuthority, err := certificateauthority.NewAuthority(ctx, "ca_authority", &certificateauthority.AuthorityArgs{
Location: pulumi.String("us-central1"),
Pool: pool.Name,
CertificateAuthorityId: pulumi.String("ca-authority"),
Config: &certificateauthority.AuthorityConfigArgs{
SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
Organization: pulumi.String("HashiCorp"),
CommonName: pulumi.String("my-certificate-authority"),
},
SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
DnsNames: pulumi.StringArray{
pulumi.String("hashicorp.com"),
},
},
},
X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
IsCa: pulumi.Bool(true),
},
KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
CertSign: pulumi.Bool(true),
CrlSign: pulumi.Bool(true),
},
ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
ServerAuth: pulumi.Bool(true),
},
},
},
},
KeySpec: &certificateauthority.AuthorityKeySpecArgs{
Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
},
DeletionProtection: pulumi.Bool(false),
SkipGracePeriod: pulumi.Bool(true),
IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
})
if err != nil {
return err
}
// creating certificate_issuance_config to use it in the managed certificate
issuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, "issuanceconfig", &certificatemanager.CertificateIssuanceConfigArgs{
Name: pulumi.String("issuance-config"),
Description: pulumi.String("sample description for the certificate issuanceConfigs"),
CertificateAuthorityConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{
CertificateAuthorityServiceConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{
CaPool: pool.ID(),
},
},
Lifetime: pulumi.String("1814400s"),
RotationWindowPercentage: pulumi.Int(34),
KeyAlgorithm: pulumi.String("ECDSA_P256"),
}, pulumi.DependsOn([]pulumi.Resource{
caAuthority,
}))
if err != nil {
return err
}
_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
Name: pulumi.String("issuance-config-cert"),
Description: pulumi.String("The default cert"),
Scope: pulumi.String("EDGE_CACHE"),
Managed: &certificatemanager.CertificateManagedArgs{
Domains: pulumi.StringArray{
pulumi.String("terraform.subdomain1.com"),
},
IssuanceConfig: issuanceconfig.ID(),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.Authority;
import com.pulumi.gcp.certificateauthority.AuthorityArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pool = new CaPool("pool", CaPoolArgs.builder()
.name("ca-pool")
.location("us-central1")
.tier("ENTERPRISE")
.build());
var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()
.location("us-central1")
.pool(pool.name())
.certificateAuthorityId("ca-authority")
.config(AuthorityConfigArgs.builder()
.subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
.subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
.organization("HashiCorp")
.commonName("my-certificate-authority")
.build())
.subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
.dnsNames("hashicorp.com")
.build())
.build())
.x509Config(AuthorityConfigX509ConfigArgs.builder()
.caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
.isCa(true)
.build())
.keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.certSign(true)
.crlSign(true)
.build())
.extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(true)
.build())
.build())
.build())
.build())
.keySpec(AuthorityKeySpecArgs.builder()
.algorithm("RSA_PKCS1_4096_SHA256")
.build())
.deletionProtection(false)
.skipGracePeriod(true)
.ignoreActiveCertificatesOnDeletion(true)
.build());
// creating certificate_issuance_config to use it in the managed certificate
var issuanceconfig = new CertificateIssuanceConfig("issuanceconfig", CertificateIssuanceConfigArgs.builder()
.name("issuance-config")
.description("sample description for the certificate issuanceConfigs")
.certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
.certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
.caPool(pool.id())
.build())
.build())
.lifetime("1814400s")
.rotationWindowPercentage(34)
.keyAlgorithm("ECDSA_P256")
.build(), CustomResourceOptions.builder()
.dependsOn(caAuthority)
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.name("issuance-config-cert")
.description("The default cert")
.scope("EDGE_CACHE")
.managed(CertificateManagedArgs.builder()
.domains("terraform.subdomain1.com")
.issuanceConfig(issuanceconfig.id())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:certificatemanager:Certificate
properties:
name: issuance-config-cert
description: The default cert
scope: EDGE_CACHE
managed:
domains:
- terraform.subdomain1.com
issuanceConfig: ${issuanceconfig.id}
# creating certificate_issuance_config to use it in the managed certificate
issuanceconfig:
type: gcp:certificatemanager:CertificateIssuanceConfig
properties:
name: issuance-config
description: sample description for the certificate issuanceConfigs
certificateAuthorityConfig:
certificateAuthorityServiceConfig:
caPool: ${pool.id}
lifetime: 1814400s
rotationWindowPercentage: 34
keyAlgorithm: ECDSA_P256
options:
dependson:
- ${caAuthority}
pool:
type: gcp:certificateauthority:CaPool
properties:
name: ca-pool
location: us-central1
tier: ENTERPRISE
caAuthority:
type: gcp:certificateauthority:Authority
name: ca_authority
properties:
location: us-central1
pool: ${pool.name}
certificateAuthorityId: ca-authority
config:
subjectConfig:
subject:
organization: HashiCorp
commonName: my-certificate-authority
subjectAltName:
dnsNames:
- hashicorp.com
x509Config:
caOptions:
isCa: true
keyUsage:
baseKeyUsage:
certSign: true
crlSign: true
extendedKeyUsage:
serverAuth: true
keySpec:
algorithm: RSA_PKCS1_4096_SHA256
deletionProtection: false
skipGracePeriod: true
ignoreActiveCertificatesOnDeletion: trueContent copied to clipboard
Certificate Manager Certificate Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
name: "dns-auth",
description: "The default dnss",
domain: "subdomain.hashicorptest.com",
});
const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
name: "dns-auth2",
description: "The default dnss",
domain: "subdomain2.hashicorptest.com",
});
const _default = new gcp.certificatemanager.Certificate("default", {
name: "self-managed-cert",
description: "Global cert",
scope: "EDGE_CACHE",
managed: {
domains: [
instance.domain,
instance2.domain,
],
dnsAuthorizations: [
instance.id,
instance2.id,
],
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
instance = gcp.certificatemanager.DnsAuthorization("instance",
name="dns-auth",
description="The default dnss",
domain="subdomain.hashicorptest.com")
instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
name="dns-auth2",
description="The default dnss",
domain="subdomain2.hashicorptest.com")
default = gcp.certificatemanager.Certificate("default",
name="self-managed-cert",
description="Global cert",
scope="EDGE_CACHE",
managed={
"domains": [
instance.domain,
instance2.domain,
],
"dns_authorizations": [
instance.id,
instance2.id,
],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
{
Name = "dns-auth",
Description = "The default dnss",
Domain = "subdomain.hashicorptest.com",
});
var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
{
Name = "dns-auth2",
Description = "The default dnss",
Domain = "subdomain2.hashicorptest.com",
});
var @default = new Gcp.CertificateManager.Certificate("default", new()
{
Name = "self-managed-cert",
Description = "Global cert",
Scope = "EDGE_CACHE",
Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
{
Domains = new[]
{
instance.Domain,
instance2.Domain,
},
DnsAuthorizations = new[]
{
instance.Id,
instance2.Id,
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
Name: pulumi.String("dns-auth"),
Description: pulumi.String("The default dnss"),
Domain: pulumi.String("subdomain.hashicorptest.com"),
})
if err != nil {
return err
}
instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
Name: pulumi.String("dns-auth2"),
Description: pulumi.String("The default dnss"),
Domain: pulumi.String("subdomain2.hashicorptest.com"),
})
if err != nil {
return err
}
_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
Name: pulumi.String("self-managed-cert"),
Description: pulumi.String("Global cert"),
Scope: pulumi.String("EDGE_CACHE"),
Managed: &certificatemanager.CertificateManagedArgs{
Domains: pulumi.StringArray{
instance.Domain,
instance2.Domain,
},
DnsAuthorizations: pulumi.StringArray{
instance.ID(),
instance2.ID(),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.DnsAuthorization;
import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
.name("dns-auth")
.description("The default dnss")
.domain("subdomain.hashicorptest.com")
.build());
var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
.name("dns-auth2")
.description("The default dnss")
.domain("subdomain2.hashicorptest.com")
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.name("self-managed-cert")
.description("Global cert")
.scope("EDGE_CACHE")
.managed(CertificateManagedArgs.builder()
.domains(
instance.domain(),
instance2.domain())
.dnsAuthorizations(
instance.id(),
instance2.id())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:certificatemanager:Certificate
properties:
name: self-managed-cert
description: Global cert
scope: EDGE_CACHE
managed:
domains:
- ${instance.domain}
- ${instance2.domain}
dnsAuthorizations:
- ${instance.id}
- ${instance2.id}
instance:
type: gcp:certificatemanager:DnsAuthorization
properties:
name: dns-auth
description: The default dnss
domain: subdomain.hashicorptest.com
instance2:
type: gcp:certificatemanager:DnsAuthorization
properties:
name: dns-auth2
description: The default dnss
domain: subdomain2.hashicorptest.comContent copied to clipboard
Certificate Manager Self Managed Certificate Regional
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const _default = new gcp.certificatemanager.Certificate("default", {
name: "self-managed-cert",
description: "Regional cert",
location: "us-central1",
selfManaged: {
pemCertificate: std.file({
input: "test-fixtures/cert.pem",
}).then(invoke => invoke.result),
pemPrivateKey: std.file({
input: "test-fixtures/private-key.pem",
}).then(invoke => invoke.result),
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
default = gcp.certificatemanager.Certificate("default",
name="self-managed-cert",
description="Regional cert",
location="us-central1",
self_managed={
"pem_certificate": std.file(input="test-fixtures/cert.pem").result,
"pem_private_key": std.file(input="test-fixtures/private-key.pem").result,
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.CertificateManager.Certificate("default", new()
{
Name = "self-managed-cert",
Description = "Regional cert",
Location = "us-central1",
SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert.pem",
}).Apply(invoke => invoke.Result),
PemPrivateKey = Std.File.Invoke(new()
{
Input = "test-fixtures/private-key.pem",
}).Apply(invoke => invoke.Result),
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/private-key.pem",
}, nil)
if err != nil {
return err
}
_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
Name: pulumi.String("self-managed-cert"),
Description: pulumi.String("Regional cert"),
Location: pulumi.String("us-central1"),
SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
PemCertificate: pulumi.String(invokeFile.Result),
PemPrivateKey: pulumi.String(invokeFile1.Result),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Certificate("default", CertificateArgs.builder()
.name("self-managed-cert")
.description("Regional cert")
.location("us-central1")
.selfManaged(CertificateSelfManagedArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert.pem")
.build()).result())
.pemPrivateKey(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/private-key.pem")
.build()).result())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:certificatemanager:Certificate
properties:
name: self-managed-cert
description: Regional cert
location: us-central1
selfManaged:
pemCertificate:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/cert.pem
Return: result
pemPrivateKey:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/private-key.pem
Return: resultContent copied to clipboard
Certificate Manager Google Managed Certificate Issuance Config All Regions
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const pool = new gcp.certificateauthority.CaPool("pool", {
name: "ca-pool",
location: "us-central1",
tier: "ENTERPRISE",
});
const caAuthority = new gcp.certificateauthority.Authority("ca_authority", {
location: "us-central1",
pool: pool.name,
certificateAuthorityId: "ca-authority",
config: {
subjectConfig: {
subject: {
organization: "HashiCorp",
commonName: "my-certificate-authority",
},
subjectAltName: {
dnsNames: ["hashicorp.com"],
},
},
x509Config: {
caOptions: {
isCa: true,
},
keyUsage: {
baseKeyUsage: {
certSign: true,
crlSign: true,
},
extendedKeyUsage: {
serverAuth: true,
},
},
},
},
keySpec: {
algorithm: "RSA_PKCS1_4096_SHA256",
},
deletionProtection: false,
skipGracePeriod: true,
ignoreActiveCertificatesOnDeletion: true,
});
// creating certificate_issuance_config to use it in the managed certificate
const issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig", {
name: "issuance-config",
description: "sample description for the certificate issuanceConfigs",
certificateAuthorityConfig: {
certificateAuthorityServiceConfig: {
caPool: pool.id,
},
},
lifetime: "1814400s",
rotationWindowPercentage: 34,
keyAlgorithm: "ECDSA_P256",
}, {
dependsOn: [caAuthority],
});
const _default = new gcp.certificatemanager.Certificate("default", {
name: "issuance-config-cert",
description: "sample google managed all_regions certificate with issuance config for terraform",
scope: "ALL_REGIONS",
managed: {
domains: ["terraform.subdomain1.com"],
issuanceConfig: issuanceconfig.id,
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
pool = gcp.certificateauthority.CaPool("pool",
name="ca-pool",
location="us-central1",
tier="ENTERPRISE")
ca_authority = gcp.certificateauthority.Authority("ca_authority",
location="us-central1",
pool=pool.name,
certificate_authority_id="ca-authority",
config={
"subject_config": {
"subject": {
"organization": "HashiCorp",
"common_name": "my-certificate-authority",
},
"subject_alt_name": {
"dns_names": ["hashicorp.com"],
},
},
"x509_config": {
"ca_options": {
"is_ca": True,
},
"key_usage": {
"base_key_usage": {
"cert_sign": True,
"crl_sign": True,
},
"extended_key_usage": {
"server_auth": True,
},
},
},
},
key_spec={
"algorithm": "RSA_PKCS1_4096_SHA256",
},
deletion_protection=False,
skip_grace_period=True,
ignore_active_certificates_on_deletion=True)
# creating certificate_issuance_config to use it in the managed certificate
issuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig",
name="issuance-config",
description="sample description for the certificate issuanceConfigs",
certificate_authority_config={
"certificate_authority_service_config": {
"ca_pool": pool.id,
},
},
lifetime="1814400s",
rotation_window_percentage=34,
key_algorithm="ECDSA_P256",
opts = pulumi.ResourceOptions(depends_on=[ca_authority]))
default = gcp.certificatemanager.Certificate("default",
name="issuance-config-cert",
description="sample google managed all_regions certificate with issuance config for terraform",
scope="ALL_REGIONS",
managed={
"domains": ["terraform.subdomain1.com"],
"issuance_config": issuanceconfig.id,
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var pool = new Gcp.CertificateAuthority.CaPool("pool", new()
{
Name = "ca-pool",
Location = "us-central1",
Tier = "ENTERPRISE",
});
var caAuthority = new Gcp.CertificateAuthority.Authority("ca_authority", new()
{
Location = "us-central1",
Pool = pool.Name,
CertificateAuthorityId = "ca-authority",
Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
{
SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
{
Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
{
Organization = "HashiCorp",
CommonName = "my-certificate-authority",
},
SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
{
DnsNames = new[]
{
"hashicorp.com",
},
},
},
X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
{
CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
{
IsCa = true,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
{
CertSign = true,
CrlSign = true,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
{
ServerAuth = true,
},
},
},
},
KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
{
Algorithm = "RSA_PKCS1_4096_SHA256",
},
DeletionProtection = false,
SkipGracePeriod = true,
IgnoreActiveCertificatesOnDeletion = true,
});
// creating certificate_issuance_config to use it in the managed certificate
var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig("issuanceconfig", new()
{
Name = "issuance-config",
Description = "sample description for the certificate issuanceConfigs",
CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs
{
CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs
{
CaPool = pool.Id,
},
},
Lifetime = "1814400s",
RotationWindowPercentage = 34,
KeyAlgorithm = "ECDSA_P256",
}, new CustomResourceOptions
{
DependsOn =
{
caAuthority,
},
});
var @default = new Gcp.CertificateManager.Certificate("default", new()
{
Name = "issuance-config-cert",
Description = "sample google managed all_regions certificate with issuance config for terraform",
Scope = "ALL_REGIONS",
Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
{
Domains = new[]
{
"terraform.subdomain1.com",
},
IssuanceConfig = issuanceconfig.Id,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pool, err := certificateauthority.NewCaPool(ctx, "pool", &certificateauthority.CaPoolArgs{
Name: pulumi.String("ca-pool"),
Location: pulumi.String("us-central1"),
Tier: pulumi.String("ENTERPRISE"),
})
if err != nil {
return err
}
caAuthority, err := certificateauthority.NewAuthority(ctx, "ca_authority", &certificateauthority.AuthorityArgs{
Location: pulumi.String("us-central1"),
Pool: pool.Name,
CertificateAuthorityId: pulumi.String("ca-authority"),
Config: &certificateauthority.AuthorityConfigArgs{
SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
Organization: pulumi.String("HashiCorp"),
CommonName: pulumi.String("my-certificate-authority"),
},
SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
DnsNames: pulumi.StringArray{
pulumi.String("hashicorp.com"),
},
},
},
X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
IsCa: pulumi.Bool(true),
},
KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
CertSign: pulumi.Bool(true),
CrlSign: pulumi.Bool(true),
},
ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
ServerAuth: pulumi.Bool(true),
},
},
},
},
KeySpec: &certificateauthority.AuthorityKeySpecArgs{
Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
},
DeletionProtection: pulumi.Bool(false),
SkipGracePeriod: pulumi.Bool(true),
IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
})
if err != nil {
return err
}
// creating certificate_issuance_config to use it in the managed certificate
issuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, "issuanceconfig", &certificatemanager.CertificateIssuanceConfigArgs{
Name: pulumi.String("issuance-config"),
Description: pulumi.String("sample description for the certificate issuanceConfigs"),
CertificateAuthorityConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{
CertificateAuthorityServiceConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{
CaPool: pool.ID(),
},
},
Lifetime: pulumi.String("1814400s"),
RotationWindowPercentage: pulumi.Int(34),
KeyAlgorithm: pulumi.String("ECDSA_P256"),
}, pulumi.DependsOn([]pulumi.Resource{
caAuthority,
}))
if err != nil {
return err
}
_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
Name: pulumi.String("issuance-config-cert"),
Description: pulumi.String("sample google managed all_regions certificate with issuance config for terraform"),
Scope: pulumi.String("ALL_REGIONS"),
Managed: &certificatemanager.CertificateManagedArgs{
Domains: pulumi.StringArray{
pulumi.String("terraform.subdomain1.com"),
},
IssuanceConfig: issuanceconfig.ID(),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.Authority;
import com.pulumi.gcp.certificateauthority.AuthorityArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pool = new CaPool("pool", CaPoolArgs.builder()
.name("ca-pool")
.location("us-central1")
.tier("ENTERPRISE")
.build());
var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()
.location("us-central1")
.pool(pool.name())
.certificateAuthorityId("ca-authority")
.config(AuthorityConfigArgs.builder()
.subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
.subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
.organization("HashiCorp")
.commonName("my-certificate-authority")
.build())
.subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
.dnsNames("hashicorp.com")
.build())
.build())
.x509Config(AuthorityConfigX509ConfigArgs.builder()
.caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
.isCa(true)
.build())
.keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.certSign(true)
.crlSign(true)
.build())
.extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(true)
.build())
.build())
.build())
.build())
.keySpec(AuthorityKeySpecArgs.builder()
.algorithm("RSA_PKCS1_4096_SHA256")
.build())
.deletionProtection(false)
.skipGracePeriod(true)
.ignoreActiveCertificatesOnDeletion(true)
.build());
// creating certificate_issuance_config to use it in the managed certificate
var issuanceconfig = new CertificateIssuanceConfig("issuanceconfig", CertificateIssuanceConfigArgs.builder()
.name("issuance-config")
.description("sample description for the certificate issuanceConfigs")
.certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
.certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
.caPool(pool.id())
.build())
.build())
.lifetime("1814400s")
.rotationWindowPercentage(34)
.keyAlgorithm("ECDSA_P256")
.build(), CustomResourceOptions.builder()
.dependsOn(caAuthority)
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.name("issuance-config-cert")
.description("sample google managed all_regions certificate with issuance config for terraform")
.scope("ALL_REGIONS")
.managed(CertificateManagedArgs.builder()
.domains("terraform.subdomain1.com")
.issuanceConfig(issuanceconfig.id())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:certificatemanager:Certificate
properties:
name: issuance-config-cert
description: sample google managed all_regions certificate with issuance config for terraform
scope: ALL_REGIONS
managed:
domains:
- terraform.subdomain1.com
issuanceConfig: ${issuanceconfig.id}
# creating certificate_issuance_config to use it in the managed certificate
issuanceconfig:
type: gcp:certificatemanager:CertificateIssuanceConfig
properties:
name: issuance-config
description: sample description for the certificate issuanceConfigs
certificateAuthorityConfig:
certificateAuthorityServiceConfig:
caPool: ${pool.id}
lifetime: 1814400s
rotationWindowPercentage: 34
keyAlgorithm: ECDSA_P256
options:
dependson:
- ${caAuthority}
pool:
type: gcp:certificateauthority:CaPool
properties:
name: ca-pool
location: us-central1
tier: ENTERPRISE
caAuthority:
type: gcp:certificateauthority:Authority
name: ca_authority
properties:
location: us-central1
pool: ${pool.name}
certificateAuthorityId: ca-authority
config:
subjectConfig:
subject:
organization: HashiCorp
commonName: my-certificate-authority
subjectAltName:
dnsNames:
- hashicorp.com
x509Config:
caOptions:
isCa: true
keyUsage:
baseKeyUsage:
certSign: true
crlSign: true
extendedKeyUsage:
serverAuth: true
keySpec:
algorithm: RSA_PKCS1_4096_SHA256
deletionProtection: false
skipGracePeriod: true
ignoreActiveCertificatesOnDeletion: trueContent copied to clipboard
Certificate Manager Google Managed Certificate Dns All Regions
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
name: "dns-auth",
description: "The default dnss",
domain: "subdomain.hashicorptest.com",
});
const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
name: "dns-auth2",
description: "The default dnss",
domain: "subdomain2.hashicorptest.com",
});
const _default = new gcp.certificatemanager.Certificate("default", {
name: "dns-cert",
description: "The default cert",
scope: "ALL_REGIONS",
managed: {
domains: [
instance.domain,
instance2.domain,
],
dnsAuthorizations: [
instance.id,
instance2.id,
],
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
instance = gcp.certificatemanager.DnsAuthorization("instance",
name="dns-auth",
description="The default dnss",
domain="subdomain.hashicorptest.com")
instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
name="dns-auth2",
description="The default dnss",
domain="subdomain2.hashicorptest.com")
default = gcp.certificatemanager.Certificate("default",
name="dns-cert",
description="The default cert",
scope="ALL_REGIONS",
managed={
"domains": [
instance.domain,
instance2.domain,
],
"dns_authorizations": [
instance.id,
instance2.id,
],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
{
Name = "dns-auth",
Description = "The default dnss",
Domain = "subdomain.hashicorptest.com",
});
var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
{
Name = "dns-auth2",
Description = "The default dnss",
Domain = "subdomain2.hashicorptest.com",
});
var @default = new Gcp.CertificateManager.Certificate("default", new()
{
Name = "dns-cert",
Description = "The default cert",
Scope = "ALL_REGIONS",
Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
{
Domains = new[]
{
instance.Domain,
instance2.Domain,
},
DnsAuthorizations = new[]
{
instance.Id,
instance2.Id,
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
Name: pulumi.String("dns-auth"),
Description: pulumi.String("The default dnss"),
Domain: pulumi.String("subdomain.hashicorptest.com"),
})
if err != nil {
return err
}
instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
Name: pulumi.String("dns-auth2"),
Description: pulumi.String("The default dnss"),
Domain: pulumi.String("subdomain2.hashicorptest.com"),
})
if err != nil {
return err
}
_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
Name: pulumi.String("dns-cert"),
Description: pulumi.String("The default cert"),
Scope: pulumi.String("ALL_REGIONS"),
Managed: &certificatemanager.CertificateManagedArgs{
Domains: pulumi.StringArray{
instance.Domain,
instance2.Domain,
},
DnsAuthorizations: pulumi.StringArray{
instance.ID(),
instance2.ID(),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.DnsAuthorization;
import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
.name("dns-auth")
.description("The default dnss")
.domain("subdomain.hashicorptest.com")
.build());
var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
.name("dns-auth2")
.description("The default dnss")
.domain("subdomain2.hashicorptest.com")
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.name("dns-cert")
.description("The default cert")
.scope("ALL_REGIONS")
.managed(CertificateManagedArgs.builder()
.domains(
instance.domain(),
instance2.domain())
.dnsAuthorizations(
instance.id(),
instance2.id())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:certificatemanager:Certificate
properties:
name: dns-cert
description: The default cert
scope: ALL_REGIONS
managed:
domains:
- ${instance.domain}
- ${instance2.domain}
dnsAuthorizations:
- ${instance.id}
- ${instance2.id}
instance:
type: gcp:certificatemanager:DnsAuthorization
properties:
name: dns-auth
description: The default dnss
domain: subdomain.hashicorptest.com
instance2:
type: gcp:certificatemanager:DnsAuthorization
properties:
name: dns-auth2
description: The default dnss
domain: subdomain2.hashicorptest.comContent copied to clipboard
Certificate Manager Google Managed Regional Certificate Dns Auth
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
name: "dns-auth",
location: "us-central1",
description: "The default dnss",
domain: "subdomain.hashicorptest.com",
});
const _default = new gcp.certificatemanager.Certificate("default", {
name: "dns-cert",
description: "regional managed certs",
location: "us-central1",
managed: {
domains: [instance.domain],
dnsAuthorizations: [instance.id],
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
instance = gcp.certificatemanager.DnsAuthorization("instance",
name="dns-auth",
location="us-central1",
description="The default dnss",
domain="subdomain.hashicorptest.com")
default = gcp.certificatemanager.Certificate("default",
name="dns-cert",
description="regional managed certs",
location="us-central1",
managed={
"domains": [instance.domain],
"dns_authorizations": [instance.id],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
{
Name = "dns-auth",
Location = "us-central1",
Description = "The default dnss",
Domain = "subdomain.hashicorptest.com",
});
var @default = new Gcp.CertificateManager.Certificate("default", new()
{
Name = "dns-cert",
Description = "regional managed certs",
Location = "us-central1",
Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
{
Domains = new[]
{
instance.Domain,
},
DnsAuthorizations = new[]
{
instance.Id,
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
Name: pulumi.String("dns-auth"),
Location: pulumi.String("us-central1"),
Description: pulumi.String("The default dnss"),
Domain: pulumi.String("subdomain.hashicorptest.com"),
})
if err != nil {
return err
}
_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
Name: pulumi.String("dns-cert"),
Description: pulumi.String("regional managed certs"),
Location: pulumi.String("us-central1"),
Managed: &certificatemanager.CertificateManagedArgs{
Domains: pulumi.StringArray{
instance.Domain,
},
DnsAuthorizations: pulumi.StringArray{
instance.ID(),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.DnsAuthorization;
import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
.name("dns-auth")
.location("us-central1")
.description("The default dnss")
.domain("subdomain.hashicorptest.com")
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.name("dns-cert")
.description("regional managed certs")
.location("us-central1")
.managed(CertificateManagedArgs.builder()
.domains(instance.domain())
.dnsAuthorizations(instance.id())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:certificatemanager:Certificate
properties:
name: dns-cert
description: regional managed certs
location: us-central1
managed:
domains:
- ${instance.domain}
dnsAuthorizations:
- ${instance.id}
instance:
type: gcp:certificatemanager:DnsAuthorization
properties:
name: dns-auth
location: us-central1
description: The default dnss
domain: subdomain.hashicorptest.comContent copied to clipboard
Import
Certificate can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/certificates/{{name}}{{project}}/{{location}}/{{name}}{{location}}/{{name}}When using thepulumi importcommand, Certificate can be imported using one of the formats above. For example:
$ pulumi import gcp:certificatemanager/certificate:Certificate default projects/{{project}}/locations/{{location}}/certificates/{{name}}Content copied to clipboard
$ pulumi import gcp:certificatemanager/certificate:Certificate default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:certificatemanager/certificate:Certificate default {{location}}/{{name}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(description: Output<String>? = null, labels: Output<Map<String, String>>? = null, location: Output<String>? = null, managed: Output<CertificateManagedArgs>? = null, name: Output<String>? = null, project: Output<String>? = null, scope: Output<String>? = null, selfManaged: Output<CertificateSelfManagedArgs>? = null)
Properties
Link copied to clipboard
A human-readable description of the resource.
Link copied to clipboard
Link copied to clipboard
Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
Link copied to clipboard
A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression a-zA-Z0-9_-* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Link copied to clipboard
The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
Link copied to clipboard
Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.