pulumi-gcp-kotlin/com.pulumi.gcp.networksecurity.kotlin/ClientTlsPolicy

ClientTlsPolicy

class ClientTlsPolicy : KotlinCustomResource

Example Usage

Network Security Client Tls Policy Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.ClientTlsPolicy("default", {
    name: "my-client-tls-policy",
    labels: {
        foo: "bar",
    },
    description: "my description",
    sni: "secure.example.com",
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.ClientTlsPolicy("default",
    name="my-client-tls-policy",
    labels={
        "foo": "bar",
    },
    description="my description",
    sni="secure.example.com")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var @default = new Gcp.NetworkSecurity.ClientTlsPolicy("default", new()
    {
        Name = "my-client-tls-policy",
        Labels =
        {
            { "foo", "bar" },
        },
        Description = "my description",
        Sni = "secure.example.com",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networksecurity.NewClientTlsPolicy(ctx, "default", &networksecurity.ClientTlsPolicyArgs{
			Name: pulumi.String("my-client-tls-policy"),
			Labels: pulumi.StringMap{
				"foo": pulumi.String("bar"),
			},
			Description: pulumi.String("my description"),
			Sni:         pulumi.String("secure.example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ClientTlsPolicy;
import com.pulumi.gcp.networksecurity.ClientTlsPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var default_ = new ClientTlsPolicy("default", ClientTlsPolicyArgs.builder()
            .name("my-client-tls-policy")
            .labels(Map.of("foo", "bar"))
            .description("my description")
            .sni("secure.example.com")
            .build());
    }
}
Content copied to clipboard
resources:
  default:
    type: gcp:networksecurity:ClientTlsPolicy
    properties:
      name: my-client-tls-policy
      labels:
        foo: bar
      description: my description
      sni: secure.example.com
Content copied to clipboard

Network Security Client Tls Policy Advanced

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.ClientTlsPolicy("default", {
    name: "my-client-tls-policy",
    labels: {
        foo: "bar",
    },
    description: "my description",
    clientCertificate: {
        certificateProviderInstance: {
            pluginInstance: "google_cloud_private_spiffe",
        },
    },
    serverValidationCas: [
        {
            grpcEndpoint: {
                targetUri: "unix:mypath",
            },
        },
        {
            grpcEndpoint: {
                targetUri: "unix:mypath1",
            },
        },
    ],
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.ClientTlsPolicy("default",
    name="my-client-tls-policy",
    labels={
        "foo": "bar",
    },
    description="my description",
    client_certificate={
        "certificate_provider_instance": {
            "plugin_instance": "google_cloud_private_spiffe",
        },
    },
    server_validation_cas=[
        {
            "grpc_endpoint": {
                "target_uri": "unix:mypath",
            },
        },
        {
            "grpc_endpoint": {
                "target_uri": "unix:mypath1",
            },
        },
    ])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var @default = new Gcp.NetworkSecurity.ClientTlsPolicy("default", new()
    {
        Name = "my-client-tls-policy",
        Labels =
        {
            { "foo", "bar" },
        },
        Description = "my description",
        ClientCertificate = new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyClientCertificateArgs
        {
            CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs
            {
                PluginInstance = "google_cloud_private_spiffe",
            },
        },
        ServerValidationCas = new[]
        {
            new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyServerValidationCaArgs
            {
                GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyServerValidationCaGrpcEndpointArgs
                {
                    TargetUri = "unix:mypath",
                },
            },
            new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyServerValidationCaArgs
            {
                GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyServerValidationCaGrpcEndpointArgs
                {
                    TargetUri = "unix:mypath1",
                },
            },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networksecurity.NewClientTlsPolicy(ctx, "default", &networksecurity.ClientTlsPolicyArgs{
			Name: pulumi.String("my-client-tls-policy"),
			Labels: pulumi.StringMap{
				"foo": pulumi.String("bar"),
			},
			Description: pulumi.String("my description"),
			ClientCertificate: &networksecurity.ClientTlsPolicyClientCertificateArgs{
				CertificateProviderInstance: &networksecurity.ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs{
					PluginInstance: pulumi.String("google_cloud_private_spiffe"),
				},
			},
			ServerValidationCas: networksecurity.ClientTlsPolicyServerValidationCaArray{
				&networksecurity.ClientTlsPolicyServerValidationCaArgs{
					GrpcEndpoint: &networksecurity.ClientTlsPolicyServerValidationCaGrpcEndpointArgs{
						TargetUri: pulumi.String("unix:mypath"),
					},
				},
				&networksecurity.ClientTlsPolicyServerValidationCaArgs{
					GrpcEndpoint: &networksecurity.ClientTlsPolicyServerValidationCaGrpcEndpointArgs{
						TargetUri: pulumi.String("unix:mypath1"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ClientTlsPolicy;
import com.pulumi.gcp.networksecurity.ClientTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyClientCertificateArgs;
import com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs;
import com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyServerValidationCaArgs;
import com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyServerValidationCaGrpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var default_ = new ClientTlsPolicy("default", ClientTlsPolicyArgs.builder()
            .name("my-client-tls-policy")
            .labels(Map.of("foo", "bar"))
            .description("my description")
            .clientCertificate(ClientTlsPolicyClientCertificateArgs.builder()
                .certificateProviderInstance(ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs.builder()
                    .pluginInstance("google_cloud_private_spiffe")
                    .build())
                .build())
            .serverValidationCas(
                ClientTlsPolicyServerValidationCaArgs.builder()
                    .grpcEndpoint(ClientTlsPolicyServerValidationCaGrpcEndpointArgs.builder()
                        .targetUri("unix:mypath")
                        .build())
                    .build(),
                ClientTlsPolicyServerValidationCaArgs.builder()
                    .grpcEndpoint(ClientTlsPolicyServerValidationCaGrpcEndpointArgs.builder()
                        .targetUri("unix:mypath1")
                        .build())
                    .build())
            .build());
    }
}
Content copied to clipboard
resources:
  default:
    type: gcp:networksecurity:ClientTlsPolicy
    properties:
      name: my-client-tls-policy
      labels:
        foo: bar
      description: my description
      clientCertificate:
        certificateProviderInstance:
          pluginInstance: google_cloud_private_spiffe
      serverValidationCas:
        - grpcEndpoint:
            targetUri: unix:mypath
        - grpcEndpoint:
            targetUri: unix:mypath1
Content copied to clipboard

Import

ClientTlsPolicy can be imported using any of these accepted formats:

  • projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}

  • {{project}}/{{location}}/{{name}}

  • {{location}}/{{name}} When using the pulumi import command, ClientTlsPolicy can be imported using one of the formats above. For example:

$ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}
Content copied to clipboard
$ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default {{project}}/{{location}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default {{location}}/{{name}}
Content copied to clipboard

Properties

Link copied to clipboard
val clientCertificate: Output<ClientTlsPolicyClientCertificate>?

Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.

Link copied to clipboard
val createTime: Output<String>

Time the ClientTlsPolicy was created in UTC.

Link copied to clipboard
val description: Output<String>?

A free-text description of the resource. Max length 1024 characters.

Link copied to clipboard
val effectiveLabels: Output<Map<String, String>>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val labels: Output<Map<String, String>>?

Set of label tags associated with the ClientTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Link copied to clipboard
val location: Output<String>?

The location of the client tls policy. The default value is global.

Link copied to clipboard
val name: Output<String>

Name of the ClientTlsPolicy resource.

Link copied to clipboard
val project: Output<String>

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
val pulumiLabels: Output<Map<String, String>>

The combination of labels configured directly on the resource and default labels configured on the provider.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val serverValidationCas: Output<List<ClientTlsPolicyServerValidationCa>>?

Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate. Structure is documented below.

Link copied to clipboard
val sni: Output<String>?

Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".

Link copied to clipboard
val updateTime: Output<String>

Time the ClientTlsPolicy was updated in UTC.

Link copied to clipboard
val urn: Output<String>