Server
data class ServerTlsPolicyArgs(val allowOpen: Output<Boolean>? = null, val description: Output<String>? = null, val labels: Output<Map<String, String>>? = null, val location: Output<String>? = null, val mtlsPolicy: Output<ServerTlsPolicyMtlsPolicyArgs>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val serverCertificate: Output<ServerTlsPolicyServerCertificateArgs>? = null) : ConvertibleToJava<ServerTlsPolicyArgs>
Example Usage
Network Security Server Tls Policy Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
name: "my-server-tls-policy",
labels: {
foo: "bar",
},
description: "my description",
allowOpen: false,
serverCertificate: {
certificateProviderInstance: {
pluginInstance: "google_cloud_private_spiffe",
},
},
mtlsPolicy: {
clientValidationCas: [
{
grpcEndpoint: {
targetUri: "unix:mypath",
},
},
{
grpcEndpoint: {
targetUri: "unix:abc/mypath",
},
},
{
certificateProviderInstance: {
pluginInstance: "google_cloud_private_spiffe",
},
},
],
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.ServerTlsPolicy("default",
name="my-server-tls-policy",
labels={
"foo": "bar",
},
description="my description",
allow_open=False,
server_certificate={
"certificate_provider_instance": {
"plugin_instance": "google_cloud_private_spiffe",
},
},
mtls_policy={
"client_validation_cas": [
{
"grpc_endpoint": {
"target_uri": "unix:mypath",
},
},
{
"grpc_endpoint": {
"target_uri": "unix:abc/mypath",
},
},
{
"certificate_provider_instance": {
"plugin_instance": "google_cloud_private_spiffe",
},
},
],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
{
Name = "my-server-tls-policy",
Labels =
{
{ "foo", "bar" },
},
Description = "my description",
AllowOpen = false,
ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
{
CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs
{
PluginInstance = "google_cloud_private_spiffe",
},
},
MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
{
ClientValidationCas = new[]
{
new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
{
GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
{
TargetUri = "unix:mypath",
},
},
new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
{
GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
{
TargetUri = "unix:abc/mypath",
},
},
new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
{
CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs
{
PluginInstance = "google_cloud_private_spiffe",
},
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
Name: pulumi.String("my-server-tls-policy"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Description: pulumi.String("my description"),
AllowOpen: pulumi.Bool(false),
ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
CertificateProviderInstance: &networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs{
PluginInstance: pulumi.String("google_cloud_private_spiffe"),
},
},
MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
ClientValidationCas: networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArray{
&networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
TargetUri: pulumi.String("unix:mypath"),
},
},
&networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
TargetUri: pulumi.String("unix:abc/mypath"),
},
},
&networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
CertificateProviderInstance: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs{
PluginInstance: pulumi.String("google_cloud_private_spiffe"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.name("my-server-tls-policy")
.labels(Map.of("foo", "bar"))
.description("my description")
.allowOpen("false")
.serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
.certificateProviderInstance(ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs.builder()
.pluginInstance("google_cloud_private_spiffe")
.build())
.build())
.mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
.clientValidationCas(
ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
.grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
.targetUri("unix:mypath")
.build())
.build(),
ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
.grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
.targetUri("unix:abc/mypath")
.build())
.build(),
ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
.certificateProviderInstance(ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs.builder()
.pluginInstance("google_cloud_private_spiffe")
.build())
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:networksecurity:ServerTlsPolicy
properties:
name: my-server-tls-policy
labels:
foo: bar
description: my description
allowOpen: 'false'
serverCertificate:
certificateProviderInstance:
pluginInstance: google_cloud_private_spiffe
mtlsPolicy:
clientValidationCas:
- grpcEndpoint:
targetUri: unix:mypath
- grpcEndpoint:
targetUri: unix:abc/mypath
- certificateProviderInstance:
pluginInstance: google_cloud_private_spiffeContent copied to clipboard
Network Security Server Tls Policy Advanced
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
name: "my-server-tls-policy",
labels: {
foo: "bar",
},
description: "my description",
location: "global",
allowOpen: false,
mtlsPolicy: {
clientValidationMode: "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.ServerTlsPolicy("default",
name="my-server-tls-policy",
labels={
"foo": "bar",
},
description="my description",
location="global",
allow_open=False,
mtls_policy={
"client_validation_mode": "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
{
Name = "my-server-tls-policy",
Labels =
{
{ "foo", "bar" },
},
Description = "my description",
Location = "global",
AllowOpen = false,
MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
{
ClientValidationMode = "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
Name: pulumi.String("my-server-tls-policy"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Description: pulumi.String("my description"),
Location: pulumi.String("global"),
AllowOpen: pulumi.Bool(false),
MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
ClientValidationMode: pulumi.String("ALLOW_INVALID_OR_MISSING_CLIENT_CERT"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.name("my-server-tls-policy")
.labels(Map.of("foo", "bar"))
.description("my description")
.location("global")
.allowOpen("false")
.mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
.clientValidationMode("ALLOW_INVALID_OR_MISSING_CLIENT_CERT")
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:networksecurity:ServerTlsPolicy
properties:
name: my-server-tls-policy
labels:
foo: bar
description: my description
location: global
allowOpen: 'false'
mtlsPolicy:
clientValidationMode: ALLOW_INVALID_OR_MISSING_CLIENT_CERTContent copied to clipboard
Network Security Server Tls Policy Server Cert
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
name: "my-server-tls-policy",
labels: {
foo: "bar",
},
description: "my description",
location: "global",
allowOpen: false,
serverCertificate: {
grpcEndpoint: {
targetUri: "unix:mypath",
},
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.ServerTlsPolicy("default",
name="my-server-tls-policy",
labels={
"foo": "bar",
},
description="my description",
location="global",
allow_open=False,
server_certificate={
"grpc_endpoint": {
"target_uri": "unix:mypath",
},
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
{
Name = "my-server-tls-policy",
Labels =
{
{ "foo", "bar" },
},
Description = "my description",
Location = "global",
AllowOpen = false,
ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
{
GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs
{
TargetUri = "unix:mypath",
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
Name: pulumi.String("my-server-tls-policy"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Description: pulumi.String("my description"),
Location: pulumi.String("global"),
AllowOpen: pulumi.Bool(false),
ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
GrpcEndpoint: &networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs{
TargetUri: pulumi.String("unix:mypath"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.name("my-server-tls-policy")
.labels(Map.of("foo", "bar"))
.description("my description")
.location("global")
.allowOpen("false")
.serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
.grpcEndpoint(ServerTlsPolicyServerCertificateGrpcEndpointArgs.builder()
.targetUri("unix:mypath")
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:networksecurity:ServerTlsPolicy
properties:
name: my-server-tls-policy
labels:
foo: bar
description: my description
location: global
allowOpen: 'false'
serverCertificate:
grpcEndpoint:
targetUri: unix:mypathContent copied to clipboard
Network Security Server Tls Policy Mtls
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const project = gcp.organizations.getProject({});
const defaultTrustConfig = new gcp.certificatemanager.TrustConfig("default", {
name: "my-trust-config",
description: "sample trust config description",
location: "global",
trustStores: [{
trustAnchors: [{
pemCertificate: std.file({
input: "test-fixtures/ca_cert.pem",
}).then(invoke => invoke.result),
}],
intermediateCas: [{
pemCertificate: std.file({
input: "test-fixtures/ca_cert.pem",
}).then(invoke => invoke.result),
}],
}],
labels: {
foo: "bar",
},
});
const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
name: "my-server-tls-policy",
description: "my description",
location: "global",
allowOpen: false,
mtlsPolicy: {
clientValidationMode: "REJECT_INVALID",
clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) => `projects/${project.number}/locations/global/trustConfigs/${name}`),
},
labels: {
foo: "bar",
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
project = gcp.organizations.get_project()
default_trust_config = gcp.certificatemanager.TrustConfig("default",
name="my-trust-config",
description="sample trust config description",
location="global",
trust_stores=[{
"trust_anchors": [{
"pem_certificate": std.file(input="test-fixtures/ca_cert.pem").result,
}],
"intermediate_cas": [{
"pem_certificate": std.file(input="test-fixtures/ca_cert.pem").result,
}],
}],
labels={
"foo": "bar",
})
default = gcp.networksecurity.ServerTlsPolicy("default",
name="my-server-tls-policy",
description="my description",
location="global",
allow_open=False,
mtls_policy={
"client_validation_mode": "REJECT_INVALID",
"client_validation_trust_config": default_trust_config.name.apply(lambda name: f"projects/{project.number}/locations/global/trustConfigs/{name}"),
},
labels={
"foo": "bar",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig("default", new()
{
Name = "my-trust-config",
Description = "sample trust config description",
Location = "global",
TrustStores = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
{
TrustAnchors = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/ca_cert.pem",
}).Apply(invoke => invoke.Result),
},
},
IntermediateCas = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/ca_cert.pem",
}).Apply(invoke => invoke.Result),
},
},
},
},
Labels =
{
{ "foo", "bar" },
},
});
var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
{
Name = "my-server-tls-policy",
Description = "my description",
Location = "global",
AllowOpen = false,
MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
{
ClientValidationMode = "REJECT_INVALID",
ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =>
{
var project = values.Item1;
var name = values.Item2;
return $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}/locations/global/trustConfigs/{name}";
}),
},
Labels =
{
{ "foo", "bar" },
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, nil, nil)
if err != nil {
return err
}
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/ca_cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/ca_cert.pem",
}, nil)
if err != nil {
return err
}
defaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, "default", &certificatemanager.TrustConfigArgs{
Name: pulumi.String("my-trust-config"),
Description: pulumi.String("sample trust config description"),
Location: pulumi.String("global"),
TrustStores: certificatemanager.TrustConfigTrustStoreArray{
&certificatemanager.TrustConfigTrustStoreArgs{
TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
&certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
PemCertificate: pulumi.String(invokeFile.Result),
},
},
IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
&certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
PemCertificate: pulumi.String(invokeFile1.Result),
},
},
},
},
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
_, err = networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
Name: pulumi.String("my-server-tls-policy"),
Description: pulumi.String("my description"),
Location: pulumi.String("global"),
AllowOpen: pulumi.Bool(false),
MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
ClientValidationMode: pulumi.String("REJECT_INVALID"),
ClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("projects/%v/locations/global/trustConfigs/%v", project.Number, name), nil
}).(pulumi.StringOutput),
},
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.certificatemanager.TrustConfig;
import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject();
var defaultTrustConfig = new TrustConfig("defaultTrustConfig", TrustConfigArgs.builder()
.name("my-trust-config")
.description("sample trust config description")
.location("global")
.trustStores(TrustConfigTrustStoreArgs.builder()
.trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/ca_cert.pem")
.build()).result())
.build())
.intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/ca_cert.pem")
.build()).result())
.build())
.build())
.labels(Map.of("foo", "bar"))
.build());
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.name("my-server-tls-policy")
.description("my description")
.location("global")
.allowOpen("false")
.mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
.clientValidationMode("REJECT_INVALID")
.clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -> String.format("projects/%s/locations/global/trustConfigs/%s", project.applyValue(getProjectResult -> getProjectResult.number()),name)))
.build())
.labels(Map.of("foo", "bar"))
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:networksecurity:ServerTlsPolicy
properties:
name: my-server-tls-policy
description: my description
location: global
allowOpen: 'false'
mtlsPolicy:
clientValidationMode: REJECT_INVALID
clientValidationTrustConfig: projects/${project.number}/locations/global/trustConfigs/${defaultTrustConfig.name}
labels:
foo: bar
defaultTrustConfig:
type: gcp:certificatemanager:TrustConfig
name: default
properties:
name: my-trust-config
description: sample trust config description
location: global
trustStores:
- trustAnchors:
- pemCertificate:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/ca_cert.pem
Return: result
intermediateCas:
- pemCertificate:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/ca_cert.pem
Return: result
labels:
foo: bar
variables:
project:
fn::invoke:
Function: gcp:organizations:getProject
Arguments: {}Content copied to clipboard
Import
ServerTlsPolicy can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}{{project}}/{{location}}/{{name}}{{location}}/{{name}}When using thepulumi importcommand, ServerTlsPolicy can be imported using one of the formats above. For example:
$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}Content copied to clipboard
$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{location}}/{{name}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(allowOpen: Output<Boolean>? = null, description: Output<String>? = null, labels: Output<Map<String, String>>? = null, location: Output<String>? = null, mtlsPolicy: Output<ServerTlsPolicyMtlsPolicyArgs>? = null, name: Output<String>? = null, project: Output<String>? = null, serverCertificate: Output<ServerTlsPolicyServerCertificateArgs>? = null)
Properties
Link copied to clipboard
This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
Link copied to clipboard
A free-text description of the resource. Max length 1024 characters.
Link copied to clipboard
Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
Link copied to clipboard
This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
Link copied to clipboard
Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.