pulumi-gcp-kotlin/com.pulumi.gcp.networksecurity.kotlin/BackendAuthenticationConfigArgs

BackendAuthenticationConfigArgs

data class BackendAuthenticationConfigArgs(val clientCertificate: Output<String>? = null, val description: Output<String>? = null, val labels: Output<Map<String, String>>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val trustConfig: Output<String>? = null, val wellKnownRoots: Output<String>? = null) : ConvertibleToJava<BackendAuthenticationConfigArgs>

Example Usage

Network Security Backend Authentication Config Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.BackendAuthenticationConfig("default", {
    name: "my-backend-authentication-config",
    labels: {
        foo: "bar",
    },
    description: "my description",
    wellKnownRoots: "PUBLIC_ROOTS",
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.BackendAuthenticationConfig("default",
    name="my-backend-authentication-config",
    labels={
        "foo": "bar",
    },
    description="my description",
    well_known_roots="PUBLIC_ROOTS")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var @default = new Gcp.NetworkSecurity.BackendAuthenticationConfig("default", new()
    {
        Name = "my-backend-authentication-config",
        Labels =
        {
            { "foo", "bar" },
        },
        Description = "my description",
        WellKnownRoots = "PUBLIC_ROOTS",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networksecurity.NewBackendAuthenticationConfig(ctx, "default", &networksecurity.BackendAuthenticationConfigArgs{
			Name: pulumi.String("my-backend-authentication-config"),
			Labels: pulumi.StringMap{
				"foo": pulumi.String("bar"),
			},
			Description:    pulumi.String("my description"),
			WellKnownRoots: pulumi.String("PUBLIC_ROOTS"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfig;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var default_ = new BackendAuthenticationConfig("default", BackendAuthenticationConfigArgs.builder()
            .name("my-backend-authentication-config")
            .labels(Map.of("foo", "bar"))
            .description("my description")
            .wellKnownRoots("PUBLIC_ROOTS")
            .build());
    }
}
Content copied to clipboard
resources:
  default:
    type: gcp:networksecurity:BackendAuthenticationConfig
    properties:
      name: my-backend-authentication-config
      labels:
        foo: bar
      description: my description
      wellKnownRoots: PUBLIC_ROOTS
Content copied to clipboard

Network Security Backend Authentication Config Full

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const certificate = new gcp.certificatemanager.Certificate("certificate", {
    name: "my-certificate",
    labels: {
        foo: "bar",
    },
    location: "global",
    selfManaged: {
        pemCertificate: std.file({
            input: "test-fixtures/cert.pem",
        }).then(invoke => invoke.result),
        pemPrivateKey: std.file({
            input: "test-fixtures/key.pem",
        }).then(invoke => invoke.result),
    },
    scope: "CLIENT_AUTH",
});
const trustConfig = new gcp.certificatemanager.TrustConfig("trust_config", {
    name: "my-trust-config",
    description: "sample description for the trust config",
    location: "global",
    trustStores: [{
        trustAnchors: [{
            pemCertificate: std.file({
                input: "test-fixtures/cert.pem",
            }).then(invoke => invoke.result),
        }],
        intermediateCas: [{
            pemCertificate: std.file({
                input: "test-fixtures/cert.pem",
            }).then(invoke => invoke.result),
        }],
    }],
    labels: {
        foo: "bar",
    },
});
const _default = new gcp.networksecurity.BackendAuthenticationConfig("default", {
    name: "my-backend-authentication-config",
    labels: {
        bar: "foo",
    },
    location: "global",
    description: "my description",
    wellKnownRoots: "PUBLIC_ROOTS",
    clientCertificate: certificate.id,
    trustConfig: trustConfig.id,
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
certificate = gcp.certificatemanager.Certificate("certificate",
    name="my-certificate",
    labels={
        "foo": "bar",
    },
    location="global",
    self_managed={
        "pem_certificate": std.file(input="test-fixtures/cert.pem").result,
        "pem_private_key": std.file(input="test-fixtures/key.pem").result,
    },
    scope="CLIENT_AUTH")
trust_config = gcp.certificatemanager.TrustConfig("trust_config",
    name="my-trust-config",
    description="sample description for the trust config",
    location="global",
    trust_stores=[{
        "trust_anchors": [{
            "pem_certificate": std.file(input="test-fixtures/cert.pem").result,
        }],
        "intermediate_cas": [{
            "pem_certificate": std.file(input="test-fixtures/cert.pem").result,
        }],
    }],
    labels={
        "foo": "bar",
    })
default = gcp.networksecurity.BackendAuthenticationConfig("default",
    name="my-backend-authentication-config",
    labels={
        "bar": "foo",
    },
    location="global",
    description="my description",
    well_known_roots="PUBLIC_ROOTS",
    client_certificate=certificate.id,
    trust_config=trust_config.id)
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
    var certificate = new Gcp.CertificateManager.Certificate("certificate", new()
    {
        Name = "my-certificate",
        Labels =
        {
            { "foo", "bar" },
        },
        Location = "global",
        SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
        {
            PemCertificate = Std.File.Invoke(new()
            {
                Input = "test-fixtures/cert.pem",
            }).Apply(invoke => invoke.Result),
            PemPrivateKey = Std.File.Invoke(new()
            {
                Input = "test-fixtures/key.pem",
            }).Apply(invoke => invoke.Result),
        },
        Scope = "CLIENT_AUTH",
    });
    var trustConfig = new Gcp.CertificateManager.TrustConfig("trust_config", new()
    {
        Name = "my-trust-config",
        Description = "sample description for the trust config",
        Location = "global",
        TrustStores = new[]
        {
            new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
            {
                TrustAnchors = new[]
                {
                    new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
                    {
                        PemCertificate = Std.File.Invoke(new()
                        {
                            Input = "test-fixtures/cert.pem",
                        }).Apply(invoke => invoke.Result),
                    },
                },
                IntermediateCas = new[]
                {
                    new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
                    {
                        PemCertificate = Std.File.Invoke(new()
                        {
                            Input = "test-fixtures/cert.pem",
                        }).Apply(invoke => invoke.Result),
                    },
                },
            },
        },
        Labels =
        {
            { "foo", "bar" },
        },
    });
    var @default = new Gcp.NetworkSecurity.BackendAuthenticationConfig("default", new()
    {
        Name = "my-backend-authentication-config",
        Labels =
        {
            { "bar", "foo" },
        },
        Location = "global",
        Description = "my description",
        WellKnownRoots = "PUBLIC_ROOTS",
        ClientCertificate = certificate.Id,
        TrustConfig = trustConfig.Id,
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
	"github.com/pulumi/pulumi-std/sdk/go/std"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/cert.pem",
		}, nil)
		if err != nil {
			return err
		}
		invokeFile1, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/key.pem",
		}, nil)
		if err != nil {
			return err
		}
		certificate, err := certificatemanager.NewCertificate(ctx, "certificate", &certificatemanager.CertificateArgs{
			Name: pulumi.String("my-certificate"),
			Labels: pulumi.StringMap{
				"foo": pulumi.String("bar"),
			},
			Location: pulumi.String("global"),
			SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
				PemCertificate: pulumi.String(invokeFile.Result),
				PemPrivateKey:  pulumi.String(invokeFile1.Result),
			},
			Scope: pulumi.String("CLIENT_AUTH"),
		})
		if err != nil {
			return err
		}
		invokeFile2, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/cert.pem",
		}, nil)
		if err != nil {
			return err
		}
		invokeFile3, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/cert.pem",
		}, nil)
		if err != nil {
			return err
		}
		trustConfig, err := certificatemanager.NewTrustConfig(ctx, "trust_config", &certificatemanager.TrustConfigArgs{
			Name:        pulumi.String("my-trust-config"),
			Description: pulumi.String("sample description for the trust config"),
			Location:    pulumi.String("global"),
			TrustStores: certificatemanager.TrustConfigTrustStoreArray{
				&certificatemanager.TrustConfigTrustStoreArgs{
					TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
						&certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
							PemCertificate: pulumi.String(invokeFile2.Result),
						},
					},
					IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
						&certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
							PemCertificate: pulumi.String(invokeFile3.Result),
						},
					},
				},
			},
			Labels: pulumi.StringMap{
				"foo": pulumi.String("bar"),
			},
		})
		if err != nil {
			return err
		}
		_, err = networksecurity.NewBackendAuthenticationConfig(ctx, "default", &networksecurity.BackendAuthenticationConfigArgs{
			Name: pulumi.String("my-backend-authentication-config"),
			Labels: pulumi.StringMap{
				"bar": pulumi.String("foo"),
			},
			Location:          pulumi.String("global"),
			Description:       pulumi.String("my description"),
			WellKnownRoots:    pulumi.String("PUBLIC_ROOTS"),
			ClientCertificate: certificate.ID(),
			TrustConfig:       trustConfig.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.FileArgs;
import com.pulumi.gcp.certificatemanager.TrustConfig;
import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfig;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var certificate = new Certificate("certificate", CertificateArgs.builder()
            .name("my-certificate")
            .labels(Map.of("foo", "bar"))
            .location("global")
            .selfManaged(CertificateSelfManagedArgs.builder()
                .pemCertificate(StdFunctions.file(FileArgs.builder()
                    .input("test-fixtures/cert.pem")
                    .build()).result())
                .pemPrivateKey(StdFunctions.file(FileArgs.builder()
                    .input("test-fixtures/key.pem")
                    .build()).result())
                .build())
            .scope("CLIENT_AUTH")
            .build());
        var trustConfig = new TrustConfig("trustConfig", TrustConfigArgs.builder()
            .name("my-trust-config")
            .description("sample description for the trust config")
            .location("global")
            .trustStores(TrustConfigTrustStoreArgs.builder()
                .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
                    .pemCertificate(StdFunctions.file(FileArgs.builder()
                        .input("test-fixtures/cert.pem")
                        .build()).result())
                    .build())
                .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
                    .pemCertificate(StdFunctions.file(FileArgs.builder()
                        .input("test-fixtures/cert.pem")
                        .build()).result())
                    .build())
                .build())
            .labels(Map.of("foo", "bar"))
            .build());
        var default_ = new BackendAuthenticationConfig("default", BackendAuthenticationConfigArgs.builder()
            .name("my-backend-authentication-config")
            .labels(Map.of("bar", "foo"))
            .location("global")
            .description("my description")
            .wellKnownRoots("PUBLIC_ROOTS")
            .clientCertificate(certificate.id())
            .trustConfig(trustConfig.id())
            .build());
    }
}
Content copied to clipboard
resources:
  certificate:
    type: gcp:certificatemanager:Certificate
    properties:
      name: my-certificate
      labels:
        foo: bar
      location: global
      selfManaged:
        pemCertificate:
          fn::invoke:
            function: std:file
            arguments:
              input: test-fixtures/cert.pem
            return: result
        pemPrivateKey:
          fn::invoke:
            function: std:file
            arguments:
              input: test-fixtures/key.pem
            return: result
      scope: CLIENT_AUTH
  trustConfig:
    type: gcp:certificatemanager:TrustConfig
    name: trust_config
    properties:
      name: my-trust-config
      description: sample description for the trust config
      location: global
      trustStores:
        - trustAnchors:
            - pemCertificate:
                fn::invoke:
                  function: std:file
                  arguments:
                    input: test-fixtures/cert.pem
                  return: result
          intermediateCas:
            - pemCertificate:
                fn::invoke:
                  function: std:file
                  arguments:
                    input: test-fixtures/cert.pem
                  return: result
      labels:
        foo: bar
  default:
    type: gcp:networksecurity:BackendAuthenticationConfig
    properties:
      name: my-backend-authentication-config
      labels:
        bar: foo
      location: global
      description: my description
      wellKnownRoots: PUBLIC_ROOTS
      clientCertificate: ${certificate.id}
      trustConfig: ${trustConfig.id}
Content copied to clipboard

Import

BackendAuthenticationConfig can be imported using any of these accepted formats:

  • projects/{{project}}/locations/{{location}}/backendAuthenticationConfigs/{{name}}

  • {{project}}/{{location}}/{{name}}

  • {{location}}/{{name}} When using the pulumi import command, BackendAuthenticationConfig can be imported using one of the formats above. For example:

$ pulumi import gcp:networksecurity/backendAuthenticationConfig:BackendAuthenticationConfig default projects/{{project}}/locations/{{location}}/backendAuthenticationConfigs/{{name}}
Content copied to clipboard
$ pulumi import gcp:networksecurity/backendAuthenticationConfig:BackendAuthenticationConfig default {{project}}/{{location}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:networksecurity/backendAuthenticationConfig:BackendAuthenticationConfig default {{location}}/{{name}}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(clientCertificate: Output<String>? = null, description: Output<String>? = null, labels: Output<Map<String, String>>? = null, location: Output<String>? = null, name: Output<String>? = null, project: Output<String>? = null, trustConfig: Output<String>? = null, wellKnownRoots: Output<String>? = null)

Properties

Link copied to clipboard
val clientCertificate: Output<String>? = null

Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.

Link copied to clipboard
val description: Output<String>? = null

A free-text description of the resource. Max length 1024 characters.

Link copied to clipboard
val labels: Output<Map<String, String>>? = null

Set of label tags associated with the BackendAuthenticationConfig resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Link copied to clipboard
val location: Output<String>? = null

The location of the backend authentication config. The default value is global.

Link copied to clipboard
val name: Output<String>? = null

Name of the BackendAuthenticationConfig resource.

Link copied to clipboard
val project: Output<String>? = null

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Link copied to clipboard
val trustConfig: Output<String>? = null

Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.

Link copied to clipboard
val wellKnownRoots: Output<String>? = null

Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig. If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend. Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice. Possible values are: NONE, PUBLIC_ROOTS.

Functions

Link copied to clipboard
open override fun toJava(): BackendAuthenticationConfigArgs