Docs
PackagesGoogle Cloud Classic v7.23.0 published on Wednesday, May 15, 2024 by Pulumi
gcp.networksecurity.ServerTlsPolicy
Explore with Pulumi AI
Example Usage
Network Security Server Tls Policy Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
name: "my-server-tls-policy",
labels: {
foo: "bar",
},
description: "my description",
allowOpen: false,
serverCertificate: {
certificateProviderInstance: {
pluginInstance: "google_cloud_private_spiffe",
},
},
mtlsPolicy: {
clientValidationCas: [
{
grpcEndpoint: {
targetUri: "unix:mypath",
},
},
{
grpcEndpoint: {
targetUri: "unix:abc/mypath",
},
},
{
certificateProviderInstance: {
pluginInstance: "google_cloud_private_spiffe",
},
},
],
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.ServerTlsPolicy("default",
name="my-server-tls-policy",
labels={
"foo": "bar",
},
description="my description",
allow_open=False,
server_certificate=gcp.networksecurity.ServerTlsPolicyServerCertificateArgs(
certificate_provider_instance=gcp.networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs(
plugin_instance="google_cloud_private_spiffe",
),
),
mtls_policy=gcp.networksecurity.ServerTlsPolicyMtlsPolicyArgs(
client_validation_cas=[
gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs(
grpc_endpoint=gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs(
target_uri="unix:mypath",
),
),
gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs(
grpc_endpoint=gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs(
target_uri="unix:abc/mypath",
),
),
gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs(
certificate_provider_instance=gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs(
plugin_instance="google_cloud_private_spiffe",
),
),
],
))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
Name: pulumi.String("my-server-tls-policy"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Description: pulumi.String("my description"),
AllowOpen: pulumi.Bool(false),
ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
CertificateProviderInstance: &networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs{
PluginInstance: pulumi.String("google_cloud_private_spiffe"),
},
},
MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
ClientValidationCas: networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArray{
&networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
TargetUri: pulumi.String("unix:mypath"),
},
},
&networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
TargetUri: pulumi.String("unix:abc/mypath"),
},
},
&networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
CertificateProviderInstance: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs{
PluginInstance: pulumi.String("google_cloud_private_spiffe"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
{
Name = "my-server-tls-policy",
Labels =
{
{ "foo", "bar" },
},
Description = "my description",
AllowOpen = false,
ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
{
CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs
{
PluginInstance = "google_cloud_private_spiffe",
},
},
MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
{
ClientValidationCas = new[]
{
new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
{
GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
{
TargetUri = "unix:mypath",
},
},
new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
{
GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
{
TargetUri = "unix:abc/mypath",
},
},
new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
{
CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs
{
PluginInstance = "google_cloud_private_spiffe",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.name("my-server-tls-policy")
.labels(Map.of("foo", "bar"))
.description("my description")
.allowOpen("false")
.serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
.certificateProviderInstance(ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs.builder()
.pluginInstance("google_cloud_private_spiffe")
.build())
.build())
.mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
.clientValidationCas(
ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
.grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
.targetUri("unix:mypath")
.build())
.build(),
ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
.grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
.targetUri("unix:abc/mypath")
.build())
.build(),
ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
.certificateProviderInstance(ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs.builder()
.pluginInstance("google_cloud_private_spiffe")
.build())
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:networksecurity:ServerTlsPolicy
properties:
name: my-server-tls-policy
labels:
foo: bar
description: my description
allowOpen: 'false'
serverCertificate:
certificateProviderInstance:
pluginInstance: google_cloud_private_spiffe
mtlsPolicy:
clientValidationCas:
- grpcEndpoint:
targetUri: unix:mypath
- grpcEndpoint:
targetUri: unix:abc/mypath
- certificateProviderInstance:
pluginInstance: google_cloud_private_spiffe
Network Security Server Tls Policy Advanced
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
name: "my-server-tls-policy",
labels: {
foo: "bar",
},
description: "my description",
location: "global",
allowOpen: false,
mtlsPolicy: {
clientValidationMode: "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.ServerTlsPolicy("default",
name="my-server-tls-policy",
labels={
"foo": "bar",
},
description="my description",
location="global",
allow_open=False,
mtls_policy=gcp.networksecurity.ServerTlsPolicyMtlsPolicyArgs(
client_validation_mode="ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
Name: pulumi.String("my-server-tls-policy"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Description: pulumi.String("my description"),
Location: pulumi.String("global"),
AllowOpen: pulumi.Bool(false),
MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
ClientValidationMode: pulumi.String("ALLOW_INVALID_OR_MISSING_CLIENT_CERT"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
{
Name = "my-server-tls-policy",
Labels =
{
{ "foo", "bar" },
},
Description = "my description",
Location = "global",
AllowOpen = false,
MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
{
ClientValidationMode = "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.name("my-server-tls-policy")
.labels(Map.of("foo", "bar"))
.description("my description")
.location("global")
.allowOpen("false")
.mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
.clientValidationMode("ALLOW_INVALID_OR_MISSING_CLIENT_CERT")
.build())
.build());
}
}
resources:
default:
type: gcp:networksecurity:ServerTlsPolicy
properties:
name: my-server-tls-policy
labels:
foo: bar
description: my description
location: global
allowOpen: 'false'
mtlsPolicy:
clientValidationMode: ALLOW_INVALID_OR_MISSING_CLIENT_CERT
Network Security Server Tls Policy Server Cert
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
name: "my-server-tls-policy",
labels: {
foo: "bar",
},
description: "my description",
location: "global",
allowOpen: false,
serverCertificate: {
grpcEndpoint: {
targetUri: "unix:mypath",
},
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.ServerTlsPolicy("default",
name="my-server-tls-policy",
labels={
"foo": "bar",
},
description="my description",
location="global",
allow_open=False,
server_certificate=gcp.networksecurity.ServerTlsPolicyServerCertificateArgs(
grpc_endpoint=gcp.networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs(
target_uri="unix:mypath",
),
))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
Name: pulumi.String("my-server-tls-policy"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Description: pulumi.String("my description"),
Location: pulumi.String("global"),
AllowOpen: pulumi.Bool(false),
ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
GrpcEndpoint: &networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs{
TargetUri: pulumi.String("unix:mypath"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
{
Name = "my-server-tls-policy",
Labels =
{
{ "foo", "bar" },
},
Description = "my description",
Location = "global",
AllowOpen = false,
ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
{
GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs
{
TargetUri = "unix:mypath",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.name("my-server-tls-policy")
.labels(Map.of("foo", "bar"))
.description("my description")
.location("global")
.allowOpen("false")
.serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
.grpcEndpoint(ServerTlsPolicyServerCertificateGrpcEndpointArgs.builder()
.targetUri("unix:mypath")
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:networksecurity:ServerTlsPolicy
properties:
name: my-server-tls-policy
labels:
foo: bar
description: my description
location: global
allowOpen: 'false'
serverCertificate:
grpcEndpoint:
targetUri: unix:mypath
Network Security Server Tls Policy Mtls
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const project = gcp.organizations.getProject({});
const defaultTrustConfig = new gcp.certificatemanager.TrustConfig("default", {
name: "my-trust-config",
description: "sample trust config description",
location: "global",
trustStores: [{
trustAnchors: [{
pemCertificate: std.file({
input: "test-fixtures/ca_cert.pem",
}).then(invoke => invoke.result),
}],
intermediateCas: [{
pemCertificate: std.file({
input: "test-fixtures/ca_cert.pem",
}).then(invoke => invoke.result),
}],
}],
labels: {
foo: "bar",
},
});
const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
name: "my-server-tls-policy",
description: "my description",
location: "global",
allowOpen: false,
mtlsPolicy: {
clientValidationMode: "REJECT_INVALID",
clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) => `projects/${project.number}/locations/global/trustConfigs/${name}`),
},
labels: {
foo: "bar",
},
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
project = gcp.organizations.get_project()
default_trust_config = gcp.certificatemanager.TrustConfig("default",
name="my-trust-config",
description="sample trust config description",
location="global",
trust_stores=[gcp.certificatemanager.TrustConfigTrustStoreArgs(
trust_anchors=[gcp.certificatemanager.TrustConfigTrustStoreTrustAnchorArgs(
pem_certificate=std.file(input="test-fixtures/ca_cert.pem").result,
)],
intermediate_cas=[gcp.certificatemanager.TrustConfigTrustStoreIntermediateCaArgs(
pem_certificate=std.file(input="test-fixtures/ca_cert.pem").result,
)],
)],
labels={
"foo": "bar",
})
default = gcp.networksecurity.ServerTlsPolicy("default",
name="my-server-tls-policy",
description="my description",
location="global",
allow_open=False,
mtls_policy=gcp.networksecurity.ServerTlsPolicyMtlsPolicyArgs(
client_validation_mode="REJECT_INVALID",
client_validation_trust_config=default_trust_config.name.apply(lambda name: f"projects/{project.number}/locations/global/trustConfigs/{name}"),
),
labels={
"foo": "bar",
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, nil, nil)
if err != nil {
return err
}
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/ca_cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/ca_cert.pem",
}, nil)
if err != nil {
return err
}
defaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, "default", &certificatemanager.TrustConfigArgs{
Name: pulumi.String("my-trust-config"),
Description: pulumi.String("sample trust config description"),
Location: pulumi.String("global"),
TrustStores: certificatemanager.TrustConfigTrustStoreArray{
&certificatemanager.TrustConfigTrustStoreArgs{
TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
&certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
PemCertificate: invokeFile.Result,
},
},
IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
&certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
PemCertificate: invokeFile1.Result,
},
},
},
},
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
_, err = networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
Name: pulumi.String("my-server-tls-policy"),
Description: pulumi.String("my description"),
Location: pulumi.String("global"),
AllowOpen: pulumi.Bool(false),
MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
ClientValidationMode: pulumi.String("REJECT_INVALID"),
ClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("projects/%v/locations/global/trustConfigs/%v", project.Number, name), nil
}).(pulumi.StringOutput),
},
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig("default", new()
{
Name = "my-trust-config",
Description = "sample trust config description",
Location = "global",
TrustStores = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
{
TrustAnchors = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/ca_cert.pem",
}).Apply(invoke => invoke.Result),
},
},
IntermediateCas = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/ca_cert.pem",
}).Apply(invoke => invoke.Result),
},
},
},
},
Labels =
{
{ "foo", "bar" },
},
});
var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
{
Name = "my-server-tls-policy",
Description = "my description",
Location = "global",
AllowOpen = false,
MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
{
ClientValidationMode = "REJECT_INVALID",
ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =>
{
var project = values.Item1;
var name = values.Item2;
return $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}/locations/global/trustConfigs/{name}";
}),
},
Labels =
{
{ "foo", "bar" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.certificatemanager.TrustConfig;
import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject();
var defaultTrustConfig = new TrustConfig("defaultTrustConfig", TrustConfigArgs.builder()
.name("my-trust-config")
.description("sample trust config description")
.location("global")
.trustStores(TrustConfigTrustStoreArgs.builder()
.trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/ca_cert.pem")
.build()).result())
.build())
.intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/ca_cert.pem")
.build()).result())
.build())
.build())
.labels(Map.of("foo", "bar"))
.build());
var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
.name("my-server-tls-policy")
.description("my description")
.location("global")
.allowOpen("false")
.mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
.clientValidationMode("REJECT_INVALID")
.clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -> String.format("projects/%s/locations/global/trustConfigs/%s", project.applyValue(getProjectResult -> getProjectResult.number()),name)))
.build())
.labels(Map.of("foo", "bar"))
.build());
}
}
resources:
default:
type: gcp:networksecurity:ServerTlsPolicy
properties:
name: my-server-tls-policy
description: my description
location: global
allowOpen: 'false'
mtlsPolicy:
clientValidationMode: REJECT_INVALID
clientValidationTrustConfig: projects/${project.number}/locations/global/trustConfigs/${defaultTrustConfig.name}
labels:
foo: bar
defaultTrustConfig:
type: gcp:certificatemanager:TrustConfig
name: default
properties:
name: my-trust-config
description: sample trust config description
location: global
trustStores:
- trustAnchors:
- pemCertificate:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/ca_cert.pem
Return: result
intermediateCas:
- pemCertificate:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/ca_cert.pem
Return: result
labels:
foo: bar
variables:
project:
fn::invoke:
Function: gcp:organizations:getProject
Arguments: {}
Create ServerTlsPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServerTlsPolicy(name: string, args?: ServerTlsPolicyArgs, opts?: CustomResourceOptions);@overload
def ServerTlsPolicy(resource_name: str,
args: Optional[ServerTlsPolicyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ServerTlsPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
allow_open: Optional[bool] = None,
description: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
mtls_policy: Optional[ServerTlsPolicyMtlsPolicyArgs] = None,
name: Optional[str] = None,
project: Optional[str] = None,
server_certificate: Optional[ServerTlsPolicyServerCertificateArgs] = None)func NewServerTlsPolicy(ctx *Context, name string, args *ServerTlsPolicyArgs, opts ...ResourceOption) (*ServerTlsPolicy, error)public ServerTlsPolicy(string name, ServerTlsPolicyArgs? args = null, CustomResourceOptions? opts = null)
public ServerTlsPolicy(String name, ServerTlsPolicyArgs args)
public ServerTlsPolicy(String name, ServerTlsPolicyArgs args, CustomResourceOptions options)
type: gcp:networksecurity:ServerTlsPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServerTlsPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServerTlsPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServerTlsPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServerTlsPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServerTlsPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var serverTlsPolicyResource = new Gcp.NetworkSecurity.ServerTlsPolicy("serverTlsPolicyResource", new()
{
AllowOpen = false,
Description = "string",
Labels =
{
{ "string", "string" },
},
Location = "string",
MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
{
ClientValidationCas = new[]
{
new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
{
CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs
{
PluginInstance = "string",
},
GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
{
TargetUri = "string",
},
},
},
ClientValidationMode = "string",
ClientValidationTrustConfig = "string",
},
Name = "string",
Project = "string",
ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
{
CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs
{
PluginInstance = "string",
},
GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs
{
TargetUri = "string",
},
},
});
example, err := networksecurity.NewServerTlsPolicy(ctx, "serverTlsPolicyResource", &networksecurity.ServerTlsPolicyArgs{
AllowOpen: pulumi.Bool(false),
Description: pulumi.String("string"),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Location: pulumi.String("string"),
MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
ClientValidationCas: networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArray{
&networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
CertificateProviderInstance: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs{
PluginInstance: pulumi.String("string"),
},
GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
TargetUri: pulumi.String("string"),
},
},
},
ClientValidationMode: pulumi.String("string"),
ClientValidationTrustConfig: pulumi.String("string"),
},
Name: pulumi.String("string"),
Project: pulumi.String("string"),
ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
CertificateProviderInstance: &networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs{
PluginInstance: pulumi.String("string"),
},
GrpcEndpoint: &networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs{
TargetUri: pulumi.String("string"),
},
},
})
var serverTlsPolicyResource = new ServerTlsPolicy("serverTlsPolicyResource", ServerTlsPolicyArgs.builder()
.allowOpen(false)
.description("string")
.labels(Map.of("string", "string"))
.location("string")
.mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
.clientValidationCas(ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
.certificateProviderInstance(ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs.builder()
.pluginInstance("string")
.build())
.grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
.targetUri("string")
.build())
.build())
.clientValidationMode("string")
.clientValidationTrustConfig("string")
.build())
.name("string")
.project("string")
.serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
.certificateProviderInstance(ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs.builder()
.pluginInstance("string")
.build())
.grpcEndpoint(ServerTlsPolicyServerCertificateGrpcEndpointArgs.builder()
.targetUri("string")
.build())
.build())
.build());
server_tls_policy_resource = gcp.networksecurity.ServerTlsPolicy("serverTlsPolicyResource",
allow_open=False,
description="string",
labels={
"string": "string",
},
location="string",
mtls_policy=gcp.networksecurity.ServerTlsPolicyMtlsPolicyArgs(
client_validation_cas=[gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs(
certificate_provider_instance=gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs(
plugin_instance="string",
),
grpc_endpoint=gcp.networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs(
target_uri="string",
),
)],
client_validation_mode="string",
client_validation_trust_config="string",
),
name="string",
project="string",
server_certificate=gcp.networksecurity.ServerTlsPolicyServerCertificateArgs(
certificate_provider_instance=gcp.networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs(
plugin_instance="string",
),
grpc_endpoint=gcp.networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs(
target_uri="string",
),
))
const serverTlsPolicyResource = new gcp.networksecurity.ServerTlsPolicy("serverTlsPolicyResource", {
allowOpen: false,
description: "string",
labels: {
string: "string",
},
location: "string",
mtlsPolicy: {
clientValidationCas: [{
certificateProviderInstance: {
pluginInstance: "string",
},
grpcEndpoint: {
targetUri: "string",
},
}],
clientValidationMode: "string",
clientValidationTrustConfig: "string",
},
name: "string",
project: "string",
serverCertificate: {
certificateProviderInstance: {
pluginInstance: "string",
},
grpcEndpoint: {
targetUri: "string",
},
},
});
type: gcp:networksecurity:ServerTlsPolicy
properties:
allowOpen: false
description: string
labels:
string: string
location: string
mtlsPolicy:
clientValidationCas:
- certificateProviderInstance:
pluginInstance: string
grpcEndpoint:
targetUri: string
clientValidationMode: string
clientValidationTrustConfig: string
name: string
project: string
serverCertificate:
certificateProviderInstance:
pluginInstance: string
grpcEndpoint:
targetUri: string
ServerTlsPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ServerTlsPolicy resource accepts the following input properties:
- Allow
Open bool - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Labels Dictionary<string, string>
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Location string
- The location of the server tls policy.
The default value is
global. - Mtls
Policy ServerTls Policy Mtls Policy - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- Name string
- Name of the ServerTlsPolicy resource.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Server
Certificate ServerTls Policy Server Certificate - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- Allow
Open bool - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Labels map[string]string
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Location string
- The location of the server tls policy.
The default value is
global. - Mtls
Policy ServerTls Policy Mtls Policy Args - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- Name string
- Name of the ServerTlsPolicy resource.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Server
Certificate ServerTls Policy Server Certificate Args - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- allow
Open Boolean - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- description String
- A free-text description of the resource. Max length 1024 characters.
- labels Map<String,String>
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location String
- The location of the server tls policy.
The default value is
global. - mtls
Policy ServerTls Policy Mtls Policy - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- name String
- Name of the ServerTlsPolicy resource.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- server
Certificate ServerTls Policy Server Certificate - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- allow
Open boolean - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- description string
- A free-text description of the resource. Max length 1024 characters.
- labels {[key: string]: string}
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location string
- The location of the server tls policy.
The default value is
global. - mtls
Policy ServerTls Policy Mtls Policy - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- name string
- Name of the ServerTlsPolicy resource.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- server
Certificate ServerTls Policy Server Certificate - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- allow_
open bool - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- description str
- A free-text description of the resource. Max length 1024 characters.
- labels Mapping[str, str]
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location str
- The location of the server tls policy.
The default value is
global. - mtls_
policy ServerTls Policy Mtls Policy Args - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- name str
- Name of the ServerTlsPolicy resource.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- server_
certificate ServerTls Policy Server Certificate Args - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- allow
Open Boolean - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- description String
- A free-text description of the resource. Max length 1024 characters.
- labels Map<String>
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location String
- The location of the server tls policy.
The default value is
global. - mtls
Policy Property Map - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- name String
- Name of the ServerTlsPolicy resource.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- server
Certificate Property Map - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServerTlsPolicy resource produces the following output properties:
- Create
Time string - Time the ServerTlsPolicy was created in UTC.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Update
Time string - Time the ServerTlsPolicy was updated in UTC.
- Create
Time string - Time the ServerTlsPolicy was created in UTC.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Update
Time string - Time the ServerTlsPolicy was updated in UTC.
- create
Time String - Time the ServerTlsPolicy was created in UTC.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time String - Time the ServerTlsPolicy was updated in UTC.
- create
Time string - Time the ServerTlsPolicy was created in UTC.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id string
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time string - Time the ServerTlsPolicy was updated in UTC.
- create_
time str - Time the ServerTlsPolicy was created in UTC.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id str
- The provider-assigned unique ID for this managed resource.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- update_
time str - Time the ServerTlsPolicy was updated in UTC.
- create
Time String - Time the ServerTlsPolicy was created in UTC.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time String - Time the ServerTlsPolicy was updated in UTC.
Look up Existing ServerTlsPolicy Resource
Get an existing ServerTlsPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServerTlsPolicyState, opts?: CustomResourceOptions): ServerTlsPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_open: Optional[bool] = None,
create_time: Optional[str] = None,
description: Optional[str] = None,
effective_labels: Optional[Mapping[str, str]] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
mtls_policy: Optional[ServerTlsPolicyMtlsPolicyArgs] = None,
name: Optional[str] = None,
project: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
server_certificate: Optional[ServerTlsPolicyServerCertificateArgs] = None,
update_time: Optional[str] = None) -> ServerTlsPolicyfunc GetServerTlsPolicy(ctx *Context, name string, id IDInput, state *ServerTlsPolicyState, opts ...ResourceOption) (*ServerTlsPolicy, error)public static ServerTlsPolicy Get(string name, Input<string> id, ServerTlsPolicyState? state, CustomResourceOptions? opts = null)public static ServerTlsPolicy get(String name, Output<String> id, ServerTlsPolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Open bool - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- Create
Time string - Time the ServerTlsPolicy was created in UTC.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Labels Dictionary<string, string>
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Location string
- The location of the server tls policy.
The default value is
global. - Mtls
Policy ServerTls Policy Mtls Policy - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- Name string
- Name of the ServerTlsPolicy resource.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Server
Certificate ServerTls Policy Server Certificate - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- Update
Time string - Time the ServerTlsPolicy was updated in UTC.
- Allow
Open bool - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- Create
Time string - Time the ServerTlsPolicy was created in UTC.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Labels map[string]string
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Location string
- The location of the server tls policy.
The default value is
global. - Mtls
Policy ServerTls Policy Mtls Policy Args - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- Name string
- Name of the ServerTlsPolicy resource.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Server
Certificate ServerTls Policy Server Certificate Args - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- Update
Time string - Time the ServerTlsPolicy was updated in UTC.
- allow
Open Boolean - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- create
Time String - Time the ServerTlsPolicy was created in UTC.
- description String
- A free-text description of the resource. Max length 1024 characters.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels Map<String,String>
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location String
- The location of the server tls policy.
The default value is
global. - mtls
Policy ServerTls Policy Mtls Policy - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- name String
- Name of the ServerTlsPolicy resource.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- server
Certificate ServerTls Policy Server Certificate - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- update
Time String - Time the ServerTlsPolicy was updated in UTC.
- allow
Open boolean - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- create
Time string - Time the ServerTlsPolicy was created in UTC.
- description string
- A free-text description of the resource. Max length 1024 characters.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels {[key: string]: string}
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location string
- The location of the server tls policy.
The default value is
global. - mtls
Policy ServerTls Policy Mtls Policy - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- name string
- Name of the ServerTlsPolicy resource.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- server
Certificate ServerTls Policy Server Certificate - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- update
Time string - Time the ServerTlsPolicy was updated in UTC.
- allow_
open bool - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- create_
time str - Time the ServerTlsPolicy was created in UTC.
- description str
- A free-text description of the resource. Max length 1024 characters.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels Mapping[str, str]
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location str
- The location of the server tls policy.
The default value is
global. - mtls_
policy ServerTls Policy Mtls Policy Args - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- name str
- Name of the ServerTlsPolicy resource.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- server_
certificate ServerTls Policy Server Certificate Args - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- update_
time str - Time the ServerTlsPolicy was updated in UTC.
- allow
Open Boolean - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
- create
Time String - Time the ServerTlsPolicy was created in UTC.
- description String
- A free-text description of the resource. Max length 1024 characters.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels Map<String>
- Set of label tags associated with the ServerTlsPolicy resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location String
- The location of the server tls policy.
The default value is
global. - mtls
Policy Property Map - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
- name String
- Name of the ServerTlsPolicy resource.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- server
Certificate Property Map - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
- update
Time String - Time the ServerTlsPolicy was updated in UTC.
Supporting Types
ServerTlsPolicyMtlsPolicy, ServerTlsPolicyMtlsPolicyArgs
- Client
Validation List<ServerCas Tls Policy Mtls Policy Client Validation Ca> - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
- Client
Validation stringMode - When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled.
Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
Possible values are:
CLIENT_VALIDATION_MODE_UNSPECIFIED,ALLOW_INVALID_OR_MISSING_CLIENT_CERT,REJECT_INVALID. - Client
Validation stringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- Client
Validation []ServerCas Tls Policy Mtls Policy Client Validation Ca - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
- Client
Validation stringMode - When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled.
Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
Possible values are:
CLIENT_VALIDATION_MODE_UNSPECIFIED,ALLOW_INVALID_OR_MISSING_CLIENT_CERT,REJECT_INVALID. - Client
Validation stringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client
Validation List<ServerCas Tls Policy Mtls Policy Client Validation Ca> - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
- client
Validation StringMode - When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled.
Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
Possible values are:
CLIENT_VALIDATION_MODE_UNSPECIFIED,ALLOW_INVALID_OR_MISSING_CLIENT_CERT,REJECT_INVALID. - client
Validation StringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client
Validation ServerCas Tls Policy Mtls Policy Client Validation Ca[] - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
- client
Validation stringMode - When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled.
Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
Possible values are:
CLIENT_VALIDATION_MODE_UNSPECIFIED,ALLOW_INVALID_OR_MISSING_CLIENT_CERT,REJECT_INVALID. - client
Validation stringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client_
validation_ Sequence[Servercas Tls Policy Mtls Policy Client Validation Ca] - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
- client_
validation_ strmode - When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled.
Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
Possible values are:
CLIENT_VALIDATION_MODE_UNSPECIFIED,ALLOW_INVALID_OR_MISSING_CLIENT_CERT,REJECT_INVALID. - client_
validation_ strtrust_ config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client
Validation List<Property Map>Cas - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
- client
Validation StringMode - When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled.
Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
Possible values are:
CLIENT_VALIDATION_MODE_UNSPECIFIED,ALLOW_INVALID_OR_MISSING_CLIENT_CERT,REJECT_INVALID. - client
Validation StringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
ServerTlsPolicyMtlsPolicyClientValidationCa, ServerTlsPolicyMtlsPolicyClientValidationCaArgs
- Certificate
Provider ServerInstance Tls Policy Mtls Policy Client Validation Ca Certificate Provider Instance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- Grpc
Endpoint ServerTls Policy Mtls Policy Client Validation Ca Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
- Certificate
Provider ServerInstance Tls Policy Mtls Policy Client Validation Ca Certificate Provider Instance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- Grpc
Endpoint ServerTls Policy Mtls Policy Client Validation Ca Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
- certificate
Provider ServerInstance Tls Policy Mtls Policy Client Validation Ca Certificate Provider Instance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- grpc
Endpoint ServerTls Policy Mtls Policy Client Validation Ca Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
- certificate
Provider ServerInstance Tls Policy Mtls Policy Client Validation Ca Certificate Provider Instance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- grpc
Endpoint ServerTls Policy Mtls Policy Client Validation Ca Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
- certificate_
provider_ Serverinstance Tls Policy Mtls Policy Client Validation Ca Certificate Provider Instance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- grpc_
endpoint ServerTls Policy Mtls Policy Client Validation Ca Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
- certificate
Provider Property MapInstance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- grpc
Endpoint Property Map - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstance, ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs
- Plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- Plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance String - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin_
instance str - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance String - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpoint, ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
- Target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- Target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri String - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target_
uri str - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri String - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
ServerTlsPolicyServerCertificate, ServerTlsPolicyServerCertificateArgs
- Certificate
Provider ServerInstance Tls Policy Server Certificate Certificate Provider Instance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- Grpc
Endpoint ServerTls Policy Server Certificate Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
- Certificate
Provider ServerInstance Tls Policy Server Certificate Certificate Provider Instance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- Grpc
Endpoint ServerTls Policy Server Certificate Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
- certificate
Provider ServerInstance Tls Policy Server Certificate Certificate Provider Instance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- grpc
Endpoint ServerTls Policy Server Certificate Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
- certificate
Provider ServerInstance Tls Policy Server Certificate Certificate Provider Instance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- grpc
Endpoint ServerTls Policy Server Certificate Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
- certificate_
provider_ Serverinstance Tls Policy Server Certificate Certificate Provider Instance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- grpc_
endpoint ServerTls Policy Server Certificate Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
- certificate
Provider Property MapInstance - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
- grpc
Endpoint Property Map - gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
ServerTlsPolicyServerCertificateCertificateProviderInstance, ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs
- Plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- Plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance String - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin_
instance str - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance String - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
ServerTlsPolicyServerCertificateGrpcEndpoint, ServerTlsPolicyServerCertificateGrpcEndpointArgs
- Target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- Target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri String - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target_
uri str - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri String - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
Import
ServerTlsPolicy can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}{{project}}/{{location}}/{{name}}{{location}}/{{name}}
When using the pulumi import command, ServerTlsPolicy can be imported using one of the formats above. For example:
$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}
$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{project}}/{{location}}/{{name}}
$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{location}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.