consul.CertificateAuthority
Explore with Pulumi AI
The consul.CertificateAuthority
resource can be used to manage the configuration of
the Certificate Authority used by Consul Connect.
Note: The keys in the
config
argument must be using Camel case.
Example Usage
Using the built-in CA with specific TTL
using Pulumi;
using Consul = Pulumi.Consul;
class MyStack : Stack
{
public MyStack()
{
var connect = new Consul.CertificateAuthority("connect", new Consul.CertificateAuthorityArgs
{
Config =
{
{ "IntermediateCertTTL", "8760h" },
{ "LeafCertTTL", "24h" },
{ "RotationPeriod", "2160h" },
},
ConnectProvider = "consul",
});
}
}
package main
import (
"github.com/pulumi/pulumi-consul/sdk/v3/go/consul"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := consul.NewCertificateAuthority(ctx, "connect", &consul.CertificateAuthorityArgs{
Config: pulumi.StringMap{
"IntermediateCertTTL": pulumi.String("8760h"),
"LeafCertTTL": pulumi.String("24h"),
"RotationPeriod": pulumi.String("2160h"),
},
ConnectProvider: pulumi.String("consul"),
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_consul as consul
connect = consul.CertificateAuthority("connect",
config={
"IntermediateCertTTL": "8760h",
"LeafCertTTL": "24h",
"RotationPeriod": "2160h",
},
connect_provider="consul")
import * as pulumi from "@pulumi/pulumi";
import * as consul from "@pulumi/consul";
const connect = new consul.CertificateAuthority("connect", {
config: {
IntermediateCertTTL: "8760h",
LeafCertTTL: "24h",
RotationPeriod: "2160h",
},
connectProvider: "consul",
});
Coming soon!
Using Vault to manage and sign certificates
using Pulumi;
using Consul = Pulumi.Consul;
class MyStack : Stack
{
public MyStack()
{
var connect = new Consul.CertificateAuthority("connect", new Consul.CertificateAuthorityArgs
{
Config =
{
{ "Address", "http://localhost:8200" },
{ "IntermediatePKIPath", "connect-intermediate" },
{ "RootPKIPath", "connect-root" },
{ "Token", "..." },
},
ConnectProvider = "vault",
});
}
}
package main
import (
"github.com/pulumi/pulumi-consul/sdk/v3/go/consul"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := consul.NewCertificateAuthority(ctx, "connect", &consul.CertificateAuthorityArgs{
Config: pulumi.StringMap{
"Address": pulumi.String("http://localhost:8200"),
"IntermediatePKIPath": pulumi.String("connect-intermediate"),
"RootPKIPath": pulumi.String("connect-root"),
"Token": pulumi.String("..."),
},
ConnectProvider: pulumi.String("vault"),
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_consul as consul
connect = consul.CertificateAuthority("connect",
config={
"Address": "http://localhost:8200",
"IntermediatePKIPath": "connect-intermediate",
"RootPKIPath": "connect-root",
"Token": "...",
},
connect_provider="vault")
import * as pulumi from "@pulumi/pulumi";
import * as consul from "@pulumi/consul";
const connect = new consul.CertificateAuthority("connect", {
config: {
Address: "http://localhost:8200",
IntermediatePKIPath: "connect-intermediate",
RootPKIPath: "connect-root",
Token: "...",
},
connectProvider: "vault",
});
Coming soon!
Using the AWS Certificate Manager Private Certificate Authority
using Pulumi;
using Consul = Pulumi.Consul;
class MyStack : Stack
{
public MyStack()
{
var connect = new Consul.CertificateAuthority("connect", new Consul.CertificateAuthorityArgs
{
Config =
{
{ "ExistingARN", "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-123456789012" },
},
ConnectProvider = "aws-pca",
});
}
}
package main
import (
"github.com/pulumi/pulumi-consul/sdk/v3/go/consul"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := consul.NewCertificateAuthority(ctx, "connect", &consul.CertificateAuthorityArgs{
Config: pulumi.StringMap{
"ExistingARN": pulumi.String("arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-123456789012"),
},
ConnectProvider: pulumi.String("aws-pca"),
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_consul as consul
connect = consul.CertificateAuthority("connect",
config={
"ExistingARN": "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-123456789012",
},
connect_provider="aws-pca")
import * as pulumi from "@pulumi/pulumi";
import * as consul from "@pulumi/consul";
const connect = new consul.CertificateAuthority("connect", {
config: {
ExistingARN: "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-123456789012",
},
connectProvider: "aws-pca",
});
Coming soon!
Create CertificateAuthority Resource
new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: CustomResourceOptions);
@overload
def CertificateAuthority(resource_name: str,
opts: Optional[ResourceOptions] = None,
config: Optional[Mapping[str, str]] = None,
connect_provider: Optional[str] = None)
@overload
def CertificateAuthority(resource_name: str,
args: CertificateAuthorityArgs,
opts: Optional[ResourceOptions] = None)
func NewCertificateAuthority(ctx *Context, name string, args CertificateAuthorityArgs, opts ...ResourceOption) (*CertificateAuthority, error)
public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions? opts = null)
public CertificateAuthority(String name, CertificateAuthorityArgs args)
public CertificateAuthority(String name, CertificateAuthorityArgs args, CustomResourceOptions options)
type: consul:CertificateAuthority
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CertificateAuthority Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CertificateAuthority resource accepts the following input properties:
- Config Dictionary<string, string>
The raw configuration to use for the chosen provider.
- Connect
Provider string Specifies the CA provider type to use.
- Config map[string]string
The raw configuration to use for the chosen provider.
- Connect
Provider string Specifies the CA provider type to use.
- config Map<String,String>
The raw configuration to use for the chosen provider.
- connect
Provider String Specifies the CA provider type to use.
- config {[key: string]: string}
The raw configuration to use for the chosen provider.
- connect
Provider string Specifies the CA provider type to use.
- config Mapping[str, str]
The raw configuration to use for the chosen provider.
- connect_
provider str Specifies the CA provider type to use.
- config Map<String>
The raw configuration to use for the chosen provider.
- connect
Provider String Specifies the CA provider type to use.
Outputs
All input properties are implicitly available as output properties. Additionally, the CertificateAuthority resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing CertificateAuthority Resource
Get an existing CertificateAuthority resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CertificateAuthorityState, opts?: CustomResourceOptions): CertificateAuthority
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
config: Optional[Mapping[str, str]] = None,
connect_provider: Optional[str] = None) -> CertificateAuthority
func GetCertificateAuthority(ctx *Context, name string, id IDInput, state *CertificateAuthorityState, opts ...ResourceOption) (*CertificateAuthority, error)
public static CertificateAuthority Get(string name, Input<string> id, CertificateAuthorityState? state, CustomResourceOptions? opts = null)
public static CertificateAuthority get(String name, Output<String> id, CertificateAuthorityState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Config Dictionary<string, string>
The raw configuration to use for the chosen provider.
- Connect
Provider string Specifies the CA provider type to use.
- Config map[string]string
The raw configuration to use for the chosen provider.
- Connect
Provider string Specifies the CA provider type to use.
- config Map<String,String>
The raw configuration to use for the chosen provider.
- connect
Provider String Specifies the CA provider type to use.
- config {[key: string]: string}
The raw configuration to use for the chosen provider.
- connect
Provider string Specifies the CA provider type to use.
- config Mapping[str, str]
The raw configuration to use for the chosen provider.
- connect_
provider str Specifies the CA provider type to use.
- config Map<String>
The raw configuration to use for the chosen provider.
- connect
Provider String Specifies the CA provider type to use.
Import
certificate_authority
can be imported
$ pulumi import consul:index/certificateAuthority:CertificateAuthority connect connect-ca
Package Details
- Repository
- HashiCorp Consul pulumi/pulumi-consul
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
consul
Terraform Provider.