1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. certificatemanager
  5. Certificate
Google Cloud Classic v7.28.0 published on Friday, Jun 21, 2024 by Pulumi

gcp.certificatemanager.Certificate

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.28.0 published on Friday, Jun 21, 2024 by Pulumi

    Certificate represents a HTTP-reachable backend for a Certificate.

    Example Usage

    Certificate Manager Google Managed Certificate Dns

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
        name: "dns-auth",
        description: "The default dnss",
        domain: "subdomain.hashicorptest.com",
    });
    const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
        name: "dns-auth2",
        description: "The default dnss",
        domain: "subdomain2.hashicorptest.com",
    });
    const _default = new gcp.certificatemanager.Certificate("default", {
        name: "dns-cert",
        description: "The default cert",
        scope: "EDGE_CACHE",
        labels: {
            env: "test",
        },
        managed: {
            domains: [
                instance.domain,
                instance2.domain,
            ],
            dnsAuthorizations: [
                instance.id,
                instance2.id,
            ],
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    instance = gcp.certificatemanager.DnsAuthorization("instance",
        name="dns-auth",
        description="The default dnss",
        domain="subdomain.hashicorptest.com")
    instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
        name="dns-auth2",
        description="The default dnss",
        domain="subdomain2.hashicorptest.com")
    default = gcp.certificatemanager.Certificate("default",
        name="dns-cert",
        description="The default cert",
        scope="EDGE_CACHE",
        labels={
            "env": "test",
        },
        managed=gcp.certificatemanager.CertificateManagedArgs(
            domains=[
                instance.domain,
                instance2.domain,
            ],
            dns_authorizations=[
                instance.id,
                instance2.id,
            ],
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
    			Name:        pulumi.String("dns-auth"),
    			Description: pulumi.String("The default dnss"),
    			Domain:      pulumi.String("subdomain.hashicorptest.com"),
    		})
    		if err != nil {
    			return err
    		}
    		instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
    			Name:        pulumi.String("dns-auth2"),
    			Description: pulumi.String("The default dnss"),
    			Domain:      pulumi.String("subdomain2.hashicorptest.com"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
    			Name:        pulumi.String("dns-cert"),
    			Description: pulumi.String("The default cert"),
    			Scope:       pulumi.String("EDGE_CACHE"),
    			Labels: pulumi.StringMap{
    				"env": pulumi.String("test"),
    			},
    			Managed: &certificatemanager.CertificateManagedArgs{
    				Domains: pulumi.StringArray{
    					instance.Domain,
    					instance2.Domain,
    				},
    				DnsAuthorizations: pulumi.StringArray{
    					instance.ID(),
    					instance2.ID(),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
        {
            Name = "dns-auth",
            Description = "The default dnss",
            Domain = "subdomain.hashicorptest.com",
        });
    
        var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
        {
            Name = "dns-auth2",
            Description = "The default dnss",
            Domain = "subdomain2.hashicorptest.com",
        });
    
        var @default = new Gcp.CertificateManager.Certificate("default", new()
        {
            Name = "dns-cert",
            Description = "The default cert",
            Scope = "EDGE_CACHE",
            Labels = 
            {
                { "env", "test" },
            },
            Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
            {
                Domains = new[]
                {
                    instance.Domain,
                    instance2.Domain,
                },
                DnsAuthorizations = new[]
                {
                    instance.Id,
                    instance2.Id,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificatemanager.DnsAuthorization;
    import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
    import com.pulumi.gcp.certificatemanager.Certificate;
    import com.pulumi.gcp.certificatemanager.CertificateArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
                .name("dns-auth")
                .description("The default dnss")
                .domain("subdomain.hashicorptest.com")
                .build());
    
            var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
                .name("dns-auth2")
                .description("The default dnss")
                .domain("subdomain2.hashicorptest.com")
                .build());
    
            var default_ = new Certificate("default", CertificateArgs.builder()
                .name("dns-cert")
                .description("The default cert")
                .scope("EDGE_CACHE")
                .labels(Map.of("env", "test"))
                .managed(CertificateManagedArgs.builder()
                    .domains(                
                        instance.domain(),
                        instance2.domain())
                    .dnsAuthorizations(                
                        instance.id(),
                        instance2.id())
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:certificatemanager:Certificate
        properties:
          name: dns-cert
          description: The default cert
          scope: EDGE_CACHE
          labels:
            env: test
          managed:
            domains:
              - ${instance.domain}
              - ${instance2.domain}
            dnsAuthorizations:
              - ${instance.id}
              - ${instance2.id}
      instance:
        type: gcp:certificatemanager:DnsAuthorization
        properties:
          name: dns-auth
          description: The default dnss
          domain: subdomain.hashicorptest.com
      instance2:
        type: gcp:certificatemanager:DnsAuthorization
        properties:
          name: dns-auth2
          description: The default dnss
          domain: subdomain2.hashicorptest.com
    

    Certificate Manager Google Managed Certificate Issuance Config

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const pool = new gcp.certificateauthority.CaPool("pool", {
        name: "ca-pool",
        location: "us-central1",
        tier: "ENTERPRISE",
    });
    const caAuthority = new gcp.certificateauthority.Authority("ca_authority", {
        location: "us-central1",
        pool: pool.name,
        certificateAuthorityId: "ca-authority",
        config: {
            subjectConfig: {
                subject: {
                    organization: "HashiCorp",
                    commonName: "my-certificate-authority",
                },
                subjectAltName: {
                    dnsNames: ["hashicorp.com"],
                },
            },
            x509Config: {
                caOptions: {
                    isCa: true,
                },
                keyUsage: {
                    baseKeyUsage: {
                        certSign: true,
                        crlSign: true,
                    },
                    extendedKeyUsage: {
                        serverAuth: true,
                    },
                },
            },
        },
        keySpec: {
            algorithm: "RSA_PKCS1_4096_SHA256",
        },
        deletionProtection: false,
        skipGracePeriod: true,
        ignoreActiveCertificatesOnDeletion: true,
    });
    // creating certificate_issuance_config to use it in the managed certificate
    const issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig", {
        name: "issuance-config",
        description: "sample description for the certificate issuanceConfigs",
        certificateAuthorityConfig: {
            certificateAuthorityServiceConfig: {
                caPool: pool.id,
            },
        },
        lifetime: "1814400s",
        rotationWindowPercentage: 34,
        keyAlgorithm: "ECDSA_P256",
    }, {
        dependsOn: [caAuthority],
    });
    const _default = new gcp.certificatemanager.Certificate("default", {
        name: "issuance-config-cert",
        description: "The default cert",
        scope: "EDGE_CACHE",
        managed: {
            domains: ["terraform.subdomain1.com"],
            issuanceConfig: issuanceconfig.id,
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    pool = gcp.certificateauthority.CaPool("pool",
        name="ca-pool",
        location="us-central1",
        tier="ENTERPRISE")
    ca_authority = gcp.certificateauthority.Authority("ca_authority",
        location="us-central1",
        pool=pool.name,
        certificate_authority_id="ca-authority",
        config=gcp.certificateauthority.AuthorityConfigArgs(
            subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
                subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
                    organization="HashiCorp",
                    common_name="my-certificate-authority",
                ),
                subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
                    dns_names=["hashicorp.com"],
                ),
            ),
            x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
                ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
                    is_ca=True,
                ),
                key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
                    base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
                        cert_sign=True,
                        crl_sign=True,
                    ),
                    extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
                        server_auth=True,
                    ),
                ),
            ),
        ),
        key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
            algorithm="RSA_PKCS1_4096_SHA256",
        ),
        deletion_protection=False,
        skip_grace_period=True,
        ignore_active_certificates_on_deletion=True)
    # creating certificate_issuance_config to use it in the managed certificate
    issuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig",
        name="issuance-config",
        description="sample description for the certificate issuanceConfigs",
        certificate_authority_config=gcp.certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs(
            certificate_authority_service_config=gcp.certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs(
                ca_pool=pool.id,
            ),
        ),
        lifetime="1814400s",
        rotation_window_percentage=34,
        key_algorithm="ECDSA_P256",
        opts=pulumi.ResourceOptions(depends_on=[ca_authority]))
    default = gcp.certificatemanager.Certificate("default",
        name="issuance-config-cert",
        description="The default cert",
        scope="EDGE_CACHE",
        managed=gcp.certificatemanager.CertificateManagedArgs(
            domains=["terraform.subdomain1.com"],
            issuance_config=issuanceconfig.id,
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		pool, err := certificateauthority.NewCaPool(ctx, "pool", &certificateauthority.CaPoolArgs{
    			Name:     pulumi.String("ca-pool"),
    			Location: pulumi.String("us-central1"),
    			Tier:     pulumi.String("ENTERPRISE"),
    		})
    		if err != nil {
    			return err
    		}
    		caAuthority, err := certificateauthority.NewAuthority(ctx, "ca_authority", &certificateauthority.AuthorityArgs{
    			Location:               pulumi.String("us-central1"),
    			Pool:                   pool.Name,
    			CertificateAuthorityId: pulumi.String("ca-authority"),
    			Config: &certificateauthority.AuthorityConfigArgs{
    				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
    					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
    						Organization: pulumi.String("HashiCorp"),
    						CommonName:   pulumi.String("my-certificate-authority"),
    					},
    					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
    						DnsNames: pulumi.StringArray{
    							pulumi.String("hashicorp.com"),
    						},
    					},
    				},
    				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
    					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
    						IsCa: pulumi.Bool(true),
    					},
    					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
    						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
    							CertSign: pulumi.Bool(true),
    							CrlSign:  pulumi.Bool(true),
    						},
    						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
    							ServerAuth: pulumi.Bool(true),
    						},
    					},
    				},
    			},
    			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
    				Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
    			},
    			DeletionProtection:                 pulumi.Bool(false),
    			SkipGracePeriod:                    pulumi.Bool(true),
    			IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		// creating certificate_issuance_config to use it in the managed certificate
    		issuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, "issuanceconfig", &certificatemanager.CertificateIssuanceConfigArgs{
    			Name:        pulumi.String("issuance-config"),
    			Description: pulumi.String("sample description for the certificate issuanceConfigs"),
    			CertificateAuthorityConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{
    				CertificateAuthorityServiceConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{
    					CaPool: pool.ID(),
    				},
    			},
    			Lifetime:                 pulumi.String("1814400s"),
    			RotationWindowPercentage: pulumi.Int(34),
    			KeyAlgorithm:             pulumi.String("ECDSA_P256"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			caAuthority,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
    			Name:        pulumi.String("issuance-config-cert"),
    			Description: pulumi.String("The default cert"),
    			Scope:       pulumi.String("EDGE_CACHE"),
    			Managed: &certificatemanager.CertificateManagedArgs{
    				Domains: pulumi.StringArray{
    					pulumi.String("terraform.subdomain1.com"),
    				},
    				IssuanceConfig: issuanceconfig.ID(),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var pool = new Gcp.CertificateAuthority.CaPool("pool", new()
        {
            Name = "ca-pool",
            Location = "us-central1",
            Tier = "ENTERPRISE",
        });
    
        var caAuthority = new Gcp.CertificateAuthority.Authority("ca_authority", new()
        {
            Location = "us-central1",
            Pool = pool.Name,
            CertificateAuthorityId = "ca-authority",
            Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
            {
                SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
                {
                    Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
                    {
                        Organization = "HashiCorp",
                        CommonName = "my-certificate-authority",
                    },
                    SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
                    {
                        DnsNames = new[]
                        {
                            "hashicorp.com",
                        },
                    },
                },
                X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
                {
                    CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
                    {
                        IsCa = true,
                    },
                    KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
                    {
                        BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
                        {
                            CertSign = true,
                            CrlSign = true,
                        },
                        ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
                        {
                            ServerAuth = true,
                        },
                    },
                },
            },
            KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
            {
                Algorithm = "RSA_PKCS1_4096_SHA256",
            },
            DeletionProtection = false,
            SkipGracePeriod = true,
            IgnoreActiveCertificatesOnDeletion = true,
        });
    
        // creating certificate_issuance_config to use it in the managed certificate
        var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig("issuanceconfig", new()
        {
            Name = "issuance-config",
            Description = "sample description for the certificate issuanceConfigs",
            CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs
            {
                CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs
                {
                    CaPool = pool.Id,
                },
            },
            Lifetime = "1814400s",
            RotationWindowPercentage = 34,
            KeyAlgorithm = "ECDSA_P256",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                caAuthority,
            },
        });
    
        var @default = new Gcp.CertificateManager.Certificate("default", new()
        {
            Name = "issuance-config-cert",
            Description = "The default cert",
            Scope = "EDGE_CACHE",
            Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
            {
                Domains = new[]
                {
                    "terraform.subdomain1.com",
                },
                IssuanceConfig = issuanceconfig.Id,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificateauthority.CaPool;
    import com.pulumi.gcp.certificateauthority.CaPoolArgs;
    import com.pulumi.gcp.certificateauthority.Authority;
    import com.pulumi.gcp.certificateauthority.AuthorityArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
    import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
    import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
    import com.pulumi.gcp.certificatemanager.Certificate;
    import com.pulumi.gcp.certificatemanager.CertificateArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var pool = new CaPool("pool", CaPoolArgs.builder()
                .name("ca-pool")
                .location("us-central1")
                .tier("ENTERPRISE")
                .build());
    
            var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()
                .location("us-central1")
                .pool(pool.name())
                .certificateAuthorityId("ca-authority")
                .config(AuthorityConfigArgs.builder()
                    .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
                        .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
                            .organization("HashiCorp")
                            .commonName("my-certificate-authority")
                            .build())
                        .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
                            .dnsNames("hashicorp.com")
                            .build())
                        .build())
                    .x509Config(AuthorityConfigX509ConfigArgs.builder()
                        .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
                            .isCa(true)
                            .build())
                        .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
                            .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
                                .certSign(true)
                                .crlSign(true)
                                .build())
                            .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
                                .serverAuth(true)
                                .build())
                            .build())
                        .build())
                    .build())
                .keySpec(AuthorityKeySpecArgs.builder()
                    .algorithm("RSA_PKCS1_4096_SHA256")
                    .build())
                .deletionProtection(false)
                .skipGracePeriod(true)
                .ignoreActiveCertificatesOnDeletion(true)
                .build());
    
            // creating certificate_issuance_config to use it in the managed certificate
            var issuanceconfig = new CertificateIssuanceConfig("issuanceconfig", CertificateIssuanceConfigArgs.builder()
                .name("issuance-config")
                .description("sample description for the certificate issuanceConfigs")
                .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
                    .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
                        .caPool(pool.id())
                        .build())
                    .build())
                .lifetime("1814400s")
                .rotationWindowPercentage(34)
                .keyAlgorithm("ECDSA_P256")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(caAuthority)
                    .build());
    
            var default_ = new Certificate("default", CertificateArgs.builder()
                .name("issuance-config-cert")
                .description("The default cert")
                .scope("EDGE_CACHE")
                .managed(CertificateManagedArgs.builder()
                    .domains("terraform.subdomain1.com")
                    .issuanceConfig(issuanceconfig.id())
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:certificatemanager:Certificate
        properties:
          name: issuance-config-cert
          description: The default cert
          scope: EDGE_CACHE
          managed:
            domains:
              - terraform.subdomain1.com
            issuanceConfig: ${issuanceconfig.id}
      # creating certificate_issuance_config to use it in the managed certificate
      issuanceconfig:
        type: gcp:certificatemanager:CertificateIssuanceConfig
        properties:
          name: issuance-config
          description: sample description for the certificate issuanceConfigs
          certificateAuthorityConfig:
            certificateAuthorityServiceConfig:
              caPool: ${pool.id}
          lifetime: 1814400s
          rotationWindowPercentage: 34
          keyAlgorithm: ECDSA_P256
        options:
          dependson:
            - ${caAuthority}
      pool:
        type: gcp:certificateauthority:CaPool
        properties:
          name: ca-pool
          location: us-central1
          tier: ENTERPRISE
      caAuthority:
        type: gcp:certificateauthority:Authority
        name: ca_authority
        properties:
          location: us-central1
          pool: ${pool.name}
          certificateAuthorityId: ca-authority
          config:
            subjectConfig:
              subject:
                organization: HashiCorp
                commonName: my-certificate-authority
              subjectAltName:
                dnsNames:
                  - hashicorp.com
            x509Config:
              caOptions:
                isCa: true
              keyUsage:
                baseKeyUsage:
                  certSign: true
                  crlSign: true
                extendedKeyUsage:
                  serverAuth: true
          keySpec:
            algorithm: RSA_PKCS1_4096_SHA256
          deletionProtection: false
          skipGracePeriod: true
          ignoreActiveCertificatesOnDeletion: true
    

    Certificate Manager Certificate Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
        name: "dns-auth",
        description: "The default dnss",
        domain: "subdomain.hashicorptest.com",
    });
    const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
        name: "dns-auth2",
        description: "The default dnss",
        domain: "subdomain2.hashicorptest.com",
    });
    const _default = new gcp.certificatemanager.Certificate("default", {
        name: "self-managed-cert",
        description: "Global cert",
        scope: "EDGE_CACHE",
        managed: {
            domains: [
                instance.domain,
                instance2.domain,
            ],
            dnsAuthorizations: [
                instance.id,
                instance2.id,
            ],
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    instance = gcp.certificatemanager.DnsAuthorization("instance",
        name="dns-auth",
        description="The default dnss",
        domain="subdomain.hashicorptest.com")
    instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
        name="dns-auth2",
        description="The default dnss",
        domain="subdomain2.hashicorptest.com")
    default = gcp.certificatemanager.Certificate("default",
        name="self-managed-cert",
        description="Global cert",
        scope="EDGE_CACHE",
        managed=gcp.certificatemanager.CertificateManagedArgs(
            domains=[
                instance.domain,
                instance2.domain,
            ],
            dns_authorizations=[
                instance.id,
                instance2.id,
            ],
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
    			Name:        pulumi.String("dns-auth"),
    			Description: pulumi.String("The default dnss"),
    			Domain:      pulumi.String("subdomain.hashicorptest.com"),
    		})
    		if err != nil {
    			return err
    		}
    		instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
    			Name:        pulumi.String("dns-auth2"),
    			Description: pulumi.String("The default dnss"),
    			Domain:      pulumi.String("subdomain2.hashicorptest.com"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
    			Name:        pulumi.String("self-managed-cert"),
    			Description: pulumi.String("Global cert"),
    			Scope:       pulumi.String("EDGE_CACHE"),
    			Managed: &certificatemanager.CertificateManagedArgs{
    				Domains: pulumi.StringArray{
    					instance.Domain,
    					instance2.Domain,
    				},
    				DnsAuthorizations: pulumi.StringArray{
    					instance.ID(),
    					instance2.ID(),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
        {
            Name = "dns-auth",
            Description = "The default dnss",
            Domain = "subdomain.hashicorptest.com",
        });
    
        var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
        {
            Name = "dns-auth2",
            Description = "The default dnss",
            Domain = "subdomain2.hashicorptest.com",
        });
    
        var @default = new Gcp.CertificateManager.Certificate("default", new()
        {
            Name = "self-managed-cert",
            Description = "Global cert",
            Scope = "EDGE_CACHE",
            Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
            {
                Domains = new[]
                {
                    instance.Domain,
                    instance2.Domain,
                },
                DnsAuthorizations = new[]
                {
                    instance.Id,
                    instance2.Id,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificatemanager.DnsAuthorization;
    import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
    import com.pulumi.gcp.certificatemanager.Certificate;
    import com.pulumi.gcp.certificatemanager.CertificateArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
                .name("dns-auth")
                .description("The default dnss")
                .domain("subdomain.hashicorptest.com")
                .build());
    
            var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
                .name("dns-auth2")
                .description("The default dnss")
                .domain("subdomain2.hashicorptest.com")
                .build());
    
            var default_ = new Certificate("default", CertificateArgs.builder()
                .name("self-managed-cert")
                .description("Global cert")
                .scope("EDGE_CACHE")
                .managed(CertificateManagedArgs.builder()
                    .domains(                
                        instance.domain(),
                        instance2.domain())
                    .dnsAuthorizations(                
                        instance.id(),
                        instance2.id())
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:certificatemanager:Certificate
        properties:
          name: self-managed-cert
          description: Global cert
          scope: EDGE_CACHE
          managed:
            domains:
              - ${instance.domain}
              - ${instance2.domain}
            dnsAuthorizations:
              - ${instance.id}
              - ${instance2.id}
      instance:
        type: gcp:certificatemanager:DnsAuthorization
        properties:
          name: dns-auth
          description: The default dnss
          domain: subdomain.hashicorptest.com
      instance2:
        type: gcp:certificatemanager:DnsAuthorization
        properties:
          name: dns-auth2
          description: The default dnss
          domain: subdomain2.hashicorptest.com
    

    Certificate Manager Self Managed Certificate Regional

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    import * as std from "@pulumi/std";
    
    const _default = new gcp.certificatemanager.Certificate("default", {
        name: "self-managed-cert",
        description: "Regional cert",
        location: "us-central1",
        selfManaged: {
            pemCertificate: std.file({
                input: "test-fixtures/cert.pem",
            }).then(invoke => invoke.result),
            pemPrivateKey: std.file({
                input: "test-fixtures/private-key.pem",
            }).then(invoke => invoke.result),
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    import pulumi_std as std
    
    default = gcp.certificatemanager.Certificate("default",
        name="self-managed-cert",
        description="Regional cert",
        location="us-central1",
        self_managed=gcp.certificatemanager.CertificateSelfManagedArgs(
            pem_certificate=std.file(input="test-fixtures/cert.pem").result,
            pem_private_key=std.file(input="test-fixtures/private-key.pem").result,
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		invokeFile, err := std.File(ctx, &std.FileArgs{
    			Input: "test-fixtures/cert.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		invokeFile1, err := std.File(ctx, &std.FileArgs{
    			Input: "test-fixtures/private-key.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
    			Name:        pulumi.String("self-managed-cert"),
    			Description: pulumi.String("Regional cert"),
    			Location:    pulumi.String("us-central1"),
    			SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
    				PemCertificate: invokeFile.Result,
    				PemPrivateKey:  invokeFile1.Result,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.CertificateManager.Certificate("default", new()
        {
            Name = "self-managed-cert",
            Description = "Regional cert",
            Location = "us-central1",
            SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
            {
                PemCertificate = Std.File.Invoke(new()
                {
                    Input = "test-fixtures/cert.pem",
                }).Apply(invoke => invoke.Result),
                PemPrivateKey = Std.File.Invoke(new()
                {
                    Input = "test-fixtures/private-key.pem",
                }).Apply(invoke => invoke.Result),
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificatemanager.Certificate;
    import com.pulumi.gcp.certificatemanager.CertificateArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new Certificate("default", CertificateArgs.builder()
                .name("self-managed-cert")
                .description("Regional cert")
                .location("us-central1")
                .selfManaged(CertificateSelfManagedArgs.builder()
                    .pemCertificate(StdFunctions.file(FileArgs.builder()
                        .input("test-fixtures/cert.pem")
                        .build()).result())
                    .pemPrivateKey(StdFunctions.file(FileArgs.builder()
                        .input("test-fixtures/private-key.pem")
                        .build()).result())
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:certificatemanager:Certificate
        properties:
          name: self-managed-cert
          description: Regional cert
          location: us-central1
          selfManaged:
            pemCertificate:
              fn::invoke:
                Function: std:file
                Arguments:
                  input: test-fixtures/cert.pem
                Return: result
            pemPrivateKey:
              fn::invoke:
                Function: std:file
                Arguments:
                  input: test-fixtures/private-key.pem
                Return: result
    

    Certificate Manager Google Managed Certificate Issuance Config All Regions

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const pool = new gcp.certificateauthority.CaPool("pool", {
        name: "ca-pool",
        location: "us-central1",
        tier: "ENTERPRISE",
    });
    const caAuthority = new gcp.certificateauthority.Authority("ca_authority", {
        location: "us-central1",
        pool: pool.name,
        certificateAuthorityId: "ca-authority",
        config: {
            subjectConfig: {
                subject: {
                    organization: "HashiCorp",
                    commonName: "my-certificate-authority",
                },
                subjectAltName: {
                    dnsNames: ["hashicorp.com"],
                },
            },
            x509Config: {
                caOptions: {
                    isCa: true,
                },
                keyUsage: {
                    baseKeyUsage: {
                        certSign: true,
                        crlSign: true,
                    },
                    extendedKeyUsage: {
                        serverAuth: true,
                    },
                },
            },
        },
        keySpec: {
            algorithm: "RSA_PKCS1_4096_SHA256",
        },
        deletionProtection: false,
        skipGracePeriod: true,
        ignoreActiveCertificatesOnDeletion: true,
    });
    // creating certificate_issuance_config to use it in the managed certificate
    const issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig", {
        name: "issuance-config",
        description: "sample description for the certificate issuanceConfigs",
        certificateAuthorityConfig: {
            certificateAuthorityServiceConfig: {
                caPool: pool.id,
            },
        },
        lifetime: "1814400s",
        rotationWindowPercentage: 34,
        keyAlgorithm: "ECDSA_P256",
    }, {
        dependsOn: [caAuthority],
    });
    const _default = new gcp.certificatemanager.Certificate("default", {
        name: "issuance-config-cert",
        description: "sample google managed all_regions certificate with issuance config for terraform",
        scope: "ALL_REGIONS",
        managed: {
            domains: ["terraform.subdomain1.com"],
            issuanceConfig: issuanceconfig.id,
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    pool = gcp.certificateauthority.CaPool("pool",
        name="ca-pool",
        location="us-central1",
        tier="ENTERPRISE")
    ca_authority = gcp.certificateauthority.Authority("ca_authority",
        location="us-central1",
        pool=pool.name,
        certificate_authority_id="ca-authority",
        config=gcp.certificateauthority.AuthorityConfigArgs(
            subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
                subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
                    organization="HashiCorp",
                    common_name="my-certificate-authority",
                ),
                subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
                    dns_names=["hashicorp.com"],
                ),
            ),
            x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
                ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
                    is_ca=True,
                ),
                key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
                    base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
                        cert_sign=True,
                        crl_sign=True,
                    ),
                    extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
                        server_auth=True,
                    ),
                ),
            ),
        ),
        key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
            algorithm="RSA_PKCS1_4096_SHA256",
        ),
        deletion_protection=False,
        skip_grace_period=True,
        ignore_active_certificates_on_deletion=True)
    # creating certificate_issuance_config to use it in the managed certificate
    issuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig("issuanceconfig",
        name="issuance-config",
        description="sample description for the certificate issuanceConfigs",
        certificate_authority_config=gcp.certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs(
            certificate_authority_service_config=gcp.certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs(
                ca_pool=pool.id,
            ),
        ),
        lifetime="1814400s",
        rotation_window_percentage=34,
        key_algorithm="ECDSA_P256",
        opts=pulumi.ResourceOptions(depends_on=[ca_authority]))
    default = gcp.certificatemanager.Certificate("default",
        name="issuance-config-cert",
        description="sample google managed all_regions certificate with issuance config for terraform",
        scope="ALL_REGIONS",
        managed=gcp.certificatemanager.CertificateManagedArgs(
            domains=["terraform.subdomain1.com"],
            issuance_config=issuanceconfig.id,
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		pool, err := certificateauthority.NewCaPool(ctx, "pool", &certificateauthority.CaPoolArgs{
    			Name:     pulumi.String("ca-pool"),
    			Location: pulumi.String("us-central1"),
    			Tier:     pulumi.String("ENTERPRISE"),
    		})
    		if err != nil {
    			return err
    		}
    		caAuthority, err := certificateauthority.NewAuthority(ctx, "ca_authority", &certificateauthority.AuthorityArgs{
    			Location:               pulumi.String("us-central1"),
    			Pool:                   pool.Name,
    			CertificateAuthorityId: pulumi.String("ca-authority"),
    			Config: &certificateauthority.AuthorityConfigArgs{
    				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
    					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
    						Organization: pulumi.String("HashiCorp"),
    						CommonName:   pulumi.String("my-certificate-authority"),
    					},
    					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
    						DnsNames: pulumi.StringArray{
    							pulumi.String("hashicorp.com"),
    						},
    					},
    				},
    				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
    					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
    						IsCa: pulumi.Bool(true),
    					},
    					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
    						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
    							CertSign: pulumi.Bool(true),
    							CrlSign:  pulumi.Bool(true),
    						},
    						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
    							ServerAuth: pulumi.Bool(true),
    						},
    					},
    				},
    			},
    			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
    				Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
    			},
    			DeletionProtection:                 pulumi.Bool(false),
    			SkipGracePeriod:                    pulumi.Bool(true),
    			IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		// creating certificate_issuance_config to use it in the managed certificate
    		issuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, "issuanceconfig", &certificatemanager.CertificateIssuanceConfigArgs{
    			Name:        pulumi.String("issuance-config"),
    			Description: pulumi.String("sample description for the certificate issuanceConfigs"),
    			CertificateAuthorityConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{
    				CertificateAuthorityServiceConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{
    					CaPool: pool.ID(),
    				},
    			},
    			Lifetime:                 pulumi.String("1814400s"),
    			RotationWindowPercentage: pulumi.Int(34),
    			KeyAlgorithm:             pulumi.String("ECDSA_P256"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			caAuthority,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
    			Name:        pulumi.String("issuance-config-cert"),
    			Description: pulumi.String("sample google managed all_regions certificate with issuance config for terraform"),
    			Scope:       pulumi.String("ALL_REGIONS"),
    			Managed: &certificatemanager.CertificateManagedArgs{
    				Domains: pulumi.StringArray{
    					pulumi.String("terraform.subdomain1.com"),
    				},
    				IssuanceConfig: issuanceconfig.ID(),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var pool = new Gcp.CertificateAuthority.CaPool("pool", new()
        {
            Name = "ca-pool",
            Location = "us-central1",
            Tier = "ENTERPRISE",
        });
    
        var caAuthority = new Gcp.CertificateAuthority.Authority("ca_authority", new()
        {
            Location = "us-central1",
            Pool = pool.Name,
            CertificateAuthorityId = "ca-authority",
            Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
            {
                SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
                {
                    Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
                    {
                        Organization = "HashiCorp",
                        CommonName = "my-certificate-authority",
                    },
                    SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
                    {
                        DnsNames = new[]
                        {
                            "hashicorp.com",
                        },
                    },
                },
                X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
                {
                    CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
                    {
                        IsCa = true,
                    },
                    KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
                    {
                        BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
                        {
                            CertSign = true,
                            CrlSign = true,
                        },
                        ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
                        {
                            ServerAuth = true,
                        },
                    },
                },
            },
            KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
            {
                Algorithm = "RSA_PKCS1_4096_SHA256",
            },
            DeletionProtection = false,
            SkipGracePeriod = true,
            IgnoreActiveCertificatesOnDeletion = true,
        });
    
        // creating certificate_issuance_config to use it in the managed certificate
        var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig("issuanceconfig", new()
        {
            Name = "issuance-config",
            Description = "sample description for the certificate issuanceConfigs",
            CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs
            {
                CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs
                {
                    CaPool = pool.Id,
                },
            },
            Lifetime = "1814400s",
            RotationWindowPercentage = 34,
            KeyAlgorithm = "ECDSA_P256",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                caAuthority,
            },
        });
    
        var @default = new Gcp.CertificateManager.Certificate("default", new()
        {
            Name = "issuance-config-cert",
            Description = "sample google managed all_regions certificate with issuance config for terraform",
            Scope = "ALL_REGIONS",
            Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
            {
                Domains = new[]
                {
                    "terraform.subdomain1.com",
                },
                IssuanceConfig = issuanceconfig.Id,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificateauthority.CaPool;
    import com.pulumi.gcp.certificateauthority.CaPoolArgs;
    import com.pulumi.gcp.certificateauthority.Authority;
    import com.pulumi.gcp.certificateauthority.AuthorityArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
    import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
    import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
    import com.pulumi.gcp.certificatemanager.Certificate;
    import com.pulumi.gcp.certificatemanager.CertificateArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var pool = new CaPool("pool", CaPoolArgs.builder()
                .name("ca-pool")
                .location("us-central1")
                .tier("ENTERPRISE")
                .build());
    
            var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()
                .location("us-central1")
                .pool(pool.name())
                .certificateAuthorityId("ca-authority")
                .config(AuthorityConfigArgs.builder()
                    .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
                        .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
                            .organization("HashiCorp")
                            .commonName("my-certificate-authority")
                            .build())
                        .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
                            .dnsNames("hashicorp.com")
                            .build())
                        .build())
                    .x509Config(AuthorityConfigX509ConfigArgs.builder()
                        .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
                            .isCa(true)
                            .build())
                        .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
                            .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
                                .certSign(true)
                                .crlSign(true)
                                .build())
                            .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
                                .serverAuth(true)
                                .build())
                            .build())
                        .build())
                    .build())
                .keySpec(AuthorityKeySpecArgs.builder()
                    .algorithm("RSA_PKCS1_4096_SHA256")
                    .build())
                .deletionProtection(false)
                .skipGracePeriod(true)
                .ignoreActiveCertificatesOnDeletion(true)
                .build());
    
            // creating certificate_issuance_config to use it in the managed certificate
            var issuanceconfig = new CertificateIssuanceConfig("issuanceconfig", CertificateIssuanceConfigArgs.builder()
                .name("issuance-config")
                .description("sample description for the certificate issuanceConfigs")
                .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
                    .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
                        .caPool(pool.id())
                        .build())
                    .build())
                .lifetime("1814400s")
                .rotationWindowPercentage(34)
                .keyAlgorithm("ECDSA_P256")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(caAuthority)
                    .build());
    
            var default_ = new Certificate("default", CertificateArgs.builder()
                .name("issuance-config-cert")
                .description("sample google managed all_regions certificate with issuance config for terraform")
                .scope("ALL_REGIONS")
                .managed(CertificateManagedArgs.builder()
                    .domains("terraform.subdomain1.com")
                    .issuanceConfig(issuanceconfig.id())
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:certificatemanager:Certificate
        properties:
          name: issuance-config-cert
          description: sample google managed all_regions certificate with issuance config for terraform
          scope: ALL_REGIONS
          managed:
            domains:
              - terraform.subdomain1.com
            issuanceConfig: ${issuanceconfig.id}
      # creating certificate_issuance_config to use it in the managed certificate
      issuanceconfig:
        type: gcp:certificatemanager:CertificateIssuanceConfig
        properties:
          name: issuance-config
          description: sample description for the certificate issuanceConfigs
          certificateAuthorityConfig:
            certificateAuthorityServiceConfig:
              caPool: ${pool.id}
          lifetime: 1814400s
          rotationWindowPercentage: 34
          keyAlgorithm: ECDSA_P256
        options:
          dependson:
            - ${caAuthority}
      pool:
        type: gcp:certificateauthority:CaPool
        properties:
          name: ca-pool
          location: us-central1
          tier: ENTERPRISE
      caAuthority:
        type: gcp:certificateauthority:Authority
        name: ca_authority
        properties:
          location: us-central1
          pool: ${pool.name}
          certificateAuthorityId: ca-authority
          config:
            subjectConfig:
              subject:
                organization: HashiCorp
                commonName: my-certificate-authority
              subjectAltName:
                dnsNames:
                  - hashicorp.com
            x509Config:
              caOptions:
                isCa: true
              keyUsage:
                baseKeyUsage:
                  certSign: true
                  crlSign: true
                extendedKeyUsage:
                  serverAuth: true
          keySpec:
            algorithm: RSA_PKCS1_4096_SHA256
          deletionProtection: false
          skipGracePeriod: true
          ignoreActiveCertificatesOnDeletion: true
    

    Certificate Manager Google Managed Certificate Dns All Regions

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
        name: "dns-auth",
        description: "The default dnss",
        domain: "subdomain.hashicorptest.com",
    });
    const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
        name: "dns-auth2",
        description: "The default dnss",
        domain: "subdomain2.hashicorptest.com",
    });
    const _default = new gcp.certificatemanager.Certificate("default", {
        name: "dns-cert",
        description: "The default cert",
        scope: "ALL_REGIONS",
        managed: {
            domains: [
                instance.domain,
                instance2.domain,
            ],
            dnsAuthorizations: [
                instance.id,
                instance2.id,
            ],
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    instance = gcp.certificatemanager.DnsAuthorization("instance",
        name="dns-auth",
        description="The default dnss",
        domain="subdomain.hashicorptest.com")
    instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
        name="dns-auth2",
        description="The default dnss",
        domain="subdomain2.hashicorptest.com")
    default = gcp.certificatemanager.Certificate("default",
        name="dns-cert",
        description="The default cert",
        scope="ALL_REGIONS",
        managed=gcp.certificatemanager.CertificateManagedArgs(
            domains=[
                instance.domain,
                instance2.domain,
            ],
            dns_authorizations=[
                instance.id,
                instance2.id,
            ],
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
    			Name:        pulumi.String("dns-auth"),
    			Description: pulumi.String("The default dnss"),
    			Domain:      pulumi.String("subdomain.hashicorptest.com"),
    		})
    		if err != nil {
    			return err
    		}
    		instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
    			Name:        pulumi.String("dns-auth2"),
    			Description: pulumi.String("The default dnss"),
    			Domain:      pulumi.String("subdomain2.hashicorptest.com"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
    			Name:        pulumi.String("dns-cert"),
    			Description: pulumi.String("The default cert"),
    			Scope:       pulumi.String("ALL_REGIONS"),
    			Managed: &certificatemanager.CertificateManagedArgs{
    				Domains: pulumi.StringArray{
    					instance.Domain,
    					instance2.Domain,
    				},
    				DnsAuthorizations: pulumi.StringArray{
    					instance.ID(),
    					instance2.ID(),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
        {
            Name = "dns-auth",
            Description = "The default dnss",
            Domain = "subdomain.hashicorptest.com",
        });
    
        var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
        {
            Name = "dns-auth2",
            Description = "The default dnss",
            Domain = "subdomain2.hashicorptest.com",
        });
    
        var @default = new Gcp.CertificateManager.Certificate("default", new()
        {
            Name = "dns-cert",
            Description = "The default cert",
            Scope = "ALL_REGIONS",
            Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
            {
                Domains = new[]
                {
                    instance.Domain,
                    instance2.Domain,
                },
                DnsAuthorizations = new[]
                {
                    instance.Id,
                    instance2.Id,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificatemanager.DnsAuthorization;
    import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
    import com.pulumi.gcp.certificatemanager.Certificate;
    import com.pulumi.gcp.certificatemanager.CertificateArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
                .name("dns-auth")
                .description("The default dnss")
                .domain("subdomain.hashicorptest.com")
                .build());
    
            var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()
                .name("dns-auth2")
                .description("The default dnss")
                .domain("subdomain2.hashicorptest.com")
                .build());
    
            var default_ = new Certificate("default", CertificateArgs.builder()
                .name("dns-cert")
                .description("The default cert")
                .scope("ALL_REGIONS")
                .managed(CertificateManagedArgs.builder()
                    .domains(                
                        instance.domain(),
                        instance2.domain())
                    .dnsAuthorizations(                
                        instance.id(),
                        instance2.id())
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:certificatemanager:Certificate
        properties:
          name: dns-cert
          description: The default cert
          scope: ALL_REGIONS
          managed:
            domains:
              - ${instance.domain}
              - ${instance2.domain}
            dnsAuthorizations:
              - ${instance.id}
              - ${instance2.id}
      instance:
        type: gcp:certificatemanager:DnsAuthorization
        properties:
          name: dns-auth
          description: The default dnss
          domain: subdomain.hashicorptest.com
      instance2:
        type: gcp:certificatemanager:DnsAuthorization
        properties:
          name: dns-auth2
          description: The default dnss
          domain: subdomain2.hashicorptest.com
    

    Certificate Manager Google Managed Regional Certificate Dns Auth

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
        name: "dns-auth",
        location: "us-central1",
        description: "The default dnss",
        domain: "subdomain.hashicorptest.com",
    });
    const _default = new gcp.certificatemanager.Certificate("default", {
        name: "dns-cert",
        description: "regional managed certs",
        location: "us-central1",
        managed: {
            domains: [instance.domain],
            dnsAuthorizations: [instance.id],
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    instance = gcp.certificatemanager.DnsAuthorization("instance",
        name="dns-auth",
        location="us-central1",
        description="The default dnss",
        domain="subdomain.hashicorptest.com")
    default = gcp.certificatemanager.Certificate("default",
        name="dns-cert",
        description="regional managed certs",
        location="us-central1",
        managed=gcp.certificatemanager.CertificateManagedArgs(
            domains=[instance.domain],
            dns_authorizations=[instance.id],
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
    			Name:        pulumi.String("dns-auth"),
    			Location:    pulumi.String("us-central1"),
    			Description: pulumi.String("The default dnss"),
    			Domain:      pulumi.String("subdomain.hashicorptest.com"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
    			Name:        pulumi.String("dns-cert"),
    			Description: pulumi.String("regional managed certs"),
    			Location:    pulumi.String("us-central1"),
    			Managed: &certificatemanager.CertificateManagedArgs{
    				Domains: pulumi.StringArray{
    					instance.Domain,
    				},
    				DnsAuthorizations: pulumi.StringArray{
    					instance.ID(),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
        {
            Name = "dns-auth",
            Location = "us-central1",
            Description = "The default dnss",
            Domain = "subdomain.hashicorptest.com",
        });
    
        var @default = new Gcp.CertificateManager.Certificate("default", new()
        {
            Name = "dns-cert",
            Description = "regional managed certs",
            Location = "us-central1",
            Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
            {
                Domains = new[]
                {
                    instance.Domain,
                },
                DnsAuthorizations = new[]
                {
                    instance.Id,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificatemanager.DnsAuthorization;
    import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
    import com.pulumi.gcp.certificatemanager.Certificate;
    import com.pulumi.gcp.certificatemanager.CertificateArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()
                .name("dns-auth")
                .location("us-central1")
                .description("The default dnss")
                .domain("subdomain.hashicorptest.com")
                .build());
    
            var default_ = new Certificate("default", CertificateArgs.builder()
                .name("dns-cert")
                .description("regional managed certs")
                .location("us-central1")
                .managed(CertificateManagedArgs.builder()
                    .domains(instance.domain())
                    .dnsAuthorizations(instance.id())
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:certificatemanager:Certificate
        properties:
          name: dns-cert
          description: regional managed certs
          location: us-central1
          managed:
            domains:
              - ${instance.domain}
            dnsAuthorizations:
              - ${instance.id}
      instance:
        type: gcp:certificatemanager:DnsAuthorization
        properties:
          name: dns-auth
          location: us-central1
          description: The default dnss
          domain: subdomain.hashicorptest.com
    

    Create Certificate Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Certificate(name: string, args?: CertificateArgs, opts?: CustomResourceOptions);
    @overload
    def Certificate(resource_name: str,
                    args: Optional[CertificateArgs] = None,
                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def Certificate(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    description: Optional[str] = None,
                    labels: Optional[Mapping[str, str]] = None,
                    location: Optional[str] = None,
                    managed: Optional[CertificateManagedArgs] = None,
                    name: Optional[str] = None,
                    project: Optional[str] = None,
                    scope: Optional[str] = None,
                    self_managed: Optional[CertificateSelfManagedArgs] = None)
    func NewCertificate(ctx *Context, name string, args *CertificateArgs, opts ...ResourceOption) (*Certificate, error)
    public Certificate(string name, CertificateArgs? args = null, CustomResourceOptions? opts = null)
    public Certificate(String name, CertificateArgs args)
    public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
    
    type: gcp:certificatemanager:Certificate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var gcpCertificateResource = new Gcp.CertificateManager.Certificate("gcpCertificateResource", new()
    {
        Description = "string",
        Labels = 
        {
            { "string", "string" },
        },
        Location = "string",
        Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
        {
            AuthorizationAttemptInfos = new[]
            {
                new Gcp.CertificateManager.Inputs.CertificateManagedAuthorizationAttemptInfoArgs
                {
                    Details = "string",
                    Domain = "string",
                    FailureReason = "string",
                    State = "string",
                },
            },
            DnsAuthorizations = new[]
            {
                "string",
            },
            Domains = new[]
            {
                "string",
            },
            IssuanceConfig = "string",
            ProvisioningIssues = new[]
            {
                new Gcp.CertificateManager.Inputs.CertificateManagedProvisioningIssueArgs
                {
                    Details = "string",
                    Reason = "string",
                },
            },
            State = "string",
        },
        Name = "string",
        Project = "string",
        Scope = "string",
        SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
        {
            PemCertificate = "string",
            PemPrivateKey = "string",
        },
    });
    
    example, err := certificatemanager.NewCertificate(ctx, "gcpCertificateResource", &certificatemanager.CertificateArgs{
    	Description: pulumi.String("string"),
    	Labels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Location: pulumi.String("string"),
    	Managed: &certificatemanager.CertificateManagedArgs{
    		AuthorizationAttemptInfos: certificatemanager.CertificateManagedAuthorizationAttemptInfoArray{
    			&certificatemanager.CertificateManagedAuthorizationAttemptInfoArgs{
    				Details:       pulumi.String("string"),
    				Domain:        pulumi.String("string"),
    				FailureReason: pulumi.String("string"),
    				State:         pulumi.String("string"),
    			},
    		},
    		DnsAuthorizations: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Domains: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		IssuanceConfig: pulumi.String("string"),
    		ProvisioningIssues: certificatemanager.CertificateManagedProvisioningIssueArray{
    			&certificatemanager.CertificateManagedProvisioningIssueArgs{
    				Details: pulumi.String("string"),
    				Reason:  pulumi.String("string"),
    			},
    		},
    		State: pulumi.String("string"),
    	},
    	Name:    pulumi.String("string"),
    	Project: pulumi.String("string"),
    	Scope:   pulumi.String("string"),
    	SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
    		PemCertificate: pulumi.String("string"),
    		PemPrivateKey:  pulumi.String("string"),
    	},
    })
    
    var gcpCertificateResource = new Certificate("gcpCertificateResource", CertificateArgs.builder()
        .description("string")
        .labels(Map.of("string", "string"))
        .location("string")
        .managed(CertificateManagedArgs.builder()
            .authorizationAttemptInfos(CertificateManagedAuthorizationAttemptInfoArgs.builder()
                .details("string")
                .domain("string")
                .failureReason("string")
                .state("string")
                .build())
            .dnsAuthorizations("string")
            .domains("string")
            .issuanceConfig("string")
            .provisioningIssues(CertificateManagedProvisioningIssueArgs.builder()
                .details("string")
                .reason("string")
                .build())
            .state("string")
            .build())
        .name("string")
        .project("string")
        .scope("string")
        .selfManaged(CertificateSelfManagedArgs.builder()
            .pemCertificate("string")
            .pemPrivateKey("string")
            .build())
        .build());
    
    gcp_certificate_resource = gcp.certificatemanager.Certificate("gcpCertificateResource",
        description="string",
        labels={
            "string": "string",
        },
        location="string",
        managed=gcp.certificatemanager.CertificateManagedArgs(
            authorization_attempt_infos=[gcp.certificatemanager.CertificateManagedAuthorizationAttemptInfoArgs(
                details="string",
                domain="string",
                failure_reason="string",
                state="string",
            )],
            dns_authorizations=["string"],
            domains=["string"],
            issuance_config="string",
            provisioning_issues=[gcp.certificatemanager.CertificateManagedProvisioningIssueArgs(
                details="string",
                reason="string",
            )],
            state="string",
        ),
        name="string",
        project="string",
        scope="string",
        self_managed=gcp.certificatemanager.CertificateSelfManagedArgs(
            pem_certificate="string",
            pem_private_key="string",
        ))
    
    const gcpCertificateResource = new gcp.certificatemanager.Certificate("gcpCertificateResource", {
        description: "string",
        labels: {
            string: "string",
        },
        location: "string",
        managed: {
            authorizationAttemptInfos: [{
                details: "string",
                domain: "string",
                failureReason: "string",
                state: "string",
            }],
            dnsAuthorizations: ["string"],
            domains: ["string"],
            issuanceConfig: "string",
            provisioningIssues: [{
                details: "string",
                reason: "string",
            }],
            state: "string",
        },
        name: "string",
        project: "string",
        scope: "string",
        selfManaged: {
            pemCertificate: "string",
            pemPrivateKey: "string",
        },
    });
    
    type: gcp:certificatemanager:Certificate
    properties:
        description: string
        labels:
            string: string
        location: string
        managed:
            authorizationAttemptInfos:
                - details: string
                  domain: string
                  failureReason: string
                  state: string
            dnsAuthorizations:
                - string
            domains:
                - string
            issuanceConfig: string
            provisioningIssues:
                - details: string
                  reason: string
            state: string
        name: string
        project: string
        scope: string
        selfManaged:
            pemCertificate: string
            pemPrivateKey: string
    

    Certificate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Certificate resource accepts the following input properties:

    Description string
    A human-readable description of the resource.
    Labels Dictionary<string, string>
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The Certificate Manager location. If not specified, "global" is used.
    Managed CertificateManaged
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    Name string
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Scope string
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    SelfManaged CertificateSelfManaged
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
    Description string
    A human-readable description of the resource.
    Labels map[string]string
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The Certificate Manager location. If not specified, "global" is used.
    Managed CertificateManagedArgs
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    Name string
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Scope string
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    SelfManaged CertificateSelfManagedArgs
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
    description String
    A human-readable description of the resource.
    labels Map<String,String>
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The Certificate Manager location. If not specified, "global" is used.
    managed CertificateManaged
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    name String
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    scope String
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    selfManaged CertificateSelfManaged
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
    description string
    A human-readable description of the resource.
    labels {[key: string]: string}
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location string
    The Certificate Manager location. If not specified, "global" is used.
    managed CertificateManaged
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    name string
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    scope string
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    selfManaged CertificateSelfManaged
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
    description str
    A human-readable description of the resource.
    labels Mapping[str, str]
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location str
    The Certificate Manager location. If not specified, "global" is used.
    managed CertificateManagedArgs
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    name str
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    scope str
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    self_managed CertificateSelfManagedArgs
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
    description String
    A human-readable description of the resource.
    labels Map<String>
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The Certificate Manager location. If not specified, "global" is used.
    managed Property Map
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    name String
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    scope String
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    selfManaged Property Map
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id string
    The provider-assigned unique ID for this managed resource.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id str
    The provider-assigned unique ID for this managed resource.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.

    Look up Existing Certificate Resource

    Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            description: Optional[str] = None,
            effective_labels: Optional[Mapping[str, str]] = None,
            labels: Optional[Mapping[str, str]] = None,
            location: Optional[str] = None,
            managed: Optional[CertificateManagedArgs] = None,
            name: Optional[str] = None,
            project: Optional[str] = None,
            pulumi_labels: Optional[Mapping[str, str]] = None,
            scope: Optional[str] = None,
            self_managed: Optional[CertificateSelfManagedArgs] = None) -> Certificate
    func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
    public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
    public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Description string
    A human-readable description of the resource.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Labels Dictionary<string, string>
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The Certificate Manager location. If not specified, "global" is used.
    Managed CertificateManaged
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    Name string
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    Scope string
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    SelfManaged CertificateSelfManaged
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
    Description string
    A human-readable description of the resource.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Labels map[string]string
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The Certificate Manager location. If not specified, "global" is used.
    Managed CertificateManagedArgs
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    Name string
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    Scope string
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    SelfManaged CertificateSelfManagedArgs
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
    description String
    A human-readable description of the resource.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels Map<String,String>
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The Certificate Manager location. If not specified, "global" is used.
    managed CertificateManaged
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    name String
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    scope String
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    selfManaged CertificateSelfManaged
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
    description string
    A human-readable description of the resource.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels {[key: string]: string}
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location string
    The Certificate Manager location. If not specified, "global" is used.
    managed CertificateManaged
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    name string
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    scope string
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    selfManaged CertificateSelfManaged
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
    description str
    A human-readable description of the resource.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels Mapping[str, str]
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location str
    The Certificate Manager location. If not specified, "global" is used.
    managed CertificateManagedArgs
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    name str
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    scope str
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    self_managed CertificateSelfManagedArgs
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
    description String
    A human-readable description of the resource.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels Map<String>
    Set of label tags associated with the Certificate resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The Certificate Manager location. If not specified, "global" is used.
    managed Property Map
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
    name String
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.


    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    scope String
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). See https://cloud.google.com/compute/docs/regions-zones
    selfManaged Property Map
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

    Supporting Types

    CertificateManaged, CertificateManagedArgs

    AuthorizationAttemptInfos List<CertificateManagedAuthorizationAttemptInfo>

    (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.

    The provisioning_issue block contains:

    DnsAuthorizations List<string>
    Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    Domains List<string>
    The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
    IssuanceConfig string
    The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects//locations//certificateIssuanceConfigs/*. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    ProvisioningIssues List<CertificateManagedProvisioningIssue>
    (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
    State string
    (Output) State of the domain for managed certificate issuance.
    AuthorizationAttemptInfos []CertificateManagedAuthorizationAttemptInfo

    (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.

    The provisioning_issue block contains:

    DnsAuthorizations []string
    Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    Domains []string
    The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
    IssuanceConfig string
    The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects//locations//certificateIssuanceConfigs/*. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    ProvisioningIssues []CertificateManagedProvisioningIssue
    (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
    State string
    (Output) State of the domain for managed certificate issuance.
    authorizationAttemptInfos List<CertificateManagedAuthorizationAttemptInfo>

    (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.

    The provisioning_issue block contains:

    dnsAuthorizations List<String>
    Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    domains List<String>
    The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
    issuanceConfig String
    The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects//locations//certificateIssuanceConfigs/*. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    provisioningIssues List<CertificateManagedProvisioningIssue>
    (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
    state String
    (Output) State of the domain for managed certificate issuance.
    authorizationAttemptInfos CertificateManagedAuthorizationAttemptInfo[]

    (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.

    The provisioning_issue block contains:

    dnsAuthorizations string[]
    Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    domains string[]
    The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
    issuanceConfig string
    The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects//locations//certificateIssuanceConfigs/*. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    provisioningIssues CertificateManagedProvisioningIssue[]
    (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
    state string
    (Output) State of the domain for managed certificate issuance.
    authorization_attempt_infos Sequence[CertificateManagedAuthorizationAttemptInfo]

    (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.

    The provisioning_issue block contains:

    dns_authorizations Sequence[str]
    Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    domains Sequence[str]
    The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
    issuance_config str
    The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects//locations//certificateIssuanceConfigs/*. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    provisioning_issues Sequence[CertificateManagedProvisioningIssue]
    (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
    state str
    (Output) State of the domain for managed certificate issuance.
    authorizationAttemptInfos List<Property Map>

    (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.

    The provisioning_issue block contains:

    dnsAuthorizations List<String>
    Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    domains List<String>
    The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
    issuanceConfig String
    The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects//locations//certificateIssuanceConfigs/*. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.
    provisioningIssues List<Property Map>
    (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
    state String
    (Output) State of the domain for managed certificate issuance.

    CertificateManagedAuthorizationAttemptInfo, CertificateManagedAuthorizationAttemptInfoArgs

    Details string
    Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'failure_reason' field.
    Domain string
    Domain name of the authorization attempt.
    FailureReason string
    Reason for failure of the authorization attempt for the domain.
    State string
    State of the domain for managed certificate issuance.
    Details string
    Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'failure_reason' field.
    Domain string
    Domain name of the authorization attempt.
    FailureReason string
    Reason for failure of the authorization attempt for the domain.
    State string
    State of the domain for managed certificate issuance.
    details String
    Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'failure_reason' field.
    domain String
    Domain name of the authorization attempt.
    failureReason String
    Reason for failure of the authorization attempt for the domain.
    state String
    State of the domain for managed certificate issuance.
    details string
    Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'failure_reason' field.
    domain string
    Domain name of the authorization attempt.
    failureReason string
    Reason for failure of the authorization attempt for the domain.
    state string
    State of the domain for managed certificate issuance.
    details str
    Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'failure_reason' field.
    domain str
    Domain name of the authorization attempt.
    failure_reason str
    Reason for failure of the authorization attempt for the domain.
    state str
    State of the domain for managed certificate issuance.
    details String
    Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'failure_reason' field.
    domain String
    Domain name of the authorization attempt.
    failureReason String
    Reason for failure of the authorization attempt for the domain.
    state String
    State of the domain for managed certificate issuance.

    CertificateManagedProvisioningIssue, CertificateManagedProvisioningIssueArgs

    Details string
    Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'reason' field.
    Reason string
    Reason for provisioning failures.
    Details string
    Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'reason' field.
    Reason string
    Reason for provisioning failures.
    details String
    Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'reason' field.
    reason String
    Reason for provisioning failures.
    details string
    Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'reason' field.
    reason string
    Reason for provisioning failures.
    details str
    Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'reason' field.
    reason str
    Reason for provisioning failures.
    details String
    Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'reason' field.
    reason String
    Reason for provisioning failures.

    CertificateSelfManaged, CertificateSelfManagedArgs

    CertificatePem string

    (Optional, Deprecated) The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

    Warning: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    Deprecated: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    PemCertificate string
    The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.
    PemPrivateKey string
    The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.
    PrivateKeyPem string

    (Optional, Deprecated) The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

    Warning: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    Deprecated: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    CertificatePem string

    (Optional, Deprecated) The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

    Warning: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    Deprecated: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    PemCertificate string
    The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.
    PemPrivateKey string
    The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.
    PrivateKeyPem string

    (Optional, Deprecated) The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

    Warning: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    Deprecated: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    certificatePem String

    (Optional, Deprecated) The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

    Warning: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    Deprecated: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    pemCertificate String
    The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.
    pemPrivateKey String
    The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.
    privateKeyPem String

    (Optional, Deprecated) The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

    Warning: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    Deprecated: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    certificatePem string

    (Optional, Deprecated) The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

    Warning: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    Deprecated: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    pemCertificate string
    The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.
    pemPrivateKey string
    The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.
    privateKeyPem string

    (Optional, Deprecated) The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

    Warning: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    Deprecated: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    certificate_pem str

    (Optional, Deprecated) The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

    Warning: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    Deprecated: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    pem_certificate str
    The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.
    pem_private_key str
    The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.
    private_key_pem str

    (Optional, Deprecated) The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

    Warning: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    Deprecated: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    certificatePem String

    (Optional, Deprecated) The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

    Warning: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    Deprecated: certificate_pem is deprecated and will be removed in a future major release. Use pem_certificate instead.

    pemCertificate String
    The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.
    pemPrivateKey String
    The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.
    privateKeyPem String

    (Optional, Deprecated) The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

    Warning: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    Deprecated: private_key_pem is deprecated and will be removed in a future major release. Use pem_private_key instead.

    Import

    Certificate can be imported using any of these accepted formats:

    • projects/{{project}}/locations/{{location}}/certificates/{{name}}

    • {{project}}/{{location}}/{{name}}

    • {{location}}/{{name}}

    When using the pulumi import command, Certificate can be imported using one of the formats above. For example:

    $ pulumi import gcp:certificatemanager/certificate:Certificate default projects/{{project}}/locations/{{location}}/certificates/{{name}}
    
    $ pulumi import gcp:certificatemanager/certificate:Certificate default {{project}}/{{location}}/{{name}}
    
    $ pulumi import gcp:certificatemanager/certificate:Certificate default {{location}}/{{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.28.0 published on Friday, Jun 21, 2024 by Pulumi