← All packages

Google Cloud (GCP) Classic

Pulumi Official

Package maintained by Pulumi

v6.28.0 published on Friday, Jun 17, 2022 by Pulumi

Source code

Certificate

Certificate represents a HTTP-reachable backend for an Certificate.

Warning: These resources require allow-listing to use, and are not openly available to all Cloud customers. Engage with your Cloud account team to discuss how to onboard.

Warning: All arguments including self_managed.certificate_pem and self_managed.private_key_pem will be stored in the raw state as plain-text. Read more about sensitive data in state.

Example Usage

Certificate Manager Certificate Basic

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
    public MyStack()
    {
        var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new Gcp.CertificateManager.DnsAuthorizationArgs
        {
            Description = "The default dnss",
            Domain = "subdomain.hashicorptest.com",
        });
        var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new Gcp.CertificateManager.DnsAuthorizationArgs
        {
            Description = "The default dnss",
            Domain = "subdomain2.hashicorptest.com",
        });
        var @default = new Gcp.CertificateManager.Certificate("default", new Gcp.CertificateManager.CertificateArgs
        {
            Description = "The default cert",
            Scope = "EDGE_CACHE",
            Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
            {
                Domains = 
                {
                    instance.Domain,
                    instance2.Domain,
                },
                DnsAuthorizations = 
                {
                    instance.Id,
                    instance2.Id,
                },
            },
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/certificatemanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
			Description: pulumi.String("The default dnss"),
			Domain:      pulumi.String("subdomain.hashicorptest.com"),
		})
		if err != nil {
			return err
		}
		instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
			Description: pulumi.String("The default dnss"),
			Domain:      pulumi.String("subdomain2.hashicorptest.com"),
		})
		if err != nil {
			return err
		}
		_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
			Description: pulumi.String("The default cert"),
			Scope:       pulumi.String("EDGE_CACHE"),
			Managed: &certificatemanager.CertificateManagedArgs{
				Domains: pulumi.StringArray{
					instance.Domain,
					instance2.Domain,
				},
				DnsAuthorizations: pulumi.StringArray{
					instance.ID(),
					instance2.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()        
            .description("The default dnss")
            .domain("subdomain.hashicorptest.com")
            .build());

        var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()        
            .description("The default dnss")
            .domain("subdomain2.hashicorptest.com")
            .build());

        var default_ = new Certificate("default", CertificateArgs.builder()        
            .description("The default cert")
            .scope("EDGE_CACHE")
            .managed(CertificateManagedArgs.builder()
                .domains(                
                    instance.domain(),
                    instance2.domain())
                .dnsAuthorizations(                
                    instance.id(),
                    instance2.id())
                .build())
            .build());

    }
}

import pulumi
import pulumi_gcp as gcp

instance = gcp.certificatemanager.DnsAuthorization("instance",
    description="The default dnss",
    domain="subdomain.hashicorptest.com")
instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
    description="The default dnss",
    domain="subdomain2.hashicorptest.com")
default = gcp.certificatemanager.Certificate("default",
    description="The default cert",
    scope="EDGE_CACHE",
    managed=gcp.certificatemanager.CertificateManagedArgs(
        domains=[
            instance.domain,
            instance2.domain,
        ],
        dns_authorizations=[
            instance.id,
            instance2.id,
        ],
    ))

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
    description: "The default dnss",
    domain: "subdomain.hashicorptest.com",
});
const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
    description: "The default dnss",
    domain: "subdomain2.hashicorptest.com",
});
const _default = new gcp.certificatemanager.Certificate("default", {
    description: "The default cert",
    scope: "EDGE_CACHE",
    managed: {
        domains: [
            instance.domain,
            instance2.domain,
        ],
        dnsAuthorizations: [
            instance.id,
            instance2.id,
        ],
    },
});

resources:
  default:
    type: gcp:certificatemanager:Certificate
    properties:
      description: The default cert
      scope: EDGE_CACHE
      managed:
        domains:
          - ${instance.domain}
          - ${instance2.domain}
        dnsAuthorizations:
          - ${instance.id}
          - ${instance2.id}
  instance:
    type: gcp:certificatemanager:DnsAuthorization
    properties:
      description: The default dnss
      domain: subdomain.hashicorptest.com
  instance2:
    type: gcp:certificatemanager:DnsAuthorization
    properties:
      description: The default dnss
      domain: subdomain2.hashicorptest.com

Create a Certificate Resource

new Certificate(name: string, args?: CertificateArgs, opts?: CustomResourceOptions);

@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                description: Optional[str] = None,
                labels: Optional[Mapping[str, str]] = None,
                managed: Optional[CertificateManagedArgs] = None,
                name: Optional[str] = None,
                project: Optional[str] = None,
                scope: Optional[str] = None,
                self_managed: Optional[CertificateSelfManagedArgs] = None)
@overload
def Certificate(resource_name: str,
                args: Optional[CertificateArgs] = None,
                opts: Optional[ResourceOptions] = None)

func NewCertificate(ctx *Context, name string, args *CertificateArgs, opts ...ResourceOption) (*Certificate, error)

public Certificate(string name, CertificateArgs? args = null, CustomResourceOptions? opts = null)

public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)

type: gcp:certificatemanager:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Certificate resource accepts the following input properties:

Description string: A human-readable description of the resource.
Labels Dictionary<string, string>: Set of label tags associated with the EdgeCache resource.
Managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
Name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Scope string: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
SelfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

Description string: A human-readable description of the resource.
Labels map[string]string: Set of label tags associated with the EdgeCache resource.
Managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
Name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Scope string: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
SelfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description String: A human-readable description of the resource.
labels Map<String,String>: Set of label tags associated with the EdgeCache resource.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name String: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope String: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
selfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description string: A human-readable description of the resource.
labels {[key: string]: string}: Set of label tags associated with the EdgeCache resource.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope string: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
selfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description str: A human-readable description of the resource.
labels Mapping[str, str]: Set of label tags associated with the EdgeCache resource.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name str: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope str: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
self_managed CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description String: A human-readable description of the resource.
labels Map<String>: Set of label tags associated with the EdgeCache resource.
managed Property Map: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name String: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope String: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
selfManaged Property Map: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up an Existing Certificate Resource

Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        labels: Optional[Mapping[str, str]] = None,
        managed: Optional[CertificateManagedArgs] = None,
        name: Optional[str] = None,
        project: Optional[str] = None,
        scope: Optional[str] = None,
        self_managed: Optional[CertificateSelfManagedArgs] = None) -> Certificate

func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)

public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)

public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string: A human-readable description of the resource.
Labels Dictionary<string, string>: Set of label tags associated with the EdgeCache resource.
Managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
Name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Scope string: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
SelfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

Description string: A human-readable description of the resource.
Labels map[string]string: Set of label tags associated with the EdgeCache resource.
Managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
Name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Scope string: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
SelfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description String: A human-readable description of the resource.
labels Map<String,String>: Set of label tags associated with the EdgeCache resource.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name String: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope String: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
selfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description string: A human-readable description of the resource.
labels {[key: string]: string}: Set of label tags associated with the EdgeCache resource.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope string: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
selfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description str: A human-readable description of the resource.
labels Mapping[str, str]: Set of label tags associated with the EdgeCache resource.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name str: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope str: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
self_managed CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description String: A human-readable description of the resource.
labels Map<String>: Set of label tags associated with the EdgeCache resource.
managed Property Map: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name String: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope String: The scope of the certificate. Certificates with default scope are served from core Google data centers. If unsure, choose this option. Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. Default value is DEFAULT. Possible values are DEFAULT and EDGE_CACHE.
selfManaged Property Map: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.