1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. certificatemanager
  5. CertificateIssuanceConfig
Google Cloud Classic v6.66.0 published on Monday, Sep 18, 2023 by Pulumi

gcp.certificatemanager.CertificateIssuanceConfig

Explore with Pulumi AI

gcp logo
Google Cloud Classic v6.66.0 published on Monday, Sep 18, 2023 by Pulumi

    Certificate represents a HTTP-reachable backend for a Certificate.

    To get more information about CertificateIssuanceConfig, see:

    Example Usage

    Certificate Manager Certificate Issuance Config

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var pool = new Gcp.CertificateAuthority.CaPool("pool", new()
        {
            Location = "us-central1",
            Tier = "ENTERPRISE",
        });
    
        var caAuthority = new Gcp.CertificateAuthority.Authority("caAuthority", new()
        {
            Location = "us-central1",
            Pool = pool.Name,
            CertificateAuthorityId = "ca-authority",
            Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
            {
                SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
                {
                    Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
                    {
                        Organization = "HashiCorp",
                        CommonName = "my-certificate-authority",
                    },
                    SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
                    {
                        DnsNames = new[]
                        {
                            "hashicorp.com",
                        },
                    },
                },
                X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
                {
                    CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
                    {
                        IsCa = true,
                    },
                    KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
                    {
                        BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
                        {
                            CertSign = true,
                            CrlSign = true,
                        },
                        ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
                        {
                            ServerAuth = true,
                        },
                    },
                },
            },
            KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
            {
                Algorithm = "RSA_PKCS1_4096_SHA256",
            },
            DeletionProtection = false,
            SkipGracePeriod = true,
            IgnoreActiveCertificatesOnDeletion = true,
        });
    
        var @default = new Gcp.CertificateManager.CertificateIssuanceConfig("default", new()
        {
            Description = "sample description for the certificate issuanceConfigs",
            CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs
            {
                CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs
                {
                    CaPool = pool.Id,
                },
            },
            Lifetime = "1814400s",
            RotationWindowPercentage = 34,
            KeyAlgorithm = "ECDSA_P256",
            Labels = 
            {
                { "name", "wrench" },
                { "count", "3" },
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                caAuthority,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/certificateauthority"
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		pool, err := certificateauthority.NewCaPool(ctx, "pool", &certificateauthority.CaPoolArgs{
    			Location: pulumi.String("us-central1"),
    			Tier:     pulumi.String("ENTERPRISE"),
    		})
    		if err != nil {
    			return err
    		}
    		caAuthority, err := certificateauthority.NewAuthority(ctx, "caAuthority", &certificateauthority.AuthorityArgs{
    			Location:               pulumi.String("us-central1"),
    			Pool:                   pool.Name,
    			CertificateAuthorityId: pulumi.String("ca-authority"),
    			Config: &certificateauthority.AuthorityConfigArgs{
    				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
    					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
    						Organization: pulumi.String("HashiCorp"),
    						CommonName:   pulumi.String("my-certificate-authority"),
    					},
    					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
    						DnsNames: pulumi.StringArray{
    							pulumi.String("hashicorp.com"),
    						},
    					},
    				},
    				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
    					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
    						IsCa: pulumi.Bool(true),
    					},
    					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
    						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
    							CertSign: pulumi.Bool(true),
    							CrlSign:  pulumi.Bool(true),
    						},
    						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
    							ServerAuth: pulumi.Bool(true),
    						},
    					},
    				},
    			},
    			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
    				Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
    			},
    			DeletionProtection:                 pulumi.Bool(false),
    			SkipGracePeriod:                    pulumi.Bool(true),
    			IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = certificatemanager.NewCertificateIssuanceConfig(ctx, "default", &certificatemanager.CertificateIssuanceConfigArgs{
    			Description: pulumi.String("sample description for the certificate issuanceConfigs"),
    			CertificateAuthorityConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{
    				CertificateAuthorityServiceConfig: &certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{
    					CaPool: pool.ID(),
    				},
    			},
    			Lifetime:                 pulumi.String("1814400s"),
    			RotationWindowPercentage: pulumi.Int(34),
    			KeyAlgorithm:             pulumi.String("ECDSA_P256"),
    			Labels: pulumi.StringMap{
    				"name":  pulumi.String("wrench"),
    				"count": pulumi.String("3"),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			caAuthority,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificateauthority.CaPool;
    import com.pulumi.gcp.certificateauthority.CaPoolArgs;
    import com.pulumi.gcp.certificateauthority.Authority;
    import com.pulumi.gcp.certificateauthority.AuthorityArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
    import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;
    import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;
    import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var pool = new CaPool("pool", CaPoolArgs.builder()        
                .location("us-central1")
                .tier("ENTERPRISE")
                .build());
    
            var caAuthority = new Authority("caAuthority", AuthorityArgs.builder()        
                .location("us-central1")
                .pool(pool.name())
                .certificateAuthorityId("ca-authority")
                .config(AuthorityConfigArgs.builder()
                    .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
                        .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
                            .organization("HashiCorp")
                            .commonName("my-certificate-authority")
                            .build())
                        .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
                            .dnsNames("hashicorp.com")
                            .build())
                        .build())
                    .x509Config(AuthorityConfigX509ConfigArgs.builder()
                        .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
                            .isCa(true)
                            .build())
                        .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
                            .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
                                .certSign(true)
                                .crlSign(true)
                                .build())
                            .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
                                .serverAuth(true)
                                .build())
                            .build())
                        .build())
                    .build())
                .keySpec(AuthorityKeySpecArgs.builder()
                    .algorithm("RSA_PKCS1_4096_SHA256")
                    .build())
                .deletionProtection(false)
                .skipGracePeriod(true)
                .ignoreActiveCertificatesOnDeletion(true)
                .build());
    
            var default_ = new CertificateIssuanceConfig("default", CertificateIssuanceConfigArgs.builder()        
                .description("sample description for the certificate issuanceConfigs")
                .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()
                    .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()
                        .caPool(pool.id())
                        .build())
                    .build())
                .lifetime("1814400s")
                .rotationWindowPercentage(34)
                .keyAlgorithm("ECDSA_P256")
                .labels(Map.ofEntries(
                    Map.entry("name", "wrench"),
                    Map.entry("count", "3")
                ))
                .build(), CustomResourceOptions.builder()
                    .dependsOn(caAuthority)
                    .build());
    
        }
    }
    
    import pulumi
    import pulumi_gcp as gcp
    
    pool = gcp.certificateauthority.CaPool("pool",
        location="us-central1",
        tier="ENTERPRISE")
    ca_authority = gcp.certificateauthority.Authority("caAuthority",
        location="us-central1",
        pool=pool.name,
        certificate_authority_id="ca-authority",
        config=gcp.certificateauthority.AuthorityConfigArgs(
            subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
                subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
                    organization="HashiCorp",
                    common_name="my-certificate-authority",
                ),
                subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
                    dns_names=["hashicorp.com"],
                ),
            ),
            x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
                ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
                    is_ca=True,
                ),
                key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
                    base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
                        cert_sign=True,
                        crl_sign=True,
                    ),
                    extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
                        server_auth=True,
                    ),
                ),
            ),
        ),
        key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
            algorithm="RSA_PKCS1_4096_SHA256",
        ),
        deletion_protection=False,
        skip_grace_period=True,
        ignore_active_certificates_on_deletion=True)
    default = gcp.certificatemanager.CertificateIssuanceConfig("default",
        description="sample description for the certificate issuanceConfigs",
        certificate_authority_config=gcp.certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs(
            certificate_authority_service_config=gcp.certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs(
                ca_pool=pool.id,
            ),
        ),
        lifetime="1814400s",
        rotation_window_percentage=34,
        key_algorithm="ECDSA_P256",
        labels={
            "name": "wrench",
            "count": "3",
        },
        opts=pulumi.ResourceOptions(depends_on=[ca_authority]))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const pool = new gcp.certificateauthority.CaPool("pool", {
        location: "us-central1",
        tier: "ENTERPRISE",
    });
    const caAuthority = new gcp.certificateauthority.Authority("caAuthority", {
        location: "us-central1",
        pool: pool.name,
        certificateAuthorityId: "ca-authority",
        config: {
            subjectConfig: {
                subject: {
                    organization: "HashiCorp",
                    commonName: "my-certificate-authority",
                },
                subjectAltName: {
                    dnsNames: ["hashicorp.com"],
                },
            },
            x509Config: {
                caOptions: {
                    isCa: true,
                },
                keyUsage: {
                    baseKeyUsage: {
                        certSign: true,
                        crlSign: true,
                    },
                    extendedKeyUsage: {
                        serverAuth: true,
                    },
                },
            },
        },
        keySpec: {
            algorithm: "RSA_PKCS1_4096_SHA256",
        },
        deletionProtection: false,
        skipGracePeriod: true,
        ignoreActiveCertificatesOnDeletion: true,
    });
    const _default = new gcp.certificatemanager.CertificateIssuanceConfig("default", {
        description: "sample description for the certificate issuanceConfigs",
        certificateAuthorityConfig: {
            certificateAuthorityServiceConfig: {
                caPool: pool.id,
            },
        },
        lifetime: "1814400s",
        rotationWindowPercentage: 34,
        keyAlgorithm: "ECDSA_P256",
        labels: {
            name: "wrench",
            count: "3",
        },
    }, {
        dependsOn: [caAuthority],
    });
    
    resources:
      default:
        type: gcp:certificatemanager:CertificateIssuanceConfig
        properties:
          description: sample description for the certificate issuanceConfigs
          certificateAuthorityConfig:
            certificateAuthorityServiceConfig:
              caPool: ${pool.id}
          lifetime: 1814400s
          rotationWindowPercentage: 34
          keyAlgorithm: ECDSA_P256
          labels:
            name: wrench
            count: '3'
        options:
          dependson:
            - ${caAuthority}
      pool:
        type: gcp:certificateauthority:CaPool
        properties:
          location: us-central1
          tier: ENTERPRISE
      caAuthority:
        type: gcp:certificateauthority:Authority
        properties:
          location: us-central1
          pool: ${pool.name}
          certificateAuthorityId: ca-authority
          config:
            subjectConfig:
              subject:
                organization: HashiCorp
                commonName: my-certificate-authority
              subjectAltName:
                dnsNames:
                  - hashicorp.com
            x509Config:
              caOptions:
                isCa: true
              keyUsage:
                baseKeyUsage:
                  certSign: true
                  crlSign: true
                extendedKeyUsage:
                  serverAuth: true
          keySpec:
            algorithm: RSA_PKCS1_4096_SHA256
          # Disable CA deletion related safe checks for easier cleanup.
          deletionProtection: false
          skipGracePeriod: true
          ignoreActiveCertificatesOnDeletion: true
    

    Create CertificateIssuanceConfig Resource

    new CertificateIssuanceConfig(name: string, args: CertificateIssuanceConfigArgs, opts?: CustomResourceOptions);
    @overload
    def CertificateIssuanceConfig(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  certificate_authority_config: Optional[CertificateIssuanceConfigCertificateAuthorityConfigArgs] = None,
                                  description: Optional[str] = None,
                                  key_algorithm: Optional[str] = None,
                                  labels: Optional[Mapping[str, str]] = None,
                                  lifetime: Optional[str] = None,
                                  location: Optional[str] = None,
                                  name: Optional[str] = None,
                                  project: Optional[str] = None,
                                  rotation_window_percentage: Optional[int] = None)
    @overload
    def CertificateIssuanceConfig(resource_name: str,
                                  args: CertificateIssuanceConfigArgs,
                                  opts: Optional[ResourceOptions] = None)
    func NewCertificateIssuanceConfig(ctx *Context, name string, args CertificateIssuanceConfigArgs, opts ...ResourceOption) (*CertificateIssuanceConfig, error)
    public CertificateIssuanceConfig(string name, CertificateIssuanceConfigArgs args, CustomResourceOptions? opts = null)
    public CertificateIssuanceConfig(String name, CertificateIssuanceConfigArgs args)
    public CertificateIssuanceConfig(String name, CertificateIssuanceConfigArgs args, CustomResourceOptions options)
    
    type: gcp:certificatemanager:CertificateIssuanceConfig
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CertificateIssuanceConfigArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateIssuanceConfigArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateIssuanceConfigArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateIssuanceConfigArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateIssuanceConfigArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    CertificateIssuanceConfig Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The CertificateIssuanceConfig resource accepts the following input properties:

    CertificateAuthorityConfig CertificateIssuanceConfigCertificateAuthorityConfig

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    KeyAlgorithm string

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    Lifetime string

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    RotationWindowPercentage int

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    Description string

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    Labels Dictionary<string, string>

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    Location string

    The Certificate Manager location. If not specified, "global" is used.

    Name string

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    CertificateAuthorityConfig CertificateIssuanceConfigCertificateAuthorityConfigArgs

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    KeyAlgorithm string

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    Lifetime string

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    RotationWindowPercentage int

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    Description string

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    Labels map[string]string

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    Location string

    The Certificate Manager location. If not specified, "global" is used.

    Name string

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    certificateAuthorityConfig CertificateIssuanceConfigCertificateAuthorityConfig

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    keyAlgorithm String

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    lifetime String

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    rotationWindowPercentage Integer

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    description String

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    labels Map<String,String>

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    location String

    The Certificate Manager location. If not specified, "global" is used.

    name String

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    certificateAuthorityConfig CertificateIssuanceConfigCertificateAuthorityConfig

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    keyAlgorithm string

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    lifetime string

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    rotationWindowPercentage number

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    description string

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    labels {[key: string]: string}

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    location string

    The Certificate Manager location. If not specified, "global" is used.

    name string

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    certificate_authority_config CertificateIssuanceConfigCertificateAuthorityConfigArgs

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    key_algorithm str

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    lifetime str

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    rotation_window_percentage int

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    description str

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    labels Mapping[str, str]

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    location str

    The Certificate Manager location. If not specified, "global" is used.

    name str

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    project str

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    certificateAuthorityConfig Property Map

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    keyAlgorithm String

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    lifetime String

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    rotationWindowPercentage Number

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    description String

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    labels Map<String>

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    location String

    The Certificate Manager location. If not specified, "global" is used.

    name String

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CertificateIssuanceConfig resource produces the following output properties:

    CreateTime string

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    Id string

    The provider-assigned unique ID for this managed resource.

    UpdateTime string

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    CreateTime string

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    Id string

    The provider-assigned unique ID for this managed resource.

    UpdateTime string

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    createTime String

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    id String

    The provider-assigned unique ID for this managed resource.

    updateTime String

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    createTime string

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    id string

    The provider-assigned unique ID for this managed resource.

    updateTime string

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    create_time str

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    id str

    The provider-assigned unique ID for this managed resource.

    update_time str

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    createTime String

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    id String

    The provider-assigned unique ID for this managed resource.

    updateTime String

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    Look up Existing CertificateIssuanceConfig Resource

    Get an existing CertificateIssuanceConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CertificateIssuanceConfigState, opts?: CustomResourceOptions): CertificateIssuanceConfig
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            certificate_authority_config: Optional[CertificateIssuanceConfigCertificateAuthorityConfigArgs] = None,
            create_time: Optional[str] = None,
            description: Optional[str] = None,
            key_algorithm: Optional[str] = None,
            labels: Optional[Mapping[str, str]] = None,
            lifetime: Optional[str] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            project: Optional[str] = None,
            rotation_window_percentage: Optional[int] = None,
            update_time: Optional[str] = None) -> CertificateIssuanceConfig
    func GetCertificateIssuanceConfig(ctx *Context, name string, id IDInput, state *CertificateIssuanceConfigState, opts ...ResourceOption) (*CertificateIssuanceConfig, error)
    public static CertificateIssuanceConfig Get(string name, Input<string> id, CertificateIssuanceConfigState? state, CustomResourceOptions? opts = null)
    public static CertificateIssuanceConfig get(String name, Output<String> id, CertificateIssuanceConfigState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CertificateAuthorityConfig CertificateIssuanceConfigCertificateAuthorityConfig

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    CreateTime string

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    Description string

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    KeyAlgorithm string

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    Labels Dictionary<string, string>

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    Lifetime string

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    Location string

    The Certificate Manager location. If not specified, "global" is used.

    Name string

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    RotationWindowPercentage int

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    UpdateTime string

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    CertificateAuthorityConfig CertificateIssuanceConfigCertificateAuthorityConfigArgs

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    CreateTime string

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    Description string

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    KeyAlgorithm string

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    Labels map[string]string

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    Lifetime string

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    Location string

    The Certificate Manager location. If not specified, "global" is used.

    Name string

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    RotationWindowPercentage int

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    UpdateTime string

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    certificateAuthorityConfig CertificateIssuanceConfigCertificateAuthorityConfig

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    createTime String

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    description String

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    keyAlgorithm String

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    labels Map<String,String>

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    lifetime String

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    location String

    The Certificate Manager location. If not specified, "global" is used.

    name String

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    rotationWindowPercentage Integer

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    updateTime String

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    certificateAuthorityConfig CertificateIssuanceConfigCertificateAuthorityConfig

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    createTime string

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    description string

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    keyAlgorithm string

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    labels {[key: string]: string}

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    lifetime string

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    location string

    The Certificate Manager location. If not specified, "global" is used.

    name string

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    rotationWindowPercentage number

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    updateTime string

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    certificate_authority_config CertificateIssuanceConfigCertificateAuthorityConfigArgs

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    create_time str

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    description str

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    key_algorithm str

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    labels Mapping[str, str]

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    lifetime str

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    location str

    The Certificate Manager location. If not specified, "global" is used.

    name str

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    project str

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    rotation_window_percentage int

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    update_time str

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    certificateAuthorityConfig Property Map

    The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. Structure is documented below.

    createTime String

    The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    description String

    One or more paragraphs of text description of a CertificateIssuanceConfig.

    keyAlgorithm String

    Key algorithm to use when generating the private key. Possible values are: RSA_2048, ECDSA_P256.

    labels Map<String>

    'Set of label tags associated with the CertificateIssuanceConfig resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }.

    lifetime String

    Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s)

    location String

    The Certificate Manager location. If not specified, "global" is used.

    name String

    A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally.

    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    rotationWindowPercentage Number

    It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after the certificate has been issued and at least 7 days before it expires.

    updateTime String

    The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    Supporting Types

    CertificateIssuanceConfigCertificateAuthorityConfig, CertificateIssuanceConfigCertificateAuthorityConfigArgs

    certificateAuthorityServiceConfig Property Map

    Defines a CertificateAuthorityServiceConfig. Structure is documented below.

    CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfig, CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs

    CaPool string

    A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{caPool}".


    CaPool string

    A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{caPool}".


    caPool String

    A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{caPool}".


    caPool string

    A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{caPool}".


    ca_pool str

    A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{caPool}".


    caPool String

    A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{caPool}".


    Import

    CertificateIssuanceConfig can be imported using any of these accepted formats

     $ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}
    
     $ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default {{project}}/{{location}}/{{name}}
    
     $ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default {{location}}/{{name}}
    

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the google-beta Terraform Provider.

    gcp logo
    Google Cloud Classic v6.66.0 published on Monday, Sep 18, 2023 by Pulumi