1. Packages
  2. Google Cloud Native
  3. API Docs
  4. networksecurity
  5. networksecurity/v1
  6. ClientTlsPolicy

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.networksecurity/v1.ClientTlsPolicy

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Creates a new ClientTlsPolicy in a given project and location.

    Create ClientTlsPolicy Resource

    new ClientTlsPolicy(name: string, args: ClientTlsPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def ClientTlsPolicy(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        client_certificate: Optional[GoogleCloudNetworksecurityV1CertificateProviderArgs] = None,
                        client_tls_policy_id: Optional[str] = None,
                        description: Optional[str] = None,
                        labels: Optional[Mapping[str, str]] = None,
                        location: Optional[str] = None,
                        name: Optional[str] = None,
                        project: Optional[str] = None,
                        server_validation_ca: Optional[Sequence[ValidationCAArgs]] = None,
                        sni: Optional[str] = None)
    @overload
    def ClientTlsPolicy(resource_name: str,
                        args: ClientTlsPolicyArgs,
                        opts: Optional[ResourceOptions] = None)
    func NewClientTlsPolicy(ctx *Context, name string, args ClientTlsPolicyArgs, opts ...ResourceOption) (*ClientTlsPolicy, error)
    public ClientTlsPolicy(string name, ClientTlsPolicyArgs args, CustomResourceOptions? opts = null)
    public ClientTlsPolicy(String name, ClientTlsPolicyArgs args)
    public ClientTlsPolicy(String name, ClientTlsPolicyArgs args, CustomResourceOptions options)
    
    type: google-native:networksecurity/v1:ClientTlsPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ClientTlsPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ClientTlsPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ClientTlsPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ClientTlsPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ClientTlsPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ClientTlsPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ClientTlsPolicy resource accepts the following input properties:

    ClientTlsPolicyId string
    Required. Short name of the ClientTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "client_mtls_policy".
    ClientCertificate Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.GoogleCloudNetworksecurityV1CertificateProvider
    Optional. Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
    Description string
    Optional. Free-text description of the resource.
    Labels Dictionary<string, string>
    Optional. Set of label tags associated with the resource.
    Location string
    Name string
    Name of the ClientTlsPolicy resource. It matches the pattern projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}
    Project string
    ServerValidationCa List<Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.ValidationCA>
    Optional. Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
    Sni string
    Optional. Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
    ClientTlsPolicyId string
    Required. Short name of the ClientTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "client_mtls_policy".
    ClientCertificate GoogleCloudNetworksecurityV1CertificateProviderArgs
    Optional. Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
    Description string
    Optional. Free-text description of the resource.
    Labels map[string]string
    Optional. Set of label tags associated with the resource.
    Location string
    Name string
    Name of the ClientTlsPolicy resource. It matches the pattern projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}
    Project string
    ServerValidationCa []ValidationCAArgs
    Optional. Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
    Sni string
    Optional. Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
    clientTlsPolicyId String
    Required. Short name of the ClientTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "client_mtls_policy".
    clientCertificate GoogleCloudNetworksecurityV1CertificateProvider
    Optional. Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
    description String
    Optional. Free-text description of the resource.
    labels Map<String,String>
    Optional. Set of label tags associated with the resource.
    location String
    name String
    Name of the ClientTlsPolicy resource. It matches the pattern projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}
    project String
    serverValidationCa List<ValidationCA>
    Optional. Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
    sni String
    Optional. Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
    clientTlsPolicyId string
    Required. Short name of the ClientTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "client_mtls_policy".
    clientCertificate GoogleCloudNetworksecurityV1CertificateProvider
    Optional. Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
    description string
    Optional. Free-text description of the resource.
    labels {[key: string]: string}
    Optional. Set of label tags associated with the resource.
    location string
    name string
    Name of the ClientTlsPolicy resource. It matches the pattern projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}
    project string
    serverValidationCa ValidationCA[]
    Optional. Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
    sni string
    Optional. Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
    client_tls_policy_id str
    Required. Short name of the ClientTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "client_mtls_policy".
    client_certificate GoogleCloudNetworksecurityV1CertificateProviderArgs
    Optional. Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
    description str
    Optional. Free-text description of the resource.
    labels Mapping[str, str]
    Optional. Set of label tags associated with the resource.
    location str
    name str
    Name of the ClientTlsPolicy resource. It matches the pattern projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}
    project str
    server_validation_ca Sequence[ValidationCAArgs]
    Optional. Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
    sni str
    Optional. Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".
    clientTlsPolicyId String
    Required. Short name of the ClientTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "client_mtls_policy".
    clientCertificate Property Map
    Optional. Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.
    description String
    Optional. Free-text description of the resource.
    labels Map<String>
    Optional. Set of label tags associated with the resource.
    location String
    name String
    Name of the ClientTlsPolicy resource. It matches the pattern projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}
    project String
    serverValidationCa List<Property Map>
    Optional. Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.
    sni String
    Optional. Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ClientTlsPolicy resource produces the following output properties:

    CreateTime string
    The timestamp when the resource was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    UpdateTime string
    The timestamp when the resource was updated.
    CreateTime string
    The timestamp when the resource was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    UpdateTime string
    The timestamp when the resource was updated.
    createTime String
    The timestamp when the resource was created.
    id String
    The provider-assigned unique ID for this managed resource.
    updateTime String
    The timestamp when the resource was updated.
    createTime string
    The timestamp when the resource was created.
    id string
    The provider-assigned unique ID for this managed resource.
    updateTime string
    The timestamp when the resource was updated.
    create_time str
    The timestamp when the resource was created.
    id str
    The provider-assigned unique ID for this managed resource.
    update_time str
    The timestamp when the resource was updated.
    createTime String
    The timestamp when the resource was created.
    id String
    The provider-assigned unique ID for this managed resource.
    updateTime String
    The timestamp when the resource was updated.

    Supporting Types

    CertificateProviderInstance, CertificateProviderInstanceArgs

    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    plugin_instance str
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.

    CertificateProviderInstanceResponse, CertificateProviderInstanceResponseArgs

    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    plugin_instance str
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.

    GoogleCloudNetworksecurityV1CertificateProvider, GoogleCloudNetworksecurityV1CertificateProviderArgs

    CertificateProviderInstance Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.GoogleCloudNetworksecurityV1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    CertificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificate_provider_instance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpc_endpoint GoogleCloudNetworksecurityV1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance Property Map
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint Property Map
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.

    GoogleCloudNetworksecurityV1CertificateProviderResponse, GoogleCloudNetworksecurityV1CertificateProviderResponseArgs

    CertificateProviderInstance Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.GoogleCloudNetworksecurityV1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    CertificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificate_provider_instance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpc_endpoint GoogleCloudNetworksecurityV1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance Property Map
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint Property Map
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.

    GoogleCloudNetworksecurityV1GrpcEndpoint, GoogleCloudNetworksecurityV1GrpcEndpointArgs

    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    target_uri str
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".

    GoogleCloudNetworksecurityV1GrpcEndpointResponse, GoogleCloudNetworksecurityV1GrpcEndpointResponseArgs

    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    target_uri str
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".

    ValidationCA, ValidationCAArgs

    CertificateProviderInstance Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.GoogleCloudNetworksecurityV1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    CertificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificate_provider_instance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpc_endpoint GoogleCloudNetworksecurityV1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance Property Map
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint Property Map
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.

    ValidationCAResponse, ValidationCAResponseArgs

    CertificateProviderInstance Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.GoogleCloudNetworksecurityV1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    CertificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificate_provider_instance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpc_endpoint GoogleCloudNetworksecurityV1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance Property Map
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint Property Map
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi