import * as pulumi from "@pulumi/pulumi"; /** * Manages an Certificate within an API Management Service. * * ## Example Usage * * ### With Base64 Certificate) * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * import * as std from "@pulumi/std"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleService = new azure.apimanagement.Service("example", { * name: "example-apim", * location: example.location, * resourceGroupName: example.name, * publisherName: "My Company", * publisherEmail: "company@exmaple.com", * skuName: "Developer_1", * }); * const exampleCertificate = new azure.apimanagement.Certificate("example", { * name: "example-cert", * apiManagementName: exampleService.name, * resourceGroupName: example.name, * data: std.filebase64({ * input: "example.pfx", * }).then(invoke => invoke.result), * }); * ``` * * ### With Key Vault Certificate) * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * import * as std from "@pulumi/std"; * * const current = azure.core.getClientConfig({}); * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleService = new azure.apimanagement.Service("example", { * name: "example-apim", * location: example.location, * resourceGroupName: example.name, * publisherName: "My Company", * publisherEmail: "company@terraform.io", * skuName: "Developer_1", * identity: { * type: "SystemAssigned", * }, * }); * const exampleKeyVault = new azure.keyvault.KeyVault("example", { * name: "examplekeyvault", * location: example.location, * resourceGroupName: example.name, * tenantId: current.then(current => current.tenantId), * skuName: "standard", * }); * const exampleAccessPolicy = new azure.keyvault.AccessPolicy("example", { * keyVaultId: exampleKeyVault.id, * tenantId: exampleService.identity.apply(identity => identity?.tenantId), * objectId: exampleService.identity.apply(identity => identity?.principalId), * secretPermissions: ["Get"], * certificatePermissions: ["Get"], * }); * const exampleCertificate = new azure.keyvault.Certificate("example", { * name: "example-cert", * keyVaultId: exampleKeyVault.id, * certificate: { * contents: std.filebase64({ * input: "example_cert.pfx", * }).then(invoke => invoke.result), * password: "terraform", * }, * certificatePolicy: { * issuerParameters: { * name: "Self", * }, * keyProperties: { * exportable: true, * keySize: 2048, * keyType: "RSA", * reuseKey: false, * }, * secretProperties: { * contentType: "application/x-pkcs12", * }, * }, * }); * const exampleCertificate2 = new azure.apimanagement.Certificate("example", { * name: "example-cert", * apiManagementName: exampleService.name, * resourceGroupName: example.name, * keyVaultSecretId: exampleCertificate.secretId, * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.ApiManagement` - 2022-08-01 * * ## Import * * API Management Certificates can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:apimanagement/certificate:Certificate example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.ApiManagement/service/instance1/certificates/certificate1 * ``` */ export declare class Certificate extends pulumi.CustomResource { /** * Get an existing Certificate resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: CertificateState, opts?: pulumi.CustomResourceOptions): Certificate; /** * Returns true if the given object is an instance of Certificate. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Certificate; /** * The Name of the API Management Service where this Service should be created. Changing this forces a new resource to be created. */ readonly apiManagementName: pulumi.Output; /** * The base-64 encoded certificate data, which must be a PFX file. */ readonly data: pulumi.Output; /** * The Expiration Date of this Certificate, formatted as an RFC3339 string. */ readonly expiration: pulumi.Output; /** * The Client ID of the User Assigned Managed Identity to use for retrieving certificate. * * > **Note:** If not specified, will use System Assigned identity of the API Management Service. */ readonly keyVaultIdentityClientId: pulumi.Output; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be of the type `application/x-pkcs12`. * * > **Note:** Setting this field requires the `identity` block to be specified in API Management Service, since this identity is used to retrieve the Key Vault Certificate. Possible values are versioned or versionless secret ID. Auto-updating the Certificate from the Key Vault requires that Secret version isn't specified. */ readonly keyVaultSecretId: pulumi.Output; /** * The name of the API Management Certificate. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * The password used for this certificate. */ readonly password: pulumi.Output; /** * The Name of the Resource Group where the API Management Service exists. Changing this forces a new resource to be created. * * > **Note:** Either `data` or `keyVaultSecretId` must be specified - but not both. */ readonly resourceGroupName: pulumi.Output; /** * The Subject of this Certificate. */ readonly subject: pulumi.Output; /** * The Thumbprint of this Certificate. */ readonly thumbprint: pulumi.Output; /** * Create a Certificate resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: CertificateArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Certificate resources. */ export interface CertificateState { /** * The Name of the API Management Service where this Service should be created. Changing this forces a new resource to be created. */ apiManagementName?: pulumi.Input; /** * The base-64 encoded certificate data, which must be a PFX file. */ data?: pulumi.Input; /** * The Expiration Date of this Certificate, formatted as an RFC3339 string. */ expiration?: pulumi.Input; /** * The Client ID of the User Assigned Managed Identity to use for retrieving certificate. * * > **Note:** If not specified, will use System Assigned identity of the API Management Service. */ keyVaultIdentityClientId?: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be of the type `application/x-pkcs12`. * * > **Note:** Setting this field requires the `identity` block to be specified in API Management Service, since this identity is used to retrieve the Key Vault Certificate. Possible values are versioned or versionless secret ID. Auto-updating the Certificate from the Key Vault requires that Secret version isn't specified. */ keyVaultSecretId?: pulumi.Input; /** * The name of the API Management Certificate. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The password used for this certificate. */ password?: pulumi.Input; /** * The Name of the Resource Group where the API Management Service exists. Changing this forces a new resource to be created. * * > **Note:** Either `data` or `keyVaultSecretId` must be specified - but not both. */ resourceGroupName?: pulumi.Input; /** * The Subject of this Certificate. */ subject?: pulumi.Input; /** * The Thumbprint of this Certificate. */ thumbprint?: pulumi.Input; } /** * The set of arguments for constructing a Certificate resource. */ export interface CertificateArgs { /** * The Name of the API Management Service where this Service should be created. Changing this forces a new resource to be created. */ apiManagementName: pulumi.Input; /** * The base-64 encoded certificate data, which must be a PFX file. */ data?: pulumi.Input; /** * The Client ID of the User Assigned Managed Identity to use for retrieving certificate. * * > **Note:** If not specified, will use System Assigned identity of the API Management Service. */ keyVaultIdentityClientId?: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be of the type `application/x-pkcs12`. * * > **Note:** Setting this field requires the `identity` block to be specified in API Management Service, since this identity is used to retrieve the Key Vault Certificate. Possible values are versioned or versionless secret ID. Auto-updating the Certificate from the Key Vault requires that Secret version isn't specified. */ keyVaultSecretId?: pulumi.Input; /** * The name of the API Management Certificate. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The password used for this certificate. */ password?: pulumi.Input; /** * The Name of the Resource Group where the API Management Service exists. Changing this forces a new resource to be created. * * > **Note:** Either `data` or `keyVaultSecretId` must be specified - but not both. */ resourceGroupName: pulumi.Input; }