import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Certificate represents a HTTP-reachable backend for a Certificate. * * To get more information about CertificateIssuanceConfig, see: * * * [API documentation](https://cloud.google.com/certificate-manager/docs/reference/certificate-manager/rest/v1/projects.locations.certificateIssuanceConfigs) * * How-to Guides * * [Manage certificate issuance configs](https://cloud.google.com/certificate-manager/docs/issuance-configs) * * ## Example Usage * * ### Certificate Manager Certificate Issuance Config * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.certificateauthority.CaPool("pool", { * name: "ca-pool", * location: "us-central1", * tier: "ENTERPRISE", * }); * const caAuthority = new gcp.certificateauthority.Authority("ca_authority", { * location: "us-central1", * pool: pool.name, * certificateAuthorityId: "ca-authority", * config: { * subjectConfig: { * subject: { * organization: "HashiCorp", * commonName: "my-certificate-authority", * }, * subjectAltName: { * dnsNames: ["hashicorp.com"], * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * }, * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * }); * const _default = new gcp.certificatemanager.CertificateIssuanceConfig("default", { * name: "issuance-config", * description: "sample description for the certificate issuanceConfigs", * certificateAuthorityConfig: { * certificateAuthorityServiceConfig: { * caPool: pool.id, * }, * }, * lifetime: "1814400s", * rotationWindowPercentage: 34, * keyAlgorithm: "ECDSA_P256", * labels: { * name: "wrench", * count: "3", * }, * }, { * dependsOn: [caAuthority], * }); * ``` * * ## Import * * CertificateIssuanceConfig can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}` * * `{{project}}/{{location}}/{{name}}` * * `{{location}}/{{name}}` * * When using the `pulumi import` command, CertificateIssuanceConfig can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}} * $ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default {{project}}/{{location}}/{{name}} * $ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default {{location}}/{{name}} * ``` */ export declare class CertificateIssuanceConfig extends pulumi.CustomResource { /** * Get an existing CertificateIssuanceConfig resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: CertificateIssuanceConfigState, opts?: pulumi.CustomResourceOptions): CertificateIssuanceConfig; /** * Returns true if the given object is an instance of CertificateIssuanceConfig. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is CertificateIssuanceConfig; /** * The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. * Structure is documented below. */ readonly certificateAuthorityConfig: pulumi.Output; /** * The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, * accurate to nanoseconds with up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ readonly createTime: pulumi.Output; /** * One or more paragraphs of text description of a CertificateIssuanceConfig. */ readonly description: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * Key algorithm to use when generating the private key. * Possible values are: `RSA_2048`, `ECDSA_P256`. */ readonly keyAlgorithm: pulumi.Output; /** * 'Set of label tags associated with the CertificateIssuanceConfig resource. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. * Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s) */ readonly lifetime: pulumi.Output; /** * The Certificate Manager location. If not specified, "global" is used. */ readonly location: pulumi.Output; /** * A user-defined name of the certificate issuance config. * CertificateIssuanceConfig names must be unique globally. */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. * Must be a number between 1-99, inclusive. * You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after * the certificate has been issued and at least 7 days before it expires. */ readonly rotationWindowPercentage: pulumi.Output; /** * The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, * accurate to nanoseconds with up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ readonly updateTime: pulumi.Output; /** * Create a CertificateIssuanceConfig resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: CertificateIssuanceConfigArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering CertificateIssuanceConfig resources. */ export interface CertificateIssuanceConfigState { /** * The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. * Structure is documented below. */ certificateAuthorityConfig?: pulumi.Input; /** * The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, * accurate to nanoseconds with up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ createTime?: pulumi.Input; /** * One or more paragraphs of text description of a CertificateIssuanceConfig. */ description?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Key algorithm to use when generating the private key. * Possible values are: `RSA_2048`, `ECDSA_P256`. */ keyAlgorithm?: pulumi.Input; /** * 'Set of label tags associated with the CertificateIssuanceConfig resource. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. * Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s) */ lifetime?: pulumi.Input; /** * The Certificate Manager location. If not specified, "global" is used. */ location?: pulumi.Input; /** * A user-defined name of the certificate issuance config. * CertificateIssuanceConfig names must be unique globally. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. * Must be a number between 1-99, inclusive. * You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after * the certificate has been issued and at least 7 days before it expires. */ rotationWindowPercentage?: pulumi.Input; /** * The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, * accurate to nanoseconds with up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a CertificateIssuanceConfig resource. */ export interface CertificateIssuanceConfigArgs { /** * The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. * Structure is documented below. */ certificateAuthorityConfig: pulumi.Input; /** * One or more paragraphs of text description of a CertificateIssuanceConfig. */ description?: pulumi.Input; /** * Key algorithm to use when generating the private key. * Possible values are: `RSA_2048`, `ECDSA_P256`. */ keyAlgorithm: pulumi.Input; /** * 'Set of label tags associated with the CertificateIssuanceConfig resource. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. * Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s) */ lifetime: pulumi.Input; /** * The Certificate Manager location. If not specified, "global" is used. */ location?: pulumi.Input; /** * A user-defined name of the certificate issuance config. * CertificateIssuanceConfig names must be unique globally. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. * Must be a number between 1-99, inclusive. * You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after * the certificate has been issued and at least 7 days before it expires. */ rotationWindowPercentage: pulumi.Input; }