import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * TrustConfig represents a resource that represents your Public Key Infrastructure (PKI) configuration in Certificate Manager for use in mutual TLS authentication scenarios. * * To get more information about TrustConfig, see: * * * [API documentation](https://cloud.google.com/certificate-manager/docs/reference/certificate-manager/rest/v1/projects.locations.trustConfigs/create) * * How-to Guides * * [Official Documentation](https://cloud.google.com/certificate-manager/docs) * * ## Example Usage * * ### Certificate Manager Trust Config * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificatemanager.TrustConfig("default", { * name: "trust-config", * description: "sample description for the trust config", * location: "us-central1", * trustStores: [{ * trustAnchors: [{ * pemCertificate: std.file({ * input: "test-fixtures/cert.pem", * }).then(invoke => invoke.result), * }], * intermediateCas: [{ * pemCertificate: std.file({ * input: "test-fixtures/cert.pem", * }).then(invoke => invoke.result), * }], * }], * labels: { * foo: "bar", * }, * }); * ``` * ### Certificate Manager Trust Config Allowlisted Certificates * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificatemanager.TrustConfig("default", { * name: "trust-config", * description: "A sample trust config resource with allowlisted certificates", * location: "global", * allowlistedCertificates: [ * { * pemCertificate: std.file({ * input: "test-fixtures/cert.pem", * }).then(invoke => invoke.result), * }, * { * pemCertificate: std.file({ * input: "test-fixtures/cert2.pem", * }).then(invoke => invoke.result), * }, * ], * labels: { * foo: "bar", * }, * }); * ``` * * ## Import * * TrustConfig can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}` * * `{{project}}/{{location}}/{{name}}` * * `{{location}}/{{name}}` * * When using the `pulumi import` command, TrustConfig can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default projects/{{project}}/locations/{{location}}/trustConfigs/{{name}} * $ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default {{project}}/{{location}}/{{name}} * $ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default {{location}}/{{name}} * ``` */ export declare class TrustConfig extends pulumi.CustomResource { /** * Get an existing TrustConfig resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: TrustConfigState, opts?: pulumi.CustomResourceOptions): TrustConfig; /** * Returns true if the given object is an instance of TrustConfig. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is TrustConfig; /** * Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as * the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. * Structure is documented below. */ readonly allowlistedCertificates: pulumi.Output; /** * The creation timestamp of a TrustConfig. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ readonly createTime: pulumi.Output; /** * One or more paragraphs of text description of a trust config. */ readonly description: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * Set of label tags associated with the trust config. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The trust config location. */ readonly location: pulumi.Output; /** * A user-defined name of the trust config. Trust config names must be unique globally. */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * Set of trust stores to perform validation against. * This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. * Structure is documented below. */ readonly trustStores: pulumi.Output; /** * The last update timestamp of a TrustConfig. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ readonly updateTime: pulumi.Output; /** * Create a TrustConfig resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: TrustConfigArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering TrustConfig resources. */ export interface TrustConfigState { /** * Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as * the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. * Structure is documented below. */ allowlistedCertificates?: pulumi.Input[]>; /** * The creation timestamp of a TrustConfig. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ createTime?: pulumi.Input; /** * One or more paragraphs of text description of a trust config. */ description?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Set of label tags associated with the trust config. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The trust config location. */ location?: pulumi.Input; /** * A user-defined name of the trust config. Trust config names must be unique globally. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Set of trust stores to perform validation against. * This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. * Structure is documented below. */ trustStores?: pulumi.Input[]>; /** * The last update timestamp of a TrustConfig. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a TrustConfig resource. */ export interface TrustConfigArgs { /** * Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as * the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. * Structure is documented below. */ allowlistedCertificates?: pulumi.Input[]>; /** * One or more paragraphs of text description of a trust config. */ description?: pulumi.Input; /** * Set of label tags associated with the trust config. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The trust config location. */ location: pulumi.Input; /** * A user-defined name of the trust config. Trust config names must be unique globally. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Set of trust stores to perform validation against. * This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. * Structure is documented below. */ trustStores?: pulumi.Input[]>; }