import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * An SslCertificate resource, used for HTTPS load balancing. This resource * represents a certificate for which the certificate secrets are created and * managed by Google. * * For a resource where you provide the key, see the * SSL Certificate resource. * * To get more information about ManagedSslCertificate, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/sslCertificates) * * How-to Guides * * [Official Documentation](https://cloud.google.com/load-balancing/docs/ssl-certificates) * * > **Warning:** This resource should be used with extreme caution! Provisioning an SSL * certificate is complex. Ensure that you understand the lifecycle of a * certificate before attempting complex tasks like cert rotation automatically. * This resource will "return" as soon as the certificate object is created, * but post-creation the certificate object will go through a "provisioning" * process. The provisioning process can complete only when the domain name * for which the certificate is created points to a target pool which, itself, * points at the certificate. Depending on your DNS provider, this may take * some time, and migrating from self-managed certificates to Google-managed * certificates may entail some downtime while the certificate provisions. * * In conclusion: Be extremely cautious. * * ## Example Usage * * ### Managed Ssl Certificate Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.ManagedSslCertificate("default", { * name: "test-cert", * managed: { * domains: ["sslcert.tf-test.club."], * }, * }); * const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", { * name: "http-health-check", * requestPath: "/", * checkIntervalSec: 1, * timeoutSec: 1, * }); * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend-service", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * healthChecks: defaultHttpHealthCheck.id, * }); * const defaultURLMap = new gcp.compute.URLMap("default", { * name: "url-map", * description: "a description", * defaultService: defaultBackendService.id, * hostRules: [{ * hosts: ["sslcert.tf-test.club"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultBackendService.id, * }], * }], * }); * const defaultTargetHttpsProxy = new gcp.compute.TargetHttpsProxy("default", { * name: "test-proxy", * urlMap: defaultURLMap.id, * sslCertificates: [_default.id], * }); * const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", { * name: "forwarding-rule", * target: defaultTargetHttpsProxy.id, * portRange: "443", * }); * ``` * ## Import * * ManagedSslCertificate can be imported using any of these accepted formats: * * * `projects/{{project}}/global/sslCertificates/{{name}}` * * * `{{project}}/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, ManagedSslCertificate can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/managedSslCertificate:ManagedSslCertificate default projects/{{project}}/global/sslCertificates/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/managedSslCertificate:ManagedSslCertificate default {{project}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/managedSslCertificate:ManagedSslCertificate default {{name}} * ``` */ export declare class ManagedSslCertificate extends pulumi.CustomResource { /** * Get an existing ManagedSslCertificate resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ManagedSslCertificateState, opts?: pulumi.CustomResourceOptions): ManagedSslCertificate; /** * Returns true if the given object is an instance of ManagedSslCertificate. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ManagedSslCertificate; /** * The unique identifier for the resource. */ readonly certificateId: pulumi.Output; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output; /** * An optional description of this resource. */ readonly description: pulumi.Output; /** * Expire time of the certificate in RFC3339 text format. */ readonly expireTime: pulumi.Output; /** * Properties relevant to a managed certificate. These will be used if the * certificate is managed (as indicated by a value of `MANAGED` in `type`). * Structure is documented below. */ readonly managed: pulumi.Output; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. * These are in the same namespace as the managed SSL certificates. */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The URI of the created resource. */ readonly selfLink: pulumi.Output; /** * Domains associated with the certificate via Subject Alternative Name. */ readonly subjectAlternativeNames: pulumi.Output; /** * Enum field whose value is always `MANAGED` - used to signal to the API * which type this is. * Default value is `MANAGED`. * Possible values are: `MANAGED`. */ readonly type: pulumi.Output; /** * Create a ManagedSslCertificate resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: ManagedSslCertificateArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ManagedSslCertificate resources. */ export interface ManagedSslCertificateState { /** * The unique identifier for the resource. */ certificateId?: pulumi.Input; /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input; /** * An optional description of this resource. */ description?: pulumi.Input; /** * Expire time of the certificate in RFC3339 text format. */ expireTime?: pulumi.Input; /** * Properties relevant to a managed certificate. These will be used if the * certificate is managed (as indicated by a value of `MANAGED` in `type`). * Structure is documented below. */ managed?: pulumi.Input; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. * These are in the same namespace as the managed SSL certificates. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The URI of the created resource. */ selfLink?: pulumi.Input; /** * Domains associated with the certificate via Subject Alternative Name. */ subjectAlternativeNames?: pulumi.Input[]>; /** * Enum field whose value is always `MANAGED` - used to signal to the API * which type this is. * Default value is `MANAGED`. * Possible values are: `MANAGED`. */ type?: pulumi.Input; } /** * The set of arguments for constructing a ManagedSslCertificate resource. */ export interface ManagedSslCertificateArgs { /** * An optional description of this resource. */ description?: pulumi.Input; /** * Properties relevant to a managed certificate. These will be used if the * certificate is managed (as indicated by a value of `MANAGED` in `type`). * Structure is documented below. */ managed?: pulumi.Input; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. * These are in the same namespace as the managed SSL certificates. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Enum field whose value is always `MANAGED` - used to signal to the API * which type this is. * Default value is `MANAGED`. * Possible values are: `MANAGED`. */ type?: pulumi.Input; }