1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. certificatemanager
  5. TrustConfig
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.certificatemanager.TrustConfig

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    TrustConfig represents a resource that represents your Public Key Infrastructure (PKI) configuration in Certificate Manager for use in mutual TLS authentication scenarios.

    To get more information about TrustConfig, see:

    Example Usage

    Certificate Manager Trust Config

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    import * as std from "@pulumi/std";
    
    const _default = new gcp.certificatemanager.TrustConfig("default", {
        name: "trust-config",
        description: "sample description for the trust config",
        location: "us-central1",
        trustStores: [{
            trustAnchors: [{
                pemCertificate: std.file({
                    input: "test-fixtures/cert.pem",
                }).then(invoke => invoke.result),
            }],
            intermediateCas: [{
                pemCertificate: std.file({
                    input: "test-fixtures/cert.pem",
                }).then(invoke => invoke.result),
            }],
        }],
        labels: {
            foo: "bar",
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    import pulumi_std as std
    
    default = gcp.certificatemanager.TrustConfig("default",
        name="trust-config",
        description="sample description for the trust config",
        location="us-central1",
        trust_stores=[{
            "trust_anchors": [{
                "pem_certificate": std.file(input="test-fixtures/cert.pem").result,
            }],
            "intermediate_cas": [{
                "pem_certificate": std.file(input="test-fixtures/cert.pem").result,
            }],
        }],
        labels={
            "foo": "bar",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		invokeFile, err := std.File(ctx, &std.FileArgs{
    			Input: "test-fixtures/cert.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		invokeFile1, err := std.File(ctx, &std.FileArgs{
    			Input: "test-fixtures/cert.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = certificatemanager.NewTrustConfig(ctx, "default", &certificatemanager.TrustConfigArgs{
    			Name:        pulumi.String("trust-config"),
    			Description: pulumi.String("sample description for the trust config"),
    			Location:    pulumi.String("us-central1"),
    			TrustStores: certificatemanager.TrustConfigTrustStoreArray{
    				&certificatemanager.TrustConfigTrustStoreArgs{
    					TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
    						&certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
    							PemCertificate: pulumi.String(invokeFile.Result),
    						},
    					},
    					IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
    						&certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
    							PemCertificate: pulumi.String(invokeFile1.Result),
    						},
    					},
    				},
    			},
    			Labels: pulumi.StringMap{
    				"foo": pulumi.String("bar"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.CertificateManager.TrustConfig("default", new()
        {
            Name = "trust-config",
            Description = "sample description for the trust config",
            Location = "us-central1",
            TrustStores = new[]
            {
                new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
                {
                    TrustAnchors = new[]
                    {
                        new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
                        {
                            PemCertificate = Std.File.Invoke(new()
                            {
                                Input = "test-fixtures/cert.pem",
                            }).Apply(invoke => invoke.Result),
                        },
                    },
                    IntermediateCas = new[]
                    {
                        new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
                        {
                            PemCertificate = Std.File.Invoke(new()
                            {
                                Input = "test-fixtures/cert.pem",
                            }).Apply(invoke => invoke.Result),
                        },
                    },
                },
            },
            Labels = 
            {
                { "foo", "bar" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificatemanager.TrustConfig;
    import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
    import com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new TrustConfig("default", TrustConfigArgs.builder()
                .name("trust-config")
                .description("sample description for the trust config")
                .location("us-central1")
                .trustStores(TrustConfigTrustStoreArgs.builder()
                    .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
                        .pemCertificate(StdFunctions.file(FileArgs.builder()
                            .input("test-fixtures/cert.pem")
                            .build()).result())
                        .build())
                    .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
                        .pemCertificate(StdFunctions.file(FileArgs.builder()
                            .input("test-fixtures/cert.pem")
                            .build()).result())
                        .build())
                    .build())
                .labels(Map.of("foo", "bar"))
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:certificatemanager:TrustConfig
        properties:
          name: trust-config
          description: sample description for the trust config
          location: us-central1
          trustStores:
            - trustAnchors:
                - pemCertificate:
                    fn::invoke:
                      Function: std:file
                      Arguments:
                        input: test-fixtures/cert.pem
                      Return: result
              intermediateCas:
                - pemCertificate:
                    fn::invoke:
                      Function: std:file
                      Arguments:
                        input: test-fixtures/cert.pem
                      Return: result
          labels:
            foo: bar
    

    Certificate Manager Trust Config Allowlisted Certificates

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    import * as std from "@pulumi/std";
    
    const _default = new gcp.certificatemanager.TrustConfig("default", {
        name: "trust-config",
        description: "A sample trust config resource with allowlisted certificates",
        location: "global",
        allowlistedCertificates: [
            {
                pemCertificate: std.file({
                    input: "test-fixtures/cert.pem",
                }).then(invoke => invoke.result),
            },
            {
                pemCertificate: std.file({
                    input: "test-fixtures/cert2.pem",
                }).then(invoke => invoke.result),
            },
        ],
        labels: {
            foo: "bar",
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    import pulumi_std as std
    
    default = gcp.certificatemanager.TrustConfig("default",
        name="trust-config",
        description="A sample trust config resource with allowlisted certificates",
        location="global",
        allowlisted_certificates=[
            {
                "pem_certificate": std.file(input="test-fixtures/cert.pem").result,
            },
            {
                "pem_certificate": std.file(input="test-fixtures/cert2.pem").result,
            },
        ],
        labels={
            "foo": "bar",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		invokeFile, err := std.File(ctx, &std.FileArgs{
    			Input: "test-fixtures/cert.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		invokeFile1, err := std.File(ctx, &std.FileArgs{
    			Input: "test-fixtures/cert2.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = certificatemanager.NewTrustConfig(ctx, "default", &certificatemanager.TrustConfigArgs{
    			Name:        pulumi.String("trust-config"),
    			Description: pulumi.String("A sample trust config resource with allowlisted certificates"),
    			Location:    pulumi.String("global"),
    			AllowlistedCertificates: certificatemanager.TrustConfigAllowlistedCertificateArray{
    				&certificatemanager.TrustConfigAllowlistedCertificateArgs{
    					PemCertificate: pulumi.String(invokeFile.Result),
    				},
    				&certificatemanager.TrustConfigAllowlistedCertificateArgs{
    					PemCertificate: pulumi.String(invokeFile1.Result),
    				},
    			},
    			Labels: pulumi.StringMap{
    				"foo": pulumi.String("bar"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.CertificateManager.TrustConfig("default", new()
        {
            Name = "trust-config",
            Description = "A sample trust config resource with allowlisted certificates",
            Location = "global",
            AllowlistedCertificates = new[]
            {
                new Gcp.CertificateManager.Inputs.TrustConfigAllowlistedCertificateArgs
                {
                    PemCertificate = Std.File.Invoke(new()
                    {
                        Input = "test-fixtures/cert.pem",
                    }).Apply(invoke => invoke.Result),
                },
                new Gcp.CertificateManager.Inputs.TrustConfigAllowlistedCertificateArgs
                {
                    PemCertificate = Std.File.Invoke(new()
                    {
                        Input = "test-fixtures/cert2.pem",
                    }).Apply(invoke => invoke.Result),
                },
            },
            Labels = 
            {
                { "foo", "bar" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificatemanager.TrustConfig;
    import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
    import com.pulumi.gcp.certificatemanager.inputs.TrustConfigAllowlistedCertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new TrustConfig("default", TrustConfigArgs.builder()
                .name("trust-config")
                .description("A sample trust config resource with allowlisted certificates")
                .location("global")
                .allowlistedCertificates(            
                    TrustConfigAllowlistedCertificateArgs.builder()
                        .pemCertificate(StdFunctions.file(FileArgs.builder()
                            .input("test-fixtures/cert.pem")
                            .build()).result())
                        .build(),
                    TrustConfigAllowlistedCertificateArgs.builder()
                        .pemCertificate(StdFunctions.file(FileArgs.builder()
                            .input("test-fixtures/cert2.pem")
                            .build()).result())
                        .build())
                .labels(Map.of("foo", "bar"))
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:certificatemanager:TrustConfig
        properties:
          name: trust-config
          description: A sample trust config resource with allowlisted certificates
          location: global
          allowlistedCertificates:
            - pemCertificate:
                fn::invoke:
                  Function: std:file
                  Arguments:
                    input: test-fixtures/cert.pem
                  Return: result
            - pemCertificate:
                fn::invoke:
                  Function: std:file
                  Arguments:
                    input: test-fixtures/cert2.pem
                  Return: result
          labels:
            foo: bar
    

    Create TrustConfig Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new TrustConfig(name: string, args: TrustConfigArgs, opts?: CustomResourceOptions);
    @overload
    def TrustConfig(resource_name: str,
                    args: TrustConfigArgs,
                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def TrustConfig(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    location: Optional[str] = None,
                    allowlisted_certificates: Optional[Sequence[TrustConfigAllowlistedCertificateArgs]] = None,
                    description: Optional[str] = None,
                    labels: Optional[Mapping[str, str]] = None,
                    name: Optional[str] = None,
                    project: Optional[str] = None,
                    trust_stores: Optional[Sequence[TrustConfigTrustStoreArgs]] = None)
    func NewTrustConfig(ctx *Context, name string, args TrustConfigArgs, opts ...ResourceOption) (*TrustConfig, error)
    public TrustConfig(string name, TrustConfigArgs args, CustomResourceOptions? opts = null)
    public TrustConfig(String name, TrustConfigArgs args)
    public TrustConfig(String name, TrustConfigArgs args, CustomResourceOptions options)
    
    type: gcp:certificatemanager:TrustConfig
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args TrustConfigArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args TrustConfigArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args TrustConfigArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args TrustConfigArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args TrustConfigArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var trustConfigResource = new Gcp.CertificateManager.TrustConfig("trustConfigResource", new()
    {
        Location = "string",
        AllowlistedCertificates = new[]
        {
            new Gcp.CertificateManager.Inputs.TrustConfigAllowlistedCertificateArgs
            {
                PemCertificate = "string",
            },
        },
        Description = "string",
        Labels = 
        {
            { "string", "string" },
        },
        Name = "string",
        Project = "string",
        TrustStores = new[]
        {
            new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
            {
                IntermediateCas = new[]
                {
                    new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
                    {
                        PemCertificate = "string",
                    },
                },
                TrustAnchors = new[]
                {
                    new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
                    {
                        PemCertificate = "string",
                    },
                },
            },
        },
    });
    
    example, err := certificatemanager.NewTrustConfig(ctx, "trustConfigResource", &certificatemanager.TrustConfigArgs{
    	Location: pulumi.String("string"),
    	AllowlistedCertificates: certificatemanager.TrustConfigAllowlistedCertificateArray{
    		&certificatemanager.TrustConfigAllowlistedCertificateArgs{
    			PemCertificate: pulumi.String("string"),
    		},
    	},
    	Description: pulumi.String("string"),
    	Labels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Name:    pulumi.String("string"),
    	Project: pulumi.String("string"),
    	TrustStores: certificatemanager.TrustConfigTrustStoreArray{
    		&certificatemanager.TrustConfigTrustStoreArgs{
    			IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
    				&certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
    					PemCertificate: pulumi.String("string"),
    				},
    			},
    			TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
    				&certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
    					PemCertificate: pulumi.String("string"),
    				},
    			},
    		},
    	},
    })
    
    var trustConfigResource = new TrustConfig("trustConfigResource", TrustConfigArgs.builder()
        .location("string")
        .allowlistedCertificates(TrustConfigAllowlistedCertificateArgs.builder()
            .pemCertificate("string")
            .build())
        .description("string")
        .labels(Map.of("string", "string"))
        .name("string")
        .project("string")
        .trustStores(TrustConfigTrustStoreArgs.builder()
            .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
                .pemCertificate("string")
                .build())
            .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
                .pemCertificate("string")
                .build())
            .build())
        .build());
    
    trust_config_resource = gcp.certificatemanager.TrustConfig("trustConfigResource",
        location="string",
        allowlisted_certificates=[{
            "pem_certificate": "string",
        }],
        description="string",
        labels={
            "string": "string",
        },
        name="string",
        project="string",
        trust_stores=[{
            "intermediate_cas": [{
                "pem_certificate": "string",
            }],
            "trust_anchors": [{
                "pem_certificate": "string",
            }],
        }])
    
    const trustConfigResource = new gcp.certificatemanager.TrustConfig("trustConfigResource", {
        location: "string",
        allowlistedCertificates: [{
            pemCertificate: "string",
        }],
        description: "string",
        labels: {
            string: "string",
        },
        name: "string",
        project: "string",
        trustStores: [{
            intermediateCas: [{
                pemCertificate: "string",
            }],
            trustAnchors: [{
                pemCertificate: "string",
            }],
        }],
    });
    
    type: gcp:certificatemanager:TrustConfig
    properties:
        allowlistedCertificates:
            - pemCertificate: string
        description: string
        labels:
            string: string
        location: string
        name: string
        project: string
        trustStores:
            - intermediateCas:
                - pemCertificate: string
              trustAnchors:
                - pemCertificate: string
    

    TrustConfig Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The TrustConfig resource accepts the following input properties:

    Location string
    The trust config location.


    AllowlistedCertificates List<TrustConfigAllowlistedCertificate>
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    Description string
    One or more paragraphs of text description of a trust config.
    Labels Dictionary<string, string>
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Name string
    A user-defined name of the trust config. Trust config names must be unique globally.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    TrustStores List<TrustConfigTrustStore>
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    Location string
    The trust config location.


    AllowlistedCertificates []TrustConfigAllowlistedCertificateArgs
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    Description string
    One or more paragraphs of text description of a trust config.
    Labels map[string]string
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Name string
    A user-defined name of the trust config. Trust config names must be unique globally.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    TrustStores []TrustConfigTrustStoreArgs
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    location String
    The trust config location.


    allowlistedCertificates List<TrustConfigAllowlistedCertificate>
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    description String
    One or more paragraphs of text description of a trust config.
    labels Map<String,String>
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    name String
    A user-defined name of the trust config. Trust config names must be unique globally.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    trustStores List<TrustConfigTrustStore>
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    location string
    The trust config location.


    allowlistedCertificates TrustConfigAllowlistedCertificate[]
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    description string
    One or more paragraphs of text description of a trust config.
    labels {[key: string]: string}
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    name string
    A user-defined name of the trust config. Trust config names must be unique globally.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    trustStores TrustConfigTrustStore[]
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    location str
    The trust config location.


    allowlisted_certificates Sequence[TrustConfigAllowlistedCertificateArgs]
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    description str
    One or more paragraphs of text description of a trust config.
    labels Mapping[str, str]
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    name str
    A user-defined name of the trust config. Trust config names must be unique globally.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    trust_stores Sequence[TrustConfigTrustStoreArgs]
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    location String
    The trust config location.


    allowlistedCertificates List<Property Map>
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    description String
    One or more paragraphs of text description of a trust config.
    labels Map<String>
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    name String
    A user-defined name of the trust config. Trust config names must be unique globally.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    trustStores List<Property Map>
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the TrustConfig resource produces the following output properties:

    CreateTime string
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    UpdateTime string
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    CreateTime string
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    UpdateTime string
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    createTime String
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime String
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    createTime string
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id string
    The provider-assigned unique ID for this managed resource.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime string
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    create_time str
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id str
    The provider-assigned unique ID for this managed resource.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    update_time str
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    createTime String
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime String
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    Look up Existing TrustConfig Resource

    Get an existing TrustConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: TrustConfigState, opts?: CustomResourceOptions): TrustConfig
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allowlisted_certificates: Optional[Sequence[TrustConfigAllowlistedCertificateArgs]] = None,
            create_time: Optional[str] = None,
            description: Optional[str] = None,
            effective_labels: Optional[Mapping[str, str]] = None,
            labels: Optional[Mapping[str, str]] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            project: Optional[str] = None,
            pulumi_labels: Optional[Mapping[str, str]] = None,
            trust_stores: Optional[Sequence[TrustConfigTrustStoreArgs]] = None,
            update_time: Optional[str] = None) -> TrustConfig
    func GetTrustConfig(ctx *Context, name string, id IDInput, state *TrustConfigState, opts ...ResourceOption) (*TrustConfig, error)
    public static TrustConfig Get(string name, Input<string> id, TrustConfigState? state, CustomResourceOptions? opts = null)
    public static TrustConfig get(String name, Output<String> id, TrustConfigState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowlistedCertificates List<TrustConfigAllowlistedCertificate>
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    CreateTime string
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    Description string
    One or more paragraphs of text description of a trust config.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Labels Dictionary<string, string>
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The trust config location.


    Name string
    A user-defined name of the trust config. Trust config names must be unique globally.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    TrustStores List<TrustConfigTrustStore>
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    UpdateTime string
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    AllowlistedCertificates []TrustConfigAllowlistedCertificateArgs
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    CreateTime string
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    Description string
    One or more paragraphs of text description of a trust config.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Labels map[string]string
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The trust config location.


    Name string
    A user-defined name of the trust config. Trust config names must be unique globally.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    TrustStores []TrustConfigTrustStoreArgs
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    UpdateTime string
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    allowlistedCertificates List<TrustConfigAllowlistedCertificate>
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    createTime String
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    description String
    One or more paragraphs of text description of a trust config.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels Map<String,String>
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The trust config location.


    name String
    A user-defined name of the trust config. Trust config names must be unique globally.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    trustStores List<TrustConfigTrustStore>
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    updateTime String
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    allowlistedCertificates TrustConfigAllowlistedCertificate[]
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    createTime string
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    description string
    One or more paragraphs of text description of a trust config.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels {[key: string]: string}
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location string
    The trust config location.


    name string
    A user-defined name of the trust config. Trust config names must be unique globally.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    trustStores TrustConfigTrustStore[]
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    updateTime string
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    allowlisted_certificates Sequence[TrustConfigAllowlistedCertificateArgs]
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    create_time str
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    description str
    One or more paragraphs of text description of a trust config.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels Mapping[str, str]
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location str
    The trust config location.


    name str
    A user-defined name of the trust config. Trust config names must be unique globally.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    trust_stores Sequence[TrustConfigTrustStoreArgs]
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    update_time str
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    allowlistedCertificates List<Property Map>
    Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
    createTime String
    The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    description String
    One or more paragraphs of text description of a trust config.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels Map<String>
    Set of label tags associated with the trust config. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The trust config location.


    name String
    A user-defined name of the trust config. Trust config names must be unique globally.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    trustStores List<Property Map>
    Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
    updateTime String
    The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    Supporting Types

    TrustConfigAllowlistedCertificate, TrustConfigAllowlistedCertificateArgs

    PemCertificate string
    PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
    PemCertificate string
    PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
    pemCertificate String
    PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
    pemCertificate string
    PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
    pem_certificate str
    PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
    pemCertificate String
    PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.

    TrustConfigTrustStore, TrustConfigTrustStoreArgs

    IntermediateCas List<TrustConfigTrustStoreIntermediateCa>
    Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
    TrustAnchors List<TrustConfigTrustStoreTrustAnchor>
    List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
    IntermediateCas []TrustConfigTrustStoreIntermediateCa
    Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
    TrustAnchors []TrustConfigTrustStoreTrustAnchor
    List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
    intermediateCas List<TrustConfigTrustStoreIntermediateCa>
    Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
    trustAnchors List<TrustConfigTrustStoreTrustAnchor>
    List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
    intermediateCas TrustConfigTrustStoreIntermediateCa[]
    Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
    trustAnchors TrustConfigTrustStoreTrustAnchor[]
    List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
    intermediate_cas Sequence[TrustConfigTrustStoreIntermediateCa]
    Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
    trust_anchors Sequence[TrustConfigTrustStoreTrustAnchor]
    List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
    intermediateCas List<Property Map>
    Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
    trustAnchors List<Property Map>
    List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.

    TrustConfigTrustStoreIntermediateCa, TrustConfigTrustStoreIntermediateCaArgs

    PemCertificate string
    PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
    PemCertificate string
    PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
    pemCertificate String
    PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
    pemCertificate string
    PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
    pem_certificate str
    PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
    pemCertificate String
    PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.

    TrustConfigTrustStoreTrustAnchor, TrustConfigTrustStoreTrustAnchorArgs

    PemCertificate string
    PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
    PemCertificate string
    PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
    pemCertificate String
    PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
    pemCertificate string
    PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
    pem_certificate str
    PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
    pemCertificate String
    PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.

    Import

    TrustConfig can be imported using any of these accepted formats:

    • projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}

    • {{project}}/{{location}}/{{name}}

    • {{location}}/{{name}}

    When using the pulumi import command, TrustConfig can be imported using one of the formats above. For example:

    $ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}
    
    $ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default {{project}}/{{location}}/{{name}}
    
    $ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default {{location}}/{{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi