1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. networksecurity
  5. ServerTlsPolicy
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.networksecurity.ServerTlsPolicy

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. This resource itself does not affect configuration unless it is attached to a target HTTPS proxy or endpoint config selector resource.

    To get more information about ServerTlsPolicy, see:

    Example Usage

    Network Security Server Tls Policy Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
        name: "my-server-tls-policy",
        labels: {
            foo: "bar",
        },
        description: "my description",
        allowOpen: false,
        serverCertificate: {
            certificateProviderInstance: {
                pluginInstance: "google_cloud_private_spiffe",
            },
        },
        mtlsPolicy: {
            clientValidationCas: [{
                grpcEndpoint: {
                    targetUri: "unix:mypath",
                },
            }],
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.networksecurity.ServerTlsPolicy("default",
        name="my-server-tls-policy",
        labels={
            "foo": "bar",
        },
        description="my description",
        allow_open=False,
        server_certificate={
            "certificate_provider_instance": {
                "plugin_instance": "google_cloud_private_spiffe",
            },
        },
        mtls_policy={
            "client_validation_cas": [{
                "grpc_endpoint": {
                    "target_uri": "unix:mypath",
                },
            }],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
    			Name: pulumi.String("my-server-tls-policy"),
    			Labels: pulumi.StringMap{
    				"foo": pulumi.String("bar"),
    			},
    			Description: pulumi.String("my description"),
    			AllowOpen:   pulumi.Bool(false),
    			ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
    				CertificateProviderInstance: &networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs{
    					PluginInstance: pulumi.String("google_cloud_private_spiffe"),
    				},
    			},
    			MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
    				ClientValidationCas: networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArray{
    					&networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
    						GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
    							TargetUri: pulumi.String("unix:mypath"),
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
        {
            Name = "my-server-tls-policy",
            Labels = 
            {
                { "foo", "bar" },
            },
            Description = "my description",
            AllowOpen = false,
            ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
            {
                CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs
                {
                    PluginInstance = "google_cloud_private_spiffe",
                },
            },
            MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
            {
                ClientValidationCas = new[]
                {
                    new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
                    {
                        GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
                        {
                            TargetUri = "unix:mypath",
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
    import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
    import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
    import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs;
    import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
                .name("my-server-tls-policy")
                .labels(Map.of("foo", "bar"))
                .description("my description")
                .allowOpen("false")
                .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
                    .certificateProviderInstance(ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs.builder()
                        .pluginInstance("google_cloud_private_spiffe")
                        .build())
                    .build())
                .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
                    .clientValidationCas(ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
                        .grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
                            .targetUri("unix:mypath")
                            .build())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:networksecurity:ServerTlsPolicy
        properties:
          name: my-server-tls-policy
          labels:
            foo: bar
          description: my description
          allowOpen: 'false'
          serverCertificate:
            certificateProviderInstance:
              pluginInstance: google_cloud_private_spiffe
          mtlsPolicy:
            clientValidationCas:
              - grpcEndpoint:
                  targetUri: unix:mypath
    

    Network Security Server Tls Policy Advanced

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
        name: "my-server-tls-policy",
        labels: {
            foo: "bar",
        },
        description: "my description",
        location: "global",
        allowOpen: false,
        mtlsPolicy: {
            clientValidationMode: "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.networksecurity.ServerTlsPolicy("default",
        name="my-server-tls-policy",
        labels={
            "foo": "bar",
        },
        description="my description",
        location="global",
        allow_open=False,
        mtls_policy={
            "client_validation_mode": "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
    			Name: pulumi.String("my-server-tls-policy"),
    			Labels: pulumi.StringMap{
    				"foo": pulumi.String("bar"),
    			},
    			Description: pulumi.String("my description"),
    			Location:    pulumi.String("global"),
    			AllowOpen:   pulumi.Bool(false),
    			MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
    				ClientValidationMode: pulumi.String("ALLOW_INVALID_OR_MISSING_CLIENT_CERT"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
        {
            Name = "my-server-tls-policy",
            Labels = 
            {
                { "foo", "bar" },
            },
            Description = "my description",
            Location = "global",
            AllowOpen = false,
            MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
            {
                ClientValidationMode = "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
    import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
    import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
                .name("my-server-tls-policy")
                .labels(Map.of("foo", "bar"))
                .description("my description")
                .location("global")
                .allowOpen("false")
                .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
                    .clientValidationMode("ALLOW_INVALID_OR_MISSING_CLIENT_CERT")
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:networksecurity:ServerTlsPolicy
        properties:
          name: my-server-tls-policy
          labels:
            foo: bar
          description: my description
          location: global
          allowOpen: 'false'
          mtlsPolicy:
            clientValidationMode: ALLOW_INVALID_OR_MISSING_CLIENT_CERT
    

    Network Security Server Tls Policy Server Cert

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
        name: "my-server-tls-policy",
        labels: {
            foo: "bar",
        },
        description: "my description",
        location: "global",
        allowOpen: false,
        serverCertificate: {
            grpcEndpoint: {
                targetUri: "unix:mypath",
            },
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.networksecurity.ServerTlsPolicy("default",
        name="my-server-tls-policy",
        labels={
            "foo": "bar",
        },
        description="my description",
        location="global",
        allow_open=False,
        server_certificate={
            "grpc_endpoint": {
                "target_uri": "unix:mypath",
            },
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
    			Name: pulumi.String("my-server-tls-policy"),
    			Labels: pulumi.StringMap{
    				"foo": pulumi.String("bar"),
    			},
    			Description: pulumi.String("my description"),
    			Location:    pulumi.String("global"),
    			AllowOpen:   pulumi.Bool(false),
    			ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
    				GrpcEndpoint: &networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs{
    					TargetUri: pulumi.String("unix:mypath"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
        {
            Name = "my-server-tls-policy",
            Labels = 
            {
                { "foo", "bar" },
            },
            Description = "my description",
            Location = "global",
            AllowOpen = false,
            ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
            {
                GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs
                {
                    TargetUri = "unix:mypath",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
    import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
    import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;
    import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
                .name("my-server-tls-policy")
                .labels(Map.of("foo", "bar"))
                .description("my description")
                .location("global")
                .allowOpen("false")
                .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
                    .grpcEndpoint(ServerTlsPolicyServerCertificateGrpcEndpointArgs.builder()
                        .targetUri("unix:mypath")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:networksecurity:ServerTlsPolicy
        properties:
          name: my-server-tls-policy
          labels:
            foo: bar
          description: my description
          location: global
          allowOpen: 'false'
          serverCertificate:
            grpcEndpoint:
              targetUri: unix:mypath
    

    Network Security Server Tls Policy Mtls

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    import * as std from "@pulumi/std";
    
    const project = gcp.organizations.getProject({});
    const defaultTrustConfig = new gcp.certificatemanager.TrustConfig("default", {
        name: "my-trust-config",
        description: "sample trust config description",
        location: "global",
        trustStores: [{
            trustAnchors: [{
                pemCertificate: std.file({
                    input: "test-fixtures/ca_cert.pem",
                }).then(invoke => invoke.result),
            }],
            intermediateCas: [{
                pemCertificate: std.file({
                    input: "test-fixtures/ca_cert.pem",
                }).then(invoke => invoke.result),
            }],
        }],
        labels: {
            foo: "bar",
        },
    });
    const _default = new gcp.networksecurity.ServerTlsPolicy("default", {
        name: "my-server-tls-policy",
        description: "my description",
        location: "global",
        allowOpen: false,
        mtlsPolicy: {
            clientValidationMode: "REJECT_INVALID",
            clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) => `projects/${project.number}/locations/global/trustConfigs/${name}`),
        },
        labels: {
            foo: "bar",
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    import pulumi_std as std
    
    project = gcp.organizations.get_project()
    default_trust_config = gcp.certificatemanager.TrustConfig("default",
        name="my-trust-config",
        description="sample trust config description",
        location="global",
        trust_stores=[{
            "trust_anchors": [{
                "pem_certificate": std.file(input="test-fixtures/ca_cert.pem").result,
            }],
            "intermediate_cas": [{
                "pem_certificate": std.file(input="test-fixtures/ca_cert.pem").result,
            }],
        }],
        labels={
            "foo": "bar",
        })
    default = gcp.networksecurity.ServerTlsPolicy("default",
        name="my-server-tls-policy",
        description="my description",
        location="global",
        allow_open=False,
        mtls_policy={
            "client_validation_mode": "REJECT_INVALID",
            "client_validation_trust_config": default_trust_config.name.apply(lambda name: f"projects/{project.number}/locations/global/trustConfigs/{name}"),
        },
        labels={
            "foo": "bar",
        })
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
    		if err != nil {
    			return err
    		}
    		invokeFile, err := std.File(ctx, &std.FileArgs{
    			Input: "test-fixtures/ca_cert.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		invokeFile1, err := std.File(ctx, &std.FileArgs{
    			Input: "test-fixtures/ca_cert.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		defaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, "default", &certificatemanager.TrustConfigArgs{
    			Name:        pulumi.String("my-trust-config"),
    			Description: pulumi.String("sample trust config description"),
    			Location:    pulumi.String("global"),
    			TrustStores: certificatemanager.TrustConfigTrustStoreArray{
    				&certificatemanager.TrustConfigTrustStoreArgs{
    					TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
    						&certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
    							PemCertificate: pulumi.String(invokeFile.Result),
    						},
    					},
    					IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
    						&certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
    							PemCertificate: pulumi.String(invokeFile1.Result),
    						},
    					},
    				},
    			},
    			Labels: pulumi.StringMap{
    				"foo": pulumi.String("bar"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
    			Name:        pulumi.String("my-server-tls-policy"),
    			Description: pulumi.String("my description"),
    			Location:    pulumi.String("global"),
    			AllowOpen:   pulumi.Bool(false),
    			MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
    				ClientValidationMode: pulumi.String("REJECT_INVALID"),
    				ClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {
    					return fmt.Sprintf("projects/%v/locations/global/trustConfigs/%v", project.Number, name), nil
    				}).(pulumi.StringOutput),
    			},
    			Labels: pulumi.StringMap{
    				"foo": pulumi.String("bar"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var project = Gcp.Organizations.GetProject.Invoke();
    
        var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig("default", new()
        {
            Name = "my-trust-config",
            Description = "sample trust config description",
            Location = "global",
            TrustStores = new[]
            {
                new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
                {
                    TrustAnchors = new[]
                    {
                        new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
                        {
                            PemCertificate = Std.File.Invoke(new()
                            {
                                Input = "test-fixtures/ca_cert.pem",
                            }).Apply(invoke => invoke.Result),
                        },
                    },
                    IntermediateCas = new[]
                    {
                        new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
                        {
                            PemCertificate = Std.File.Invoke(new()
                            {
                                Input = "test-fixtures/ca_cert.pem",
                            }).Apply(invoke => invoke.Result),
                        },
                    },
                },
            },
            Labels = 
            {
                { "foo", "bar" },
            },
        });
    
        var @default = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
        {
            Name = "my-server-tls-policy",
            Description = "my description",
            Location = "global",
            AllowOpen = false,
            MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
            {
                ClientValidationMode = "REJECT_INVALID",
                ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =>
                {
                    var project = values.Item1;
                    var name = values.Item2;
                    return $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}/locations/global/trustConfigs/{name}";
                }),
            },
            Labels = 
            {
                { "foo", "bar" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.organizations.OrganizationsFunctions;
    import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
    import com.pulumi.gcp.certificatemanager.TrustConfig;
    import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
    import com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;
    import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
    import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
    import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var project = OrganizationsFunctions.getProject();
    
            var defaultTrustConfig = new TrustConfig("defaultTrustConfig", TrustConfigArgs.builder()
                .name("my-trust-config")
                .description("sample trust config description")
                .location("global")
                .trustStores(TrustConfigTrustStoreArgs.builder()
                    .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
                        .pemCertificate(StdFunctions.file(FileArgs.builder()
                            .input("test-fixtures/ca_cert.pem")
                            .build()).result())
                        .build())
                    .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
                        .pemCertificate(StdFunctions.file(FileArgs.builder()
                            .input("test-fixtures/ca_cert.pem")
                            .build()).result())
                        .build())
                    .build())
                .labels(Map.of("foo", "bar"))
                .build());
    
            var default_ = new ServerTlsPolicy("default", ServerTlsPolicyArgs.builder()
                .name("my-server-tls-policy")
                .description("my description")
                .location("global")
                .allowOpen("false")
                .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
                    .clientValidationMode("REJECT_INVALID")
                    .clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -> String.format("projects/%s/locations/global/trustConfigs/%s", project.applyValue(getProjectResult -> getProjectResult.number()),name)))
                    .build())
                .labels(Map.of("foo", "bar"))
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:networksecurity:ServerTlsPolicy
        properties:
          name: my-server-tls-policy
          description: my description
          location: global
          allowOpen: 'false'
          mtlsPolicy:
            clientValidationMode: REJECT_INVALID
            clientValidationTrustConfig: projects/${project.number}/locations/global/trustConfigs/${defaultTrustConfig.name}
          labels:
            foo: bar
      defaultTrustConfig:
        type: gcp:certificatemanager:TrustConfig
        name: default
        properties:
          name: my-trust-config
          description: sample trust config description
          location: global
          trustStores:
            - trustAnchors:
                - pemCertificate:
                    fn::invoke:
                      Function: std:file
                      Arguments:
                        input: test-fixtures/ca_cert.pem
                      Return: result
              intermediateCas:
                - pemCertificate:
                    fn::invoke:
                      Function: std:file
                      Arguments:
                        input: test-fixtures/ca_cert.pem
                      Return: result
          labels:
            foo: bar
    variables:
      project:
        fn::invoke:
          Function: gcp:organizations:getProject
          Arguments: {}
    

    Create ServerTlsPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ServerTlsPolicy(name: string, args?: ServerTlsPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def ServerTlsPolicy(resource_name: str,
                        args: Optional[ServerTlsPolicyArgs] = None,
                        opts: Optional[ResourceOptions] = None)
    
    @overload
    def ServerTlsPolicy(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        allow_open: Optional[bool] = None,
                        description: Optional[str] = None,
                        labels: Optional[Mapping[str, str]] = None,
                        location: Optional[str] = None,
                        mtls_policy: Optional[ServerTlsPolicyMtlsPolicyArgs] = None,
                        name: Optional[str] = None,
                        project: Optional[str] = None,
                        server_certificate: Optional[ServerTlsPolicyServerCertificateArgs] = None)
    func NewServerTlsPolicy(ctx *Context, name string, args *ServerTlsPolicyArgs, opts ...ResourceOption) (*ServerTlsPolicy, error)
    public ServerTlsPolicy(string name, ServerTlsPolicyArgs? args = null, CustomResourceOptions? opts = null)
    public ServerTlsPolicy(String name, ServerTlsPolicyArgs args)
    public ServerTlsPolicy(String name, ServerTlsPolicyArgs args, CustomResourceOptions options)
    
    type: gcp:networksecurity:ServerTlsPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ServerTlsPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ServerTlsPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ServerTlsPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ServerTlsPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ServerTlsPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var serverTlsPolicyResource = new Gcp.NetworkSecurity.ServerTlsPolicy("serverTlsPolicyResource", new()
    {
        AllowOpen = false,
        Description = "string",
        Labels = 
        {
            { "string", "string" },
        },
        Location = "string",
        MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
        {
            ClientValidationCas = new[]
            {
                new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs
                {
                    CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs
                    {
                        PluginInstance = "string",
                    },
                    GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs
                    {
                        TargetUri = "string",
                    },
                },
            },
            ClientValidationMode = "string",
            ClientValidationTrustConfig = "string",
        },
        Name = "string",
        Project = "string",
        ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs
        {
            CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs
            {
                PluginInstance = "string",
            },
            GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs
            {
                TargetUri = "string",
            },
        },
    });
    
    example, err := networksecurity.NewServerTlsPolicy(ctx, "serverTlsPolicyResource", &networksecurity.ServerTlsPolicyArgs{
    	AllowOpen:   pulumi.Bool(false),
    	Description: pulumi.String("string"),
    	Labels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Location: pulumi.String("string"),
    	MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
    		ClientValidationCas: networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArray{
    			&networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{
    				CertificateProviderInstance: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs{
    					PluginInstance: pulumi.String("string"),
    				},
    				GrpcEndpoint: &networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{
    					TargetUri: pulumi.String("string"),
    				},
    			},
    		},
    		ClientValidationMode:        pulumi.String("string"),
    		ClientValidationTrustConfig: pulumi.String("string"),
    	},
    	Name:    pulumi.String("string"),
    	Project: pulumi.String("string"),
    	ServerCertificate: &networksecurity.ServerTlsPolicyServerCertificateArgs{
    		CertificateProviderInstance: &networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs{
    			PluginInstance: pulumi.String("string"),
    		},
    		GrpcEndpoint: &networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs{
    			TargetUri: pulumi.String("string"),
    		},
    	},
    })
    
    var serverTlsPolicyResource = new ServerTlsPolicy("serverTlsPolicyResource", ServerTlsPolicyArgs.builder()
        .allowOpen(false)
        .description("string")
        .labels(Map.of("string", "string"))
        .location("string")
        .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
            .clientValidationCas(ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()
                .certificateProviderInstance(ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs.builder()
                    .pluginInstance("string")
                    .build())
                .grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()
                    .targetUri("string")
                    .build())
                .build())
            .clientValidationMode("string")
            .clientValidationTrustConfig("string")
            .build())
        .name("string")
        .project("string")
        .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()
            .certificateProviderInstance(ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs.builder()
                .pluginInstance("string")
                .build())
            .grpcEndpoint(ServerTlsPolicyServerCertificateGrpcEndpointArgs.builder()
                .targetUri("string")
                .build())
            .build())
        .build());
    
    server_tls_policy_resource = gcp.networksecurity.ServerTlsPolicy("serverTlsPolicyResource",
        allow_open=False,
        description="string",
        labels={
            "string": "string",
        },
        location="string",
        mtls_policy={
            "client_validation_cas": [{
                "certificate_provider_instance": {
                    "plugin_instance": "string",
                },
                "grpc_endpoint": {
                    "target_uri": "string",
                },
            }],
            "client_validation_mode": "string",
            "client_validation_trust_config": "string",
        },
        name="string",
        project="string",
        server_certificate={
            "certificate_provider_instance": {
                "plugin_instance": "string",
            },
            "grpc_endpoint": {
                "target_uri": "string",
            },
        })
    
    const serverTlsPolicyResource = new gcp.networksecurity.ServerTlsPolicy("serverTlsPolicyResource", {
        allowOpen: false,
        description: "string",
        labels: {
            string: "string",
        },
        location: "string",
        mtlsPolicy: {
            clientValidationCas: [{
                certificateProviderInstance: {
                    pluginInstance: "string",
                },
                grpcEndpoint: {
                    targetUri: "string",
                },
            }],
            clientValidationMode: "string",
            clientValidationTrustConfig: "string",
        },
        name: "string",
        project: "string",
        serverCertificate: {
            certificateProviderInstance: {
                pluginInstance: "string",
            },
            grpcEndpoint: {
                targetUri: "string",
            },
        },
    });
    
    type: gcp:networksecurity:ServerTlsPolicy
    properties:
        allowOpen: false
        description: string
        labels:
            string: string
        location: string
        mtlsPolicy:
            clientValidationCas:
                - certificateProviderInstance:
                    pluginInstance: string
                  grpcEndpoint:
                    targetUri: string
            clientValidationMode: string
            clientValidationTrustConfig: string
        name: string
        project: string
        serverCertificate:
            certificateProviderInstance:
                pluginInstance: string
            grpcEndpoint:
                targetUri: string
    

    ServerTlsPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ServerTlsPolicy resource accepts the following input properties:

    AllowOpen bool
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    Description string
    A free-text description of the resource. Max length 1024 characters.
    Labels Dictionary<string, string>
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The location of the server tls policy. The default value is global.
    MtlsPolicy ServerTlsPolicyMtlsPolicy
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    Name string
    Name of the ServerTlsPolicy resource.


    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ServerCertificate ServerTlsPolicyServerCertificate
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    AllowOpen bool
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    Description string
    A free-text description of the resource. Max length 1024 characters.
    Labels map[string]string
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The location of the server tls policy. The default value is global.
    MtlsPolicy ServerTlsPolicyMtlsPolicyArgs
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    Name string
    Name of the ServerTlsPolicy resource.


    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ServerCertificate ServerTlsPolicyServerCertificateArgs
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    allowOpen Boolean
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    description String
    A free-text description of the resource. Max length 1024 characters.
    labels Map<String,String>
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The location of the server tls policy. The default value is global.
    mtlsPolicy ServerTlsPolicyMtlsPolicy
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    name String
    Name of the ServerTlsPolicy resource.


    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    serverCertificate ServerTlsPolicyServerCertificate
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    allowOpen boolean
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    description string
    A free-text description of the resource. Max length 1024 characters.
    labels {[key: string]: string}
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location string
    The location of the server tls policy. The default value is global.
    mtlsPolicy ServerTlsPolicyMtlsPolicy
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    name string
    Name of the ServerTlsPolicy resource.


    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    serverCertificate ServerTlsPolicyServerCertificate
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    allow_open bool
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    description str
    A free-text description of the resource. Max length 1024 characters.
    labels Mapping[str, str]
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location str
    The location of the server tls policy. The default value is global.
    mtls_policy ServerTlsPolicyMtlsPolicyArgs
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    name str
    Name of the ServerTlsPolicy resource.


    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    server_certificate ServerTlsPolicyServerCertificateArgs
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    allowOpen Boolean
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    description String
    A free-text description of the resource. Max length 1024 characters.
    labels Map<String>
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The location of the server tls policy. The default value is global.
    mtlsPolicy Property Map
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    name String
    Name of the ServerTlsPolicy resource.


    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    serverCertificate Property Map
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ServerTlsPolicy resource produces the following output properties:

    CreateTime string
    Time the ServerTlsPolicy was created in UTC.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    UpdateTime string
    Time the ServerTlsPolicy was updated in UTC.
    CreateTime string
    Time the ServerTlsPolicy was created in UTC.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    UpdateTime string
    Time the ServerTlsPolicy was updated in UTC.
    createTime String
    Time the ServerTlsPolicy was created in UTC.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime String
    Time the ServerTlsPolicy was updated in UTC.
    createTime string
    Time the ServerTlsPolicy was created in UTC.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id string
    The provider-assigned unique ID for this managed resource.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime string
    Time the ServerTlsPolicy was updated in UTC.
    create_time str
    Time the ServerTlsPolicy was created in UTC.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id str
    The provider-assigned unique ID for this managed resource.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    update_time str
    Time the ServerTlsPolicy was updated in UTC.
    createTime String
    Time the ServerTlsPolicy was created in UTC.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime String
    Time the ServerTlsPolicy was updated in UTC.

    Look up Existing ServerTlsPolicy Resource

    Get an existing ServerTlsPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ServerTlsPolicyState, opts?: CustomResourceOptions): ServerTlsPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allow_open: Optional[bool] = None,
            create_time: Optional[str] = None,
            description: Optional[str] = None,
            effective_labels: Optional[Mapping[str, str]] = None,
            labels: Optional[Mapping[str, str]] = None,
            location: Optional[str] = None,
            mtls_policy: Optional[ServerTlsPolicyMtlsPolicyArgs] = None,
            name: Optional[str] = None,
            project: Optional[str] = None,
            pulumi_labels: Optional[Mapping[str, str]] = None,
            server_certificate: Optional[ServerTlsPolicyServerCertificateArgs] = None,
            update_time: Optional[str] = None) -> ServerTlsPolicy
    func GetServerTlsPolicy(ctx *Context, name string, id IDInput, state *ServerTlsPolicyState, opts ...ResourceOption) (*ServerTlsPolicy, error)
    public static ServerTlsPolicy Get(string name, Input<string> id, ServerTlsPolicyState? state, CustomResourceOptions? opts = null)
    public static ServerTlsPolicy get(String name, Output<String> id, ServerTlsPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowOpen bool
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    CreateTime string
    Time the ServerTlsPolicy was created in UTC.
    Description string
    A free-text description of the resource. Max length 1024 characters.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Labels Dictionary<string, string>
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The location of the server tls policy. The default value is global.
    MtlsPolicy ServerTlsPolicyMtlsPolicy
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    Name string
    Name of the ServerTlsPolicy resource.


    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    ServerCertificate ServerTlsPolicyServerCertificate
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    UpdateTime string
    Time the ServerTlsPolicy was updated in UTC.
    AllowOpen bool
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    CreateTime string
    Time the ServerTlsPolicy was created in UTC.
    Description string
    A free-text description of the resource. Max length 1024 characters.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Labels map[string]string
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The location of the server tls policy. The default value is global.
    MtlsPolicy ServerTlsPolicyMtlsPolicyArgs
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    Name string
    Name of the ServerTlsPolicy resource.


    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    ServerCertificate ServerTlsPolicyServerCertificateArgs
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    UpdateTime string
    Time the ServerTlsPolicy was updated in UTC.
    allowOpen Boolean
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    createTime String
    Time the ServerTlsPolicy was created in UTC.
    description String
    A free-text description of the resource. Max length 1024 characters.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels Map<String,String>
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The location of the server tls policy. The default value is global.
    mtlsPolicy ServerTlsPolicyMtlsPolicy
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    name String
    Name of the ServerTlsPolicy resource.


    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    serverCertificate ServerTlsPolicyServerCertificate
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    updateTime String
    Time the ServerTlsPolicy was updated in UTC.
    allowOpen boolean
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    createTime string
    Time the ServerTlsPolicy was created in UTC.
    description string
    A free-text description of the resource. Max length 1024 characters.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels {[key: string]: string}
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location string
    The location of the server tls policy. The default value is global.
    mtlsPolicy ServerTlsPolicyMtlsPolicy
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    name string
    Name of the ServerTlsPolicy resource.


    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    serverCertificate ServerTlsPolicyServerCertificate
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    updateTime string
    Time the ServerTlsPolicy was updated in UTC.
    allow_open bool
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    create_time str
    Time the ServerTlsPolicy was created in UTC.
    description str
    A free-text description of the resource. Max length 1024 characters.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels Mapping[str, str]
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location str
    The location of the server tls policy. The default value is global.
    mtls_policy ServerTlsPolicyMtlsPolicyArgs
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    name str
    Name of the ServerTlsPolicy resource.


    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    server_certificate ServerTlsPolicyServerCertificateArgs
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    update_time str
    Time the ServerTlsPolicy was updated in UTC.
    allowOpen Boolean
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    createTime String
    Time the ServerTlsPolicy was created in UTC.
    description String
    A free-text description of the resource. Max length 1024 characters.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    labels Map<String>
    Set of label tags associated with the ServerTlsPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The location of the server tls policy. The default value is global.
    mtlsPolicy Property Map
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. Structure is documented below.
    name String
    Name of the ServerTlsPolicy resource.


    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    serverCertificate Property Map
    Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. Structure is documented below.
    updateTime String
    Time the ServerTlsPolicy was updated in UTC.

    Supporting Types

    ServerTlsPolicyMtlsPolicy, ServerTlsPolicyMtlsPolicyArgs

    ClientValidationCas List<ServerTlsPolicyMtlsPolicyClientValidationCa>
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
    ClientValidationMode string
    When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. Possible values are: CLIENT_VALIDATION_MODE_UNSPECIFIED, ALLOW_INVALID_OR_MISSING_CLIENT_CERT, REJECT_INVALID.
    ClientValidationTrustConfig string
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    ClientValidationCas []ServerTlsPolicyMtlsPolicyClientValidationCa
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
    ClientValidationMode string
    When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. Possible values are: CLIENT_VALIDATION_MODE_UNSPECIFIED, ALLOW_INVALID_OR_MISSING_CLIENT_CERT, REJECT_INVALID.
    ClientValidationTrustConfig string
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    clientValidationCas List<ServerTlsPolicyMtlsPolicyClientValidationCa>
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
    clientValidationMode String
    When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. Possible values are: CLIENT_VALIDATION_MODE_UNSPECIFIED, ALLOW_INVALID_OR_MISSING_CLIENT_CERT, REJECT_INVALID.
    clientValidationTrustConfig String
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    clientValidationCas ServerTlsPolicyMtlsPolicyClientValidationCa[]
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
    clientValidationMode string
    When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. Possible values are: CLIENT_VALIDATION_MODE_UNSPECIFIED, ALLOW_INVALID_OR_MISSING_CLIENT_CERT, REJECT_INVALID.
    clientValidationTrustConfig string
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    client_validation_cas Sequence[ServerTlsPolicyMtlsPolicyClientValidationCa]
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
    client_validation_mode str
    When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. Possible values are: CLIENT_VALIDATION_MODE_UNSPECIFIED, ALLOW_INVALID_OR_MISSING_CLIENT_CERT, REJECT_INVALID.
    client_validation_trust_config str
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    clientValidationCas List<Property Map>
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. Structure is documented below.
    clientValidationMode String
    When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. Possible values are: CLIENT_VALIDATION_MODE_UNSPECIFIED, ALLOW_INVALID_OR_MISSING_CLIENT_CERT, REJECT_INVALID.
    clientValidationTrustConfig String
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.

    ServerTlsPolicyMtlsPolicyClientValidationCa, ServerTlsPolicyMtlsPolicyClientValidationCaArgs

    CertificateProviderInstance ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstance
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    GrpcEndpoint ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
    CertificateProviderInstance ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstance
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    GrpcEndpoint ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
    certificateProviderInstance ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstance
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    grpcEndpoint ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
    certificateProviderInstance ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstance
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    grpcEndpoint ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
    certificate_provider_instance ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstance
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    grpc_endpoint ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
    certificateProviderInstance Property Map
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    grpcEndpoint Property Map
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.

    ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstance, ServerTlsPolicyMtlsPolicyClientValidationCaCertificateProviderInstanceArgs

    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    plugin_instance str
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.

    ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpoint, ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs

    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    target_uri str
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".

    ServerTlsPolicyServerCertificate, ServerTlsPolicyServerCertificateArgs

    CertificateProviderInstance ServerTlsPolicyServerCertificateCertificateProviderInstance
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    GrpcEndpoint ServerTlsPolicyServerCertificateGrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
    CertificateProviderInstance ServerTlsPolicyServerCertificateCertificateProviderInstance
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    GrpcEndpoint ServerTlsPolicyServerCertificateGrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
    certificateProviderInstance ServerTlsPolicyServerCertificateCertificateProviderInstance
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    grpcEndpoint ServerTlsPolicyServerCertificateGrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
    certificateProviderInstance ServerTlsPolicyServerCertificateCertificateProviderInstance
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    grpcEndpoint ServerTlsPolicyServerCertificateGrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
    certificate_provider_instance ServerTlsPolicyServerCertificateCertificateProviderInstance
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    grpc_endpoint ServerTlsPolicyServerCertificateGrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.
    certificateProviderInstance Property Map
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. Structure is documented below.
    grpcEndpoint Property Map
    gRPC specific configuration to access the gRPC server to obtain the cert and private key. Structure is documented below.

    ServerTlsPolicyServerCertificateCertificateProviderInstance, ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs

    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    plugin_instance str
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.

    ServerTlsPolicyServerCertificateGrpcEndpoint, ServerTlsPolicyServerCertificateGrpcEndpointArgs

    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    target_uri str
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".

    Import

    ServerTlsPolicy can be imported using any of these accepted formats:

    • projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}

    • {{project}}/{{location}}/{{name}}

    • {{location}}/{{name}}

    When using the pulumi import command, ServerTlsPolicy can be imported using one of the formats above. For example:

    $ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}
    
    $ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{project}}/{{location}}/{{name}}
    
    $ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{location}}/{{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi