gcp.compute.TargetHttpsProxy
Explore with Pulumi AI
Represents a TargetHttpsProxy resource, which is used by one or more global forwarding rule to route incoming HTTPS requests to a URL map.
To get more information about TargetHttpsProxy, see:
- API documentation
- How-to Guides
Example Usage
Target Https Proxy Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const defaultSSLCertificate = new gcp.compute.SSLCertificate("default", {
name: "my-certificate",
privateKey: std.file({
input: "path/to/private.key",
}).then(invoke => invoke.result),
certificate: std.file({
input: "path/to/certificate.crt",
}).then(invoke => invoke.result),
});
const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
name: "http-health-check",
requestPath: "/",
checkIntervalSec: 1,
timeoutSec: 1,
});
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend-service",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
healthChecks: defaultHttpHealthCheck.id,
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const _default = new gcp.compute.TargetHttpsProxy("default", {
name: "test-proxy",
urlMap: defaultURLMap.id,
sslCertificates: [defaultSSLCertificate.id],
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
default_ssl_certificate = gcp.compute.SSLCertificate("default",
name="my-certificate",
private_key=std.file(input="path/to/private.key").result,
certificate=std.file(input="path/to/certificate.crt").result)
default_http_health_check = gcp.compute.HttpHealthCheck("default",
name="http-health-check",
request_path="/",
check_interval_sec=1,
timeout_sec=1)
default_backend_service = gcp.compute.BackendService("default",
name="backend-service",
port_name="http",
protocol="HTTP",
timeout_sec=10,
health_checks=default_http_health_check.id)
default_url_map = gcp.compute.URLMap("default",
name="url-map",
description="a description",
default_service=default_backend_service.id,
host_rules=[{
"hosts": ["mysite.com"],
"path_matcher": "allpaths",
}],
path_matchers=[{
"name": "allpaths",
"default_service": default_backend_service.id,
"path_rules": [{
"paths": ["/*"],
"service": default_backend_service.id,
}],
}])
default = gcp.compute.TargetHttpsProxy("default",
name="test-proxy",
url_map=default_url_map.id,
ssl_certificates=[default_ssl_certificate.id])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "path/to/private.key",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "path/to/certificate.crt",
}, nil)
if err != nil {
return err
}
defaultSSLCertificate, err := compute.NewSSLCertificate(ctx, "default", &compute.SSLCertificateArgs{
Name: pulumi.String("my-certificate"),
PrivateKey: pulumi.String(invokeFile.Result),
Certificate: pulumi.String(invokeFile1.Result),
})
if err != nil {
return err
}
defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
Name: pulumi.String("http-health-check"),
RequestPath: pulumi.String("/"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
})
if err != nil {
return err
}
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
HealthChecks: defaultHttpHealthCheck.ID(),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
_, err = compute.NewTargetHttpsProxy(ctx, "default", &compute.TargetHttpsProxyArgs{
Name: pulumi.String("test-proxy"),
UrlMap: defaultURLMap.ID(),
SslCertificates: pulumi.StringArray{
defaultSSLCertificate.ID(),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var defaultSSLCertificate = new Gcp.Compute.SSLCertificate("default", new()
{
Name = "my-certificate",
PrivateKey = Std.File.Invoke(new()
{
Input = "path/to/private.key",
}).Apply(invoke => invoke.Result),
Certificate = Std.File.Invoke(new()
{
Input = "path/to/certificate.crt",
}).Apply(invoke => invoke.Result),
});
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
{
Name = "http-health-check",
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
HealthChecks = defaultHttpHealthCheck.Id,
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var @default = new Gcp.Compute.TargetHttpsProxy("default", new()
{
Name = "test-proxy",
UrlMap = defaultURLMap.Id,
SslCertificates = new[]
{
defaultSSLCertificate.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.SSLCertificate;
import com.pulumi.gcp.compute.SSLCertificateArgs;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpsProxy;
import com.pulumi.gcp.compute.TargetHttpsProxyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultSSLCertificate = new SSLCertificate("defaultSSLCertificate", SSLCertificateArgs.builder()
.name("my-certificate")
.privateKey(StdFunctions.file(FileArgs.builder()
.input("path/to/private.key")
.build()).result())
.certificate(StdFunctions.file(FileArgs.builder()
.input("path/to/certificate.crt")
.build()).result())
.build());
var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
.name("http-health-check")
.requestPath("/")
.checkIntervalSec(1)
.timeoutSec(1)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend-service")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.healthChecks(defaultHttpHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var default_ = new TargetHttpsProxy("default", TargetHttpsProxyArgs.builder()
.name("test-proxy")
.urlMap(defaultURLMap.id())
.sslCertificates(defaultSSLCertificate.id())
.build());
}
}
resources:
default:
type: gcp:compute:TargetHttpsProxy
properties:
name: test-proxy
urlMap: ${defaultURLMap.id}
sslCertificates:
- ${defaultSSLCertificate.id}
defaultSSLCertificate:
type: gcp:compute:SSLCertificate
name: default
properties:
name: my-certificate
privateKey:
fn::invoke:
Function: std:file
Arguments:
input: path/to/private.key
Return: result
certificate:
fn::invoke:
Function: std:file
Arguments:
input: path/to/certificate.crt
Return: result
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend-service
portName: http
protocol: HTTP
timeoutSec: 10
healthChecks: ${defaultHttpHealthCheck.id}
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
name: default
properties:
name: http-health-check
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
Target Https Proxy Http Keep Alive Timeout
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const defaultSSLCertificate = new gcp.compute.SSLCertificate("default", {
name: "my-certificate",
privateKey: std.file({
input: "path/to/private.key",
}).then(invoke => invoke.result),
certificate: std.file({
input: "path/to/certificate.crt",
}).then(invoke => invoke.result),
});
const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
name: "http-health-check",
requestPath: "/",
checkIntervalSec: 1,
timeoutSec: 1,
});
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend-service",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
loadBalancingScheme: "EXTERNAL_MANAGED",
healthChecks: defaultHttpHealthCheck.id,
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const _default = new gcp.compute.TargetHttpsProxy("default", {
name: "test-http-keep-alive-timeout-proxy",
httpKeepAliveTimeoutSec: 610,
urlMap: defaultURLMap.id,
sslCertificates: [defaultSSLCertificate.id],
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
default_ssl_certificate = gcp.compute.SSLCertificate("default",
name="my-certificate",
private_key=std.file(input="path/to/private.key").result,
certificate=std.file(input="path/to/certificate.crt").result)
default_http_health_check = gcp.compute.HttpHealthCheck("default",
name="http-health-check",
request_path="/",
check_interval_sec=1,
timeout_sec=1)
default_backend_service = gcp.compute.BackendService("default",
name="backend-service",
port_name="http",
protocol="HTTP",
timeout_sec=10,
load_balancing_scheme="EXTERNAL_MANAGED",
health_checks=default_http_health_check.id)
default_url_map = gcp.compute.URLMap("default",
name="url-map",
description="a description",
default_service=default_backend_service.id,
host_rules=[{
"hosts": ["mysite.com"],
"path_matcher": "allpaths",
}],
path_matchers=[{
"name": "allpaths",
"default_service": default_backend_service.id,
"path_rules": [{
"paths": ["/*"],
"service": default_backend_service.id,
}],
}])
default = gcp.compute.TargetHttpsProxy("default",
name="test-http-keep-alive-timeout-proxy",
http_keep_alive_timeout_sec=610,
url_map=default_url_map.id,
ssl_certificates=[default_ssl_certificate.id])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "path/to/private.key",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "path/to/certificate.crt",
}, nil)
if err != nil {
return err
}
defaultSSLCertificate, err := compute.NewSSLCertificate(ctx, "default", &compute.SSLCertificateArgs{
Name: pulumi.String("my-certificate"),
PrivateKey: pulumi.String(invokeFile.Result),
Certificate: pulumi.String(invokeFile1.Result),
})
if err != nil {
return err
}
defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
Name: pulumi.String("http-health-check"),
RequestPath: pulumi.String("/"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
})
if err != nil {
return err
}
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
HealthChecks: defaultHttpHealthCheck.ID(),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
_, err = compute.NewTargetHttpsProxy(ctx, "default", &compute.TargetHttpsProxyArgs{
Name: pulumi.String("test-http-keep-alive-timeout-proxy"),
HttpKeepAliveTimeoutSec: pulumi.Int(610),
UrlMap: defaultURLMap.ID(),
SslCertificates: pulumi.StringArray{
defaultSSLCertificate.ID(),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var defaultSSLCertificate = new Gcp.Compute.SSLCertificate("default", new()
{
Name = "my-certificate",
PrivateKey = Std.File.Invoke(new()
{
Input = "path/to/private.key",
}).Apply(invoke => invoke.Result),
Certificate = Std.File.Invoke(new()
{
Input = "path/to/certificate.crt",
}).Apply(invoke => invoke.Result),
});
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
{
Name = "http-health-check",
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
LoadBalancingScheme = "EXTERNAL_MANAGED",
HealthChecks = defaultHttpHealthCheck.Id,
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var @default = new Gcp.Compute.TargetHttpsProxy("default", new()
{
Name = "test-http-keep-alive-timeout-proxy",
HttpKeepAliveTimeoutSec = 610,
UrlMap = defaultURLMap.Id,
SslCertificates = new[]
{
defaultSSLCertificate.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.SSLCertificate;
import com.pulumi.gcp.compute.SSLCertificateArgs;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpsProxy;
import com.pulumi.gcp.compute.TargetHttpsProxyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultSSLCertificate = new SSLCertificate("defaultSSLCertificate", SSLCertificateArgs.builder()
.name("my-certificate")
.privateKey(StdFunctions.file(FileArgs.builder()
.input("path/to/private.key")
.build()).result())
.certificate(StdFunctions.file(FileArgs.builder()
.input("path/to/certificate.crt")
.build()).result())
.build());
var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
.name("http-health-check")
.requestPath("/")
.checkIntervalSec(1)
.timeoutSec(1)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend-service")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.loadBalancingScheme("EXTERNAL_MANAGED")
.healthChecks(defaultHttpHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var default_ = new TargetHttpsProxy("default", TargetHttpsProxyArgs.builder()
.name("test-http-keep-alive-timeout-proxy")
.httpKeepAliveTimeoutSec(610)
.urlMap(defaultURLMap.id())
.sslCertificates(defaultSSLCertificate.id())
.build());
}
}
resources:
default:
type: gcp:compute:TargetHttpsProxy
properties:
name: test-http-keep-alive-timeout-proxy
httpKeepAliveTimeoutSec: 610
urlMap: ${defaultURLMap.id}
sslCertificates:
- ${defaultSSLCertificate.id}
defaultSSLCertificate:
type: gcp:compute:SSLCertificate
name: default
properties:
name: my-certificate
privateKey:
fn::invoke:
Function: std:file
Arguments:
input: path/to/private.key
Return: result
certificate:
fn::invoke:
Function: std:file
Arguments:
input: path/to/certificate.crt
Return: result
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend-service
portName: http
protocol: HTTP
timeoutSec: 10
loadBalancingScheme: EXTERNAL_MANAGED
healthChecks: ${defaultHttpHealthCheck.id}
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
name: default
properties:
name: http-health-check
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
Target Https Proxy Mtls
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const project = gcp.organizations.getProject({});
const defaultTrustConfig = new gcp.certificatemanager.TrustConfig("default", {
name: "my-trust-config",
description: "sample description for the trust config",
location: "global",
trustStores: [{
trustAnchors: [{
pemCertificate: std.file({
input: "test-fixtures/ca_cert.pem",
}).then(invoke => invoke.result),
}],
intermediateCas: [{
pemCertificate: std.file({
input: "test-fixtures/ca_cert.pem",
}).then(invoke => invoke.result),
}],
}],
labels: {
foo: "bar",
},
});
const defaultServerTlsPolicy = new gcp.networksecurity.ServerTlsPolicy("default", {
name: "my-tls-policy",
description: "my description",
location: "global",
allowOpen: false,
mtlsPolicy: {
clientValidationMode: "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) => `projects/${project.number}/locations/global/trustConfigs/${name}`),
},
});
const defaultSSLCertificate = new gcp.compute.SSLCertificate("default", {
name: "my-certificate",
privateKey: std.file({
input: "path/to/private.key",
}).then(invoke => invoke.result),
certificate: std.file({
input: "path/to/certificate.crt",
}).then(invoke => invoke.result),
});
const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
name: "http-health-check",
requestPath: "/",
checkIntervalSec: 1,
timeoutSec: 1,
});
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend-service",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
healthChecks: defaultHttpHealthCheck.id,
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const _default = new gcp.compute.TargetHttpsProxy("default", {
name: "test-mtls-proxy",
urlMap: defaultURLMap.id,
sslCertificates: [defaultSSLCertificate.id],
serverTlsPolicy: defaultServerTlsPolicy.id,
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
project = gcp.organizations.get_project()
default_trust_config = gcp.certificatemanager.TrustConfig("default",
name="my-trust-config",
description="sample description for the trust config",
location="global",
trust_stores=[{
"trust_anchors": [{
"pem_certificate": std.file(input="test-fixtures/ca_cert.pem").result,
}],
"intermediate_cas": [{
"pem_certificate": std.file(input="test-fixtures/ca_cert.pem").result,
}],
}],
labels={
"foo": "bar",
})
default_server_tls_policy = gcp.networksecurity.ServerTlsPolicy("default",
name="my-tls-policy",
description="my description",
location="global",
allow_open=False,
mtls_policy={
"client_validation_mode": "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
"client_validation_trust_config": default_trust_config.name.apply(lambda name: f"projects/{project.number}/locations/global/trustConfigs/{name}"),
})
default_ssl_certificate = gcp.compute.SSLCertificate("default",
name="my-certificate",
private_key=std.file(input="path/to/private.key").result,
certificate=std.file(input="path/to/certificate.crt").result)
default_http_health_check = gcp.compute.HttpHealthCheck("default",
name="http-health-check",
request_path="/",
check_interval_sec=1,
timeout_sec=1)
default_backend_service = gcp.compute.BackendService("default",
name="backend-service",
port_name="http",
protocol="HTTP",
timeout_sec=10,
health_checks=default_http_health_check.id)
default_url_map = gcp.compute.URLMap("default",
name="url-map",
description="a description",
default_service=default_backend_service.id,
host_rules=[{
"hosts": ["mysite.com"],
"path_matcher": "allpaths",
}],
path_matchers=[{
"name": "allpaths",
"default_service": default_backend_service.id,
"path_rules": [{
"paths": ["/*"],
"service": default_backend_service.id,
}],
}])
default = gcp.compute.TargetHttpsProxy("default",
name="test-mtls-proxy",
url_map=default_url_map.id,
ssl_certificates=[default_ssl_certificate.id],
server_tls_policy=default_server_tls_policy.id)
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, nil, nil)
if err != nil {
return err
}
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/ca_cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/ca_cert.pem",
}, nil)
if err != nil {
return err
}
defaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, "default", &certificatemanager.TrustConfigArgs{
Name: pulumi.String("my-trust-config"),
Description: pulumi.String("sample description for the trust config"),
Location: pulumi.String("global"),
TrustStores: certificatemanager.TrustConfigTrustStoreArray{
&certificatemanager.TrustConfigTrustStoreArgs{
TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
&certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
PemCertificate: pulumi.String(invokeFile.Result),
},
},
IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
&certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
PemCertificate: pulumi.String(invokeFile1.Result),
},
},
},
},
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
defaultServerTlsPolicy, err := networksecurity.NewServerTlsPolicy(ctx, "default", &networksecurity.ServerTlsPolicyArgs{
Name: pulumi.String("my-tls-policy"),
Description: pulumi.String("my description"),
Location: pulumi.String("global"),
AllowOpen: pulumi.Bool(false),
MtlsPolicy: &networksecurity.ServerTlsPolicyMtlsPolicyArgs{
ClientValidationMode: pulumi.String("ALLOW_INVALID_OR_MISSING_CLIENT_CERT"),
ClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("projects/%v/locations/global/trustConfigs/%v", project.Number, name), nil
}).(pulumi.StringOutput),
},
})
if err != nil {
return err
}
invokeFile2, err := std.File(ctx, &std.FileArgs{
Input: "path/to/private.key",
}, nil)
if err != nil {
return err
}
invokeFile3, err := std.File(ctx, &std.FileArgs{
Input: "path/to/certificate.crt",
}, nil)
if err != nil {
return err
}
defaultSSLCertificate, err := compute.NewSSLCertificate(ctx, "default", &compute.SSLCertificateArgs{
Name: pulumi.String("my-certificate"),
PrivateKey: pulumi.String(invokeFile2.Result),
Certificate: pulumi.String(invokeFile3.Result),
})
if err != nil {
return err
}
defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
Name: pulumi.String("http-health-check"),
RequestPath: pulumi.String("/"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
})
if err != nil {
return err
}
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
HealthChecks: defaultHttpHealthCheck.ID(),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
_, err = compute.NewTargetHttpsProxy(ctx, "default", &compute.TargetHttpsProxyArgs{
Name: pulumi.String("test-mtls-proxy"),
UrlMap: defaultURLMap.ID(),
SslCertificates: pulumi.StringArray{
defaultSSLCertificate.ID(),
},
ServerTlsPolicy: defaultServerTlsPolicy.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig("default", new()
{
Name = "my-trust-config",
Description = "sample description for the trust config",
Location = "global",
TrustStores = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
{
TrustAnchors = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/ca_cert.pem",
}).Apply(invoke => invoke.Result),
},
},
IntermediateCas = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/ca_cert.pem",
}).Apply(invoke => invoke.Result),
},
},
},
},
Labels =
{
{ "foo", "bar" },
},
});
var defaultServerTlsPolicy = new Gcp.NetworkSecurity.ServerTlsPolicy("default", new()
{
Name = "my-tls-policy",
Description = "my description",
Location = "global",
AllowOpen = false,
MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs
{
ClientValidationMode = "ALLOW_INVALID_OR_MISSING_CLIENT_CERT",
ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =>
{
var project = values.Item1;
var name = values.Item2;
return $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}/locations/global/trustConfigs/{name}";
}),
},
});
var defaultSSLCertificate = new Gcp.Compute.SSLCertificate("default", new()
{
Name = "my-certificate",
PrivateKey = Std.File.Invoke(new()
{
Input = "path/to/private.key",
}).Apply(invoke => invoke.Result),
Certificate = Std.File.Invoke(new()
{
Input = "path/to/certificate.crt",
}).Apply(invoke => invoke.Result),
});
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
{
Name = "http-health-check",
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
HealthChecks = defaultHttpHealthCheck.Id,
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var @default = new Gcp.Compute.TargetHttpsProxy("default", new()
{
Name = "test-mtls-proxy",
UrlMap = defaultURLMap.Id,
SslCertificates = new[]
{
defaultSSLCertificate.Id,
},
ServerTlsPolicy = defaultServerTlsPolicy.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.certificatemanager.TrustConfig;
import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;
import com.pulumi.gcp.networksecurity.ServerTlsPolicy;
import com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;
import com.pulumi.gcp.compute.SSLCertificate;
import com.pulumi.gcp.compute.SSLCertificateArgs;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpsProxy;
import com.pulumi.gcp.compute.TargetHttpsProxyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject();
var defaultTrustConfig = new TrustConfig("defaultTrustConfig", TrustConfigArgs.builder()
.name("my-trust-config")
.description("sample description for the trust config")
.location("global")
.trustStores(TrustConfigTrustStoreArgs.builder()
.trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/ca_cert.pem")
.build()).result())
.build())
.intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/ca_cert.pem")
.build()).result())
.build())
.build())
.labels(Map.of("foo", "bar"))
.build());
var defaultServerTlsPolicy = new ServerTlsPolicy("defaultServerTlsPolicy", ServerTlsPolicyArgs.builder()
.name("my-tls-policy")
.description("my description")
.location("global")
.allowOpen("false")
.mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()
.clientValidationMode("ALLOW_INVALID_OR_MISSING_CLIENT_CERT")
.clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -> String.format("projects/%s/locations/global/trustConfigs/%s", project.applyValue(getProjectResult -> getProjectResult.number()),name)))
.build())
.build());
var defaultSSLCertificate = new SSLCertificate("defaultSSLCertificate", SSLCertificateArgs.builder()
.name("my-certificate")
.privateKey(StdFunctions.file(FileArgs.builder()
.input("path/to/private.key")
.build()).result())
.certificate(StdFunctions.file(FileArgs.builder()
.input("path/to/certificate.crt")
.build()).result())
.build());
var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
.name("http-health-check")
.requestPath("/")
.checkIntervalSec(1)
.timeoutSec(1)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend-service")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.healthChecks(defaultHttpHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var default_ = new TargetHttpsProxy("default", TargetHttpsProxyArgs.builder()
.name("test-mtls-proxy")
.urlMap(defaultURLMap.id())
.sslCertificates(defaultSSLCertificate.id())
.serverTlsPolicy(defaultServerTlsPolicy.id())
.build());
}
}
resources:
default:
type: gcp:compute:TargetHttpsProxy
properties:
name: test-mtls-proxy
urlMap: ${defaultURLMap.id}
sslCertificates:
- ${defaultSSLCertificate.id}
serverTlsPolicy: ${defaultServerTlsPolicy.id}
defaultTrustConfig:
type: gcp:certificatemanager:TrustConfig
name: default
properties:
name: my-trust-config
description: sample description for the trust config
location: global
trustStores:
- trustAnchors:
- pemCertificate:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/ca_cert.pem
Return: result
intermediateCas:
- pemCertificate:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/ca_cert.pem
Return: result
labels:
foo: bar
defaultServerTlsPolicy:
type: gcp:networksecurity:ServerTlsPolicy
name: default
properties:
name: my-tls-policy
description: my description
location: global
allowOpen: 'false'
mtlsPolicy:
clientValidationMode: ALLOW_INVALID_OR_MISSING_CLIENT_CERT
clientValidationTrustConfig: projects/${project.number}/locations/global/trustConfigs/${defaultTrustConfig.name}
defaultSSLCertificate:
type: gcp:compute:SSLCertificate
name: default
properties:
name: my-certificate
privateKey:
fn::invoke:
Function: std:file
Arguments:
input: path/to/private.key
Return: result
certificate:
fn::invoke:
Function: std:file
Arguments:
input: path/to/certificate.crt
Return: result
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend-service
portName: http
protocol: HTTP
timeoutSec: 10
healthChecks: ${defaultHttpHealthCheck.id}
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
name: default
properties:
name: http-health-check
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
variables:
project:
fn::invoke:
Function: gcp:organizations:getProject
Arguments: {}
Target Https Proxy Certificate Manager Certificate
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const defaultCertificate = new gcp.certificatemanager.Certificate("default", {
name: "my-certificate",
scope: "ALL_REGIONS",
selfManaged: {
pemCertificate: std.file({
input: "test-fixtures/cert.pem",
}).then(invoke => invoke.result),
pemPrivateKey: std.file({
input: "test-fixtures/private-key.pem",
}).then(invoke => invoke.result),
},
});
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend-service",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
loadBalancingScheme: "INTERNAL_MANAGED",
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const _default = new gcp.compute.TargetHttpsProxy("default", {
name: "target-http-proxy",
urlMap: defaultURLMap.id,
certificateManagerCertificates: [pulumi.interpolate`//certificatemanager.googleapis.com/${defaultCertificate.id}`],
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
default_certificate = gcp.certificatemanager.Certificate("default",
name="my-certificate",
scope="ALL_REGIONS",
self_managed={
"pem_certificate": std.file(input="test-fixtures/cert.pem").result,
"pem_private_key": std.file(input="test-fixtures/private-key.pem").result,
})
default_backend_service = gcp.compute.BackendService("default",
name="backend-service",
port_name="http",
protocol="HTTP",
timeout_sec=10,
load_balancing_scheme="INTERNAL_MANAGED")
default_url_map = gcp.compute.URLMap("default",
name="url-map",
description="a description",
default_service=default_backend_service.id,
host_rules=[{
"hosts": ["mysite.com"],
"path_matcher": "allpaths",
}],
path_matchers=[{
"name": "allpaths",
"default_service": default_backend_service.id,
"path_rules": [{
"paths": ["/*"],
"service": default_backend_service.id,
}],
}])
default = gcp.compute.TargetHttpsProxy("default",
name="target-http-proxy",
url_map=default_url_map.id,
certificate_manager_certificates=[default_certificate.id.apply(lambda id: f"//certificatemanager.googleapis.com/{id}")])
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/private-key.pem",
}, nil)
if err != nil {
return err
}
defaultCertificate, err := certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
Name: pulumi.String("my-certificate"),
Scope: pulumi.String("ALL_REGIONS"),
SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
PemCertificate: pulumi.String(invokeFile.Result),
PemPrivateKey: pulumi.String(invokeFile1.Result),
},
})
if err != nil {
return err
}
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
_, err = compute.NewTargetHttpsProxy(ctx, "default", &compute.TargetHttpsProxyArgs{
Name: pulumi.String("target-http-proxy"),
UrlMap: defaultURLMap.ID(),
CertificateManagerCertificates: pulumi.StringArray{
defaultCertificate.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("//certificatemanager.googleapis.com/%v", id), nil
}).(pulumi.StringOutput),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var defaultCertificate = new Gcp.CertificateManager.Certificate("default", new()
{
Name = "my-certificate",
Scope = "ALL_REGIONS",
SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert.pem",
}).Apply(invoke => invoke.Result),
PemPrivateKey = Std.File.Invoke(new()
{
Input = "test-fixtures/private-key.pem",
}).Apply(invoke => invoke.Result),
},
});
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
LoadBalancingScheme = "INTERNAL_MANAGED",
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var @default = new Gcp.Compute.TargetHttpsProxy("default", new()
{
Name = "target-http-proxy",
UrlMap = defaultURLMap.Id,
CertificateManagerCertificates = new[]
{
defaultCertificate.Id.Apply(id => $"//certificatemanager.googleapis.com/{id}"),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpsProxy;
import com.pulumi.gcp.compute.TargetHttpsProxyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultCertificate = new Certificate("defaultCertificate", CertificateArgs.builder()
.name("my-certificate")
.scope("ALL_REGIONS")
.selfManaged(CertificateSelfManagedArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert.pem")
.build()).result())
.pemPrivateKey(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/private-key.pem")
.build()).result())
.build())
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend-service")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.loadBalancingScheme("INTERNAL_MANAGED")
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var default_ = new TargetHttpsProxy("default", TargetHttpsProxyArgs.builder()
.name("target-http-proxy")
.urlMap(defaultURLMap.id())
.certificateManagerCertificates(defaultCertificate.id().applyValue(id -> String.format("//certificatemanager.googleapis.com/%s", id)))
.build());
}
}
resources:
default:
type: gcp:compute:TargetHttpsProxy
properties:
name: target-http-proxy
urlMap: ${defaultURLMap.id}
certificateManagerCertificates: # [google_certificate_manager_certificate.default.id] is also acceptable
- //certificatemanager.googleapis.com/${defaultCertificate.id}
defaultCertificate:
type: gcp:certificatemanager:Certificate
name: default
properties:
name: my-certificate
scope: ALL_REGIONS
selfManaged:
pemCertificate:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/cert.pem
Return: result
pemPrivateKey:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/private-key.pem
Return: result
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend-service
portName: http
protocol: HTTP
timeoutSec: 10
loadBalancingScheme: INTERNAL_MANAGED
Create TargetHttpsProxy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TargetHttpsProxy(name: string, args: TargetHttpsProxyArgs, opts?: CustomResourceOptions);
@overload
def TargetHttpsProxy(resource_name: str,
args: TargetHttpsProxyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TargetHttpsProxy(resource_name: str,
opts: Optional[ResourceOptions] = None,
url_map: Optional[str] = None,
proxy_bind: Optional[bool] = None,
description: Optional[str] = None,
http_keep_alive_timeout_sec: Optional[int] = None,
name: Optional[str] = None,
project: Optional[str] = None,
certificate_manager_certificates: Optional[Sequence[str]] = None,
quic_override: Optional[str] = None,
server_tls_policy: Optional[str] = None,
ssl_certificates: Optional[Sequence[str]] = None,
ssl_policy: Optional[str] = None,
tls_early_data: Optional[str] = None,
certificate_map: Optional[str] = None)
func NewTargetHttpsProxy(ctx *Context, name string, args TargetHttpsProxyArgs, opts ...ResourceOption) (*TargetHttpsProxy, error)
public TargetHttpsProxy(string name, TargetHttpsProxyArgs args, CustomResourceOptions? opts = null)
public TargetHttpsProxy(String name, TargetHttpsProxyArgs args)
public TargetHttpsProxy(String name, TargetHttpsProxyArgs args, CustomResourceOptions options)
type: gcp:compute:TargetHttpsProxy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TargetHttpsProxyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TargetHttpsProxyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TargetHttpsProxyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TargetHttpsProxyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TargetHttpsProxyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var targetHttpsProxyResource = new Gcp.Compute.TargetHttpsProxy("targetHttpsProxyResource", new()
{
UrlMap = "string",
ProxyBind = false,
Description = "string",
HttpKeepAliveTimeoutSec = 0,
Name = "string",
Project = "string",
CertificateManagerCertificates = new[]
{
"string",
},
QuicOverride = "string",
ServerTlsPolicy = "string",
SslCertificates = new[]
{
"string",
},
SslPolicy = "string",
TlsEarlyData = "string",
CertificateMap = "string",
});
example, err := compute.NewTargetHttpsProxy(ctx, "targetHttpsProxyResource", &compute.TargetHttpsProxyArgs{
UrlMap: pulumi.String("string"),
ProxyBind: pulumi.Bool(false),
Description: pulumi.String("string"),
HttpKeepAliveTimeoutSec: pulumi.Int(0),
Name: pulumi.String("string"),
Project: pulumi.String("string"),
CertificateManagerCertificates: pulumi.StringArray{
pulumi.String("string"),
},
QuicOverride: pulumi.String("string"),
ServerTlsPolicy: pulumi.String("string"),
SslCertificates: pulumi.StringArray{
pulumi.String("string"),
},
SslPolicy: pulumi.String("string"),
TlsEarlyData: pulumi.String("string"),
CertificateMap: pulumi.String("string"),
})
var targetHttpsProxyResource = new TargetHttpsProxy("targetHttpsProxyResource", TargetHttpsProxyArgs.builder()
.urlMap("string")
.proxyBind(false)
.description("string")
.httpKeepAliveTimeoutSec(0)
.name("string")
.project("string")
.certificateManagerCertificates("string")
.quicOverride("string")
.serverTlsPolicy("string")
.sslCertificates("string")
.sslPolicy("string")
.tlsEarlyData("string")
.certificateMap("string")
.build());
target_https_proxy_resource = gcp.compute.TargetHttpsProxy("targetHttpsProxyResource",
url_map="string",
proxy_bind=False,
description="string",
http_keep_alive_timeout_sec=0,
name="string",
project="string",
certificate_manager_certificates=["string"],
quic_override="string",
server_tls_policy="string",
ssl_certificates=["string"],
ssl_policy="string",
tls_early_data="string",
certificate_map="string")
const targetHttpsProxyResource = new gcp.compute.TargetHttpsProxy("targetHttpsProxyResource", {
urlMap: "string",
proxyBind: false,
description: "string",
httpKeepAliveTimeoutSec: 0,
name: "string",
project: "string",
certificateManagerCertificates: ["string"],
quicOverride: "string",
serverTlsPolicy: "string",
sslCertificates: ["string"],
sslPolicy: "string",
tlsEarlyData: "string",
certificateMap: "string",
});
type: gcp:compute:TargetHttpsProxy
properties:
certificateManagerCertificates:
- string
certificateMap: string
description: string
httpKeepAliveTimeoutSec: 0
name: string
project: string
proxyBind: false
quicOverride: string
serverTlsPolicy: string
sslCertificates:
- string
sslPolicy: string
tlsEarlyData: string
urlMap: string
TargetHttpsProxy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The TargetHttpsProxy resource accepts the following input properties:
- Url
Map string - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- Certificate
Manager List<string>Certificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- Certificate
Map string - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - Description string
- An optional description of this resource.
- Http
Keep intAlive Timeout Sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- Name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Proxy
Bind bool - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- Quic
Override string - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - Server
Tls stringPolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- Ssl
Certificates List<string> - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- Ssl
Policy string - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- Tls
Early stringData - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
.
- Url
Map string - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- Certificate
Manager []stringCertificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- Certificate
Map string - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - Description string
- An optional description of this resource.
- Http
Keep intAlive Timeout Sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- Name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Proxy
Bind bool - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- Quic
Override string - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - Server
Tls stringPolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- Ssl
Certificates []string - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- Ssl
Policy string - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- Tls
Early stringData - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
.
- url
Map String - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- certificate
Manager List<String>Certificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- certificate
Map String - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - description String
- An optional description of this resource.
- http
Keep IntegerAlive Timeout Sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- name String
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- proxy
Bind Boolean - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- quic
Override String - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - server
Tls StringPolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- ssl
Certificates List<String> - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- ssl
Policy String - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- tls
Early StringData - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
.
- url
Map string - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- certificate
Manager string[]Certificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- certificate
Map string - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - description string
- An optional description of this resource.
- http
Keep numberAlive Timeout Sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- proxy
Bind boolean - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- quic
Override string - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - server
Tls stringPolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- ssl
Certificates string[] - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- ssl
Policy string - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- tls
Early stringData - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
.
- url_
map str - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- certificate_
manager_ Sequence[str]certificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- certificate_
map str - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - description str
- An optional description of this resource.
- http_
keep_ intalive_ timeout_ sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- name str
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- proxy_
bind bool - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- quic_
override str - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - server_
tls_ strpolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- ssl_
certificates Sequence[str] - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- ssl_
policy str - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- tls_
early_ strdata - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
.
- url
Map String - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- certificate
Manager List<String>Certificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- certificate
Map String - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - description String
- An optional description of this resource.
- http
Keep NumberAlive Timeout Sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- name String
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- proxy
Bind Boolean - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- quic
Override String - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - server
Tls StringPolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- ssl
Certificates List<String> - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- ssl
Policy String - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- tls
Early StringData - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
.
Outputs
All input properties are implicitly available as output properties. Additionally, the TargetHttpsProxy resource produces the following output properties:
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Proxy
Id int - The unique identifier for the resource.
- Self
Link string - The URI of the created resource.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Proxy
Id int - The unique identifier for the resource.
- Self
Link string - The URI of the created resource.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- id String
- The provider-assigned unique ID for this managed resource.
- proxy
Id Integer - The unique identifier for the resource.
- self
Link String - The URI of the created resource.
- creation
Timestamp string - Creation timestamp in RFC3339 text format.
- id string
- The provider-assigned unique ID for this managed resource.
- proxy
Id number - The unique identifier for the resource.
- self
Link string - The URI of the created resource.
- creation_
timestamp str - Creation timestamp in RFC3339 text format.
- id str
- The provider-assigned unique ID for this managed resource.
- proxy_
id int - The unique identifier for the resource.
- self_
link str - The URI of the created resource.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- id String
- The provider-assigned unique ID for this managed resource.
- proxy
Id Number - The unique identifier for the resource.
- self
Link String - The URI of the created resource.
Look up Existing TargetHttpsProxy Resource
Get an existing TargetHttpsProxy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TargetHttpsProxyState, opts?: CustomResourceOptions): TargetHttpsProxy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
certificate_manager_certificates: Optional[Sequence[str]] = None,
certificate_map: Optional[str] = None,
creation_timestamp: Optional[str] = None,
description: Optional[str] = None,
http_keep_alive_timeout_sec: Optional[int] = None,
name: Optional[str] = None,
project: Optional[str] = None,
proxy_bind: Optional[bool] = None,
proxy_id: Optional[int] = None,
quic_override: Optional[str] = None,
self_link: Optional[str] = None,
server_tls_policy: Optional[str] = None,
ssl_certificates: Optional[Sequence[str]] = None,
ssl_policy: Optional[str] = None,
tls_early_data: Optional[str] = None,
url_map: Optional[str] = None) -> TargetHttpsProxy
func GetTargetHttpsProxy(ctx *Context, name string, id IDInput, state *TargetHttpsProxyState, opts ...ResourceOption) (*TargetHttpsProxy, error)
public static TargetHttpsProxy Get(string name, Input<string> id, TargetHttpsProxyState? state, CustomResourceOptions? opts = null)
public static TargetHttpsProxy get(String name, Output<String> id, TargetHttpsProxyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Certificate
Manager List<string>Certificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- Certificate
Map string - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Description string
- An optional description of this resource.
- Http
Keep intAlive Timeout Sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- Name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Proxy
Bind bool - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- Proxy
Id int - The unique identifier for the resource.
- Quic
Override string - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - Self
Link string - The URI of the created resource.
- Server
Tls stringPolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- Ssl
Certificates List<string> - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- Ssl
Policy string - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- Tls
Early stringData - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
. - Url
Map string - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- Certificate
Manager []stringCertificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- Certificate
Map string - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Description string
- An optional description of this resource.
- Http
Keep intAlive Timeout Sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- Name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Proxy
Bind bool - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- Proxy
Id int - The unique identifier for the resource.
- Quic
Override string - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - Self
Link string - The URI of the created resource.
- Server
Tls stringPolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- Ssl
Certificates []string - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- Ssl
Policy string - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- Tls
Early stringData - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
. - Url
Map string - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- certificate
Manager List<String>Certificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- certificate
Map String - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - creation
Timestamp String - Creation timestamp in RFC3339 text format.
- description String
- An optional description of this resource.
- http
Keep IntegerAlive Timeout Sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- name String
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- proxy
Bind Boolean - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- proxy
Id Integer - The unique identifier for the resource.
- quic
Override String - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - self
Link String - The URI of the created resource.
- server
Tls StringPolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- ssl
Certificates List<String> - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- ssl
Policy String - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- tls
Early StringData - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
. - url
Map String - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- certificate
Manager string[]Certificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- certificate
Map string - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - creation
Timestamp string - Creation timestamp in RFC3339 text format.
- description string
- An optional description of this resource.
- http
Keep numberAlive Timeout Sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- proxy
Bind boolean - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- proxy
Id number - The unique identifier for the resource.
- quic
Override string - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - self
Link string - The URI of the created resource.
- server
Tls stringPolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- ssl
Certificates string[] - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- ssl
Policy string - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- tls
Early stringData - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
. - url
Map string - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- certificate_
manager_ Sequence[str]certificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- certificate_
map str - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - creation_
timestamp str - Creation timestamp in RFC3339 text format.
- description str
- An optional description of this resource.
- http_
keep_ intalive_ timeout_ sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- name str
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- proxy_
bind bool - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- proxy_
id int - The unique identifier for the resource.
- quic_
override str - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - self_
link str - The URI of the created resource.
- server_
tls_ strpolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- ssl_
certificates Sequence[str] - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- ssl_
policy str - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- tls_
early_ strdata - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
. - url_
map str - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
- certificate
Manager List<String>Certificates - URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.
For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_linkprojects/{project}/locations/{location}/certificates/{resourceName}
- certificate
Map String - A reference to the CertificateMap resource uri that identifies a certificate map
associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.
For INTERNAL_MANAGED, use certificate_manager_certificates instead.
Accepted format is
//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}
. - creation
Timestamp String - Creation timestamp in RFC3339 text format.
- description String
- An optional description of this resource.
- http
Keep NumberAlive Timeout Sec - Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value will be used. For Global external HTTP(S) load balancer, the default value is 610 seconds, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For cross-region internal HTTP(S) load balancer, the default value is 600 seconds, the minimum allowed value is 5 seconds, and the maximum allowed value is 600 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.
- name String
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- proxy
Bind Boolean - This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.
- proxy
Id Number - The unique identifier for the resource.
- quic
Override String - Specifies the QUIC override policy for this resource. This determines
whether the load balancer will attempt to negotiate QUIC with clients
or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is
specified, Google manages whether QUIC is used.
Default value is
NONE
. Possible values are:NONE
,ENABLE
,DISABLE
. - self
Link String - The URI of the created resource.
- server
Tls StringPolicy - A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this.
- ssl
Certificates List<String> - URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. sslCertificates and certificateManagerCertificates can not be defined together.
- ssl
Policy String - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured.
- tls
Early StringData - Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
Early Data allows a TLS resumption handshake to include the initial application payload
(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
Possible values are:
STRICT
,PERMISSIVE
,DISABLED
. - url
Map String - A reference to the UrlMap resource that defines the mapping from URL
to the BackendService.
Import
TargetHttpsProxy can be imported using any of these accepted formats:
projects/{{project}}/global/targetHttpsProxies/{{name}}
{{project}}/{{name}}
{{name}}
When using the pulumi import
command, TargetHttpsProxy can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default projects/{{project}}/global/targetHttpsProxies/{{name}}
$ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default {{project}}/{{name}}
$ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.