Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.networksecurity/v1beta1.ServerTlsPolicy
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates a new ServerTlsPolicy in a given project and location.
Create ServerTlsPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServerTlsPolicy(name: string, args: ServerTlsPolicyArgs, opts?: CustomResourceOptions);
@overload
def ServerTlsPolicy(resource_name: str,
args: ServerTlsPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServerTlsPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
server_tls_policy_id: Optional[str] = None,
allow_open: Optional[bool] = None,
description: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
mtls_policy: Optional[MTLSPolicyArgs] = None,
name: Optional[str] = None,
project: Optional[str] = None,
server_certificate: Optional[GoogleCloudNetworksecurityV1beta1CertificateProviderArgs] = None)
func NewServerTlsPolicy(ctx *Context, name string, args ServerTlsPolicyArgs, opts ...ResourceOption) (*ServerTlsPolicy, error)
public ServerTlsPolicy(string name, ServerTlsPolicyArgs args, CustomResourceOptions? opts = null)
public ServerTlsPolicy(String name, ServerTlsPolicyArgs args)
public ServerTlsPolicy(String name, ServerTlsPolicyArgs args, CustomResourceOptions options)
type: google-native:networksecurity/v1beta1:ServerTlsPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServerTlsPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServerTlsPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServerTlsPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServerTlsPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServerTlsPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var google_nativeServerTlsPolicyResource = new GoogleNative.NetworkSecurity.V1Beta1.ServerTlsPolicy("google-nativeServerTlsPolicyResource", new()
{
ServerTlsPolicyId = "string",
AllowOpen = false,
Description = "string",
Labels =
{
{ "string", "string" },
},
Location = "string",
MtlsPolicy = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.MTLSPolicyArgs
{
ClientValidationCa = new[]
{
new GoogleNative.NetworkSecurity.V1Beta1.Inputs.ValidationCAArgs
{
CertificateProviderInstance = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.CertificateProviderInstanceArgs
{
PluginInstance = "string",
},
GrpcEndpoint = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs
{
TargetUri = "string",
},
},
},
ClientValidationMode = GoogleNative.NetworkSecurity.V1Beta1.MTLSPolicyClientValidationMode.ClientValidationModeUnspecified,
ClientValidationTrustConfig = "string",
},
Name = "string",
Project = "string",
ServerCertificate = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1CertificateProviderArgs
{
CertificateProviderInstance = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.CertificateProviderInstanceArgs
{
PluginInstance = "string",
},
GrpcEndpoint = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs
{
TargetUri = "string",
},
},
});
example, err := networksecurityv1beta1.NewServerTlsPolicy(ctx, "google-nativeServerTlsPolicyResource", &networksecurityv1beta1.ServerTlsPolicyArgs{
ServerTlsPolicyId: pulumi.String("string"),
AllowOpen: pulumi.Bool(false),
Description: pulumi.String("string"),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Location: pulumi.String("string"),
MtlsPolicy: &networksecurity.MTLSPolicyArgs{
ClientValidationCa: networksecurity.ValidationCAArray{
&networksecurity.ValidationCAArgs{
CertificateProviderInstance: &networksecurity.CertificateProviderInstanceArgs{
PluginInstance: pulumi.String("string"),
},
GrpcEndpoint: &networksecurity.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs{
TargetUri: pulumi.String("string"),
},
},
},
ClientValidationMode: networksecurityv1beta1.MTLSPolicyClientValidationModeClientValidationModeUnspecified,
ClientValidationTrustConfig: pulumi.String("string"),
},
Name: pulumi.String("string"),
Project: pulumi.String("string"),
ServerCertificate: &networksecurity.GoogleCloudNetworksecurityV1beta1CertificateProviderArgs{
CertificateProviderInstance: &networksecurity.CertificateProviderInstanceArgs{
PluginInstance: pulumi.String("string"),
},
GrpcEndpoint: &networksecurity.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs{
TargetUri: pulumi.String("string"),
},
},
})
var google_nativeServerTlsPolicyResource = new ServerTlsPolicy("google-nativeServerTlsPolicyResource", ServerTlsPolicyArgs.builder()
.serverTlsPolicyId("string")
.allowOpen(false)
.description("string")
.labels(Map.of("string", "string"))
.location("string")
.mtlsPolicy(MTLSPolicyArgs.builder()
.clientValidationCa(ValidationCAArgs.builder()
.certificateProviderInstance(CertificateProviderInstanceArgs.builder()
.pluginInstance("string")
.build())
.grpcEndpoint(GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs.builder()
.targetUri("string")
.build())
.build())
.clientValidationMode("CLIENT_VALIDATION_MODE_UNSPECIFIED")
.clientValidationTrustConfig("string")
.build())
.name("string")
.project("string")
.serverCertificate(GoogleCloudNetworksecurityV1beta1CertificateProviderArgs.builder()
.certificateProviderInstance(CertificateProviderInstanceArgs.builder()
.pluginInstance("string")
.build())
.grpcEndpoint(GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs.builder()
.targetUri("string")
.build())
.build())
.build());
google_native_server_tls_policy_resource = google_native.networksecurity.v1beta1.ServerTlsPolicy("google-nativeServerTlsPolicyResource",
server_tls_policy_id="string",
allow_open=False,
description="string",
labels={
"string": "string",
},
location="string",
mtls_policy=google_native.networksecurity.v1beta1.MTLSPolicyArgs(
client_validation_ca=[google_native.networksecurity.v1beta1.ValidationCAArgs(
certificate_provider_instance=google_native.networksecurity.v1beta1.CertificateProviderInstanceArgs(
plugin_instance="string",
),
grpc_endpoint=google_native.networksecurity.v1beta1.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs(
target_uri="string",
),
)],
client_validation_mode=google_native.networksecurity.v1beta1.MTLSPolicyClientValidationMode.CLIENT_VALIDATION_MODE_UNSPECIFIED,
client_validation_trust_config="string",
),
name="string",
project="string",
server_certificate=google_native.networksecurity.v1beta1.GoogleCloudNetworksecurityV1beta1CertificateProviderArgs(
certificate_provider_instance=google_native.networksecurity.v1beta1.CertificateProviderInstanceArgs(
plugin_instance="string",
),
grpc_endpoint=google_native.networksecurity.v1beta1.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs(
target_uri="string",
),
))
const google_nativeServerTlsPolicyResource = new google_native.networksecurity.v1beta1.ServerTlsPolicy("google-nativeServerTlsPolicyResource", {
serverTlsPolicyId: "string",
allowOpen: false,
description: "string",
labels: {
string: "string",
},
location: "string",
mtlsPolicy: {
clientValidationCa: [{
certificateProviderInstance: {
pluginInstance: "string",
},
grpcEndpoint: {
targetUri: "string",
},
}],
clientValidationMode: google_native.networksecurity.v1beta1.MTLSPolicyClientValidationMode.ClientValidationModeUnspecified,
clientValidationTrustConfig: "string",
},
name: "string",
project: "string",
serverCertificate: {
certificateProviderInstance: {
pluginInstance: "string",
},
grpcEndpoint: {
targetUri: "string",
},
},
});
type: google-native:networksecurity/v1beta1:ServerTlsPolicy
properties:
allowOpen: false
description: string
labels:
string: string
location: string
mtlsPolicy:
clientValidationCa:
- certificateProviderInstance:
pluginInstance: string
grpcEndpoint:
targetUri: string
clientValidationMode: CLIENT_VALIDATION_MODE_UNSPECIFIED
clientValidationTrustConfig: string
name: string
project: string
serverCertificate:
certificateProviderInstance:
pluginInstance: string
grpcEndpoint:
targetUri: string
serverTlsPolicyId: string
ServerTlsPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ServerTlsPolicy resource accepts the following input properties:
- Server
Tls stringPolicy Id - Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
- Allow
Open bool - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80. - Description string
- Free-text description of the resource.
- Labels Dictionary<string, string>
- Set of label tags associated with the resource.
- Location string
- Mtls
Policy Pulumi.Google Native. Network Security. V1Beta1. Inputs. MTLSPolicy - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. - Name string
- Name of the ServerTlsPolicy resource. It matches the pattern
projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
- Project string
- Server
Certificate Pulumi.Google Native. Network Security. V1Beta1. Inputs. Google Cloud Networksecurity V1beta1Certificate Provider - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with
allow_open
as a permissive mode that allows both plain text and TLS is not supported.
- Server
Tls stringPolicy Id - Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
- Allow
Open bool - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80. - Description string
- Free-text description of the resource.
- Labels map[string]string
- Set of label tags associated with the resource.
- Location string
- Mtls
Policy MTLSPolicyArgs - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. - Name string
- Name of the ServerTlsPolicy resource. It matches the pattern
projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
- Project string
- Server
Certificate GoogleCloud Networksecurity V1beta1Certificate Provider Args - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with
allow_open
as a permissive mode that allows both plain text and TLS is not supported.
- server
Tls StringPolicy Id - Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
- allow
Open Boolean - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80. - description String
- Free-text description of the resource.
- labels Map<String,String>
- Set of label tags associated with the resource.
- location String
- mtls
Policy MTLSPolicy - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. - name String
- Name of the ServerTlsPolicy resource. It matches the pattern
projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
- project String
- server
Certificate GoogleCloud Networksecurity V1beta1Certificate Provider - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with
allow_open
as a permissive mode that allows both plain text and TLS is not supported.
- server
Tls stringPolicy Id - Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
- allow
Open boolean - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80. - description string
- Free-text description of the resource.
- labels {[key: string]: string}
- Set of label tags associated with the resource.
- location string
- mtls
Policy MTLSPolicy - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. - name string
- Name of the ServerTlsPolicy resource. It matches the pattern
projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
- project string
- server
Certificate GoogleCloud Networksecurity V1beta1Certificate Provider - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with
allow_open
as a permissive mode that allows both plain text and TLS is not supported.
- server_
tls_ strpolicy_ id - Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
- allow_
open bool - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80. - description str
- Free-text description of the resource.
- labels Mapping[str, str]
- Set of label tags associated with the resource.
- location str
- mtls_
policy MTLSPolicyArgs - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. - name str
- Name of the ServerTlsPolicy resource. It matches the pattern
projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
- project str
- server_
certificate GoogleCloud Networksecurity V1beta1Certificate Provider Args - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with
allow_open
as a permissive mode that allows both plain text and TLS is not supported.
- server
Tls StringPolicy Id - Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
- allow
Open Boolean - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80. - description String
- Free-text description of the resource.
- labels Map<String>
- Set of label tags associated with the resource.
- location String
- mtls
Policy Property Map - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If
allow_open
andmtls_policy
are set, server allows both plain text and mTLS connections. - name String
- Name of the ServerTlsPolicy resource. It matches the pattern
projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
- project String
- server
Certificate Property Map - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with
allow_open
as a permissive mode that allows both plain text and TLS is not supported.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServerTlsPolicy resource produces the following output properties:
- Create
Time string - The timestamp when the resource was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Update
Time string - The timestamp when the resource was updated.
- Create
Time string - The timestamp when the resource was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Update
Time string - The timestamp when the resource was updated.
- create
Time String - The timestamp when the resource was created.
- id String
- The provider-assigned unique ID for this managed resource.
- update
Time String - The timestamp when the resource was updated.
- create
Time string - The timestamp when the resource was created.
- id string
- The provider-assigned unique ID for this managed resource.
- update
Time string - The timestamp when the resource was updated.
- create_
time str - The timestamp when the resource was created.
- id str
- The provider-assigned unique ID for this managed resource.
- update_
time str - The timestamp when the resource was updated.
- create
Time String - The timestamp when the resource was created.
- id String
- The provider-assigned unique ID for this managed resource.
- update
Time String - The timestamp when the resource was updated.
Supporting Types
CertificateProviderInstance, CertificateProviderInstanceArgs
- Plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- Plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance String - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin_
instance str - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance String - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
CertificateProviderInstanceResponse, CertificateProviderInstanceResponseArgs
- Plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- Plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance String - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance string - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin_
instance str - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
- plugin
Instance String - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
GoogleCloudNetworksecurityV1beta1CertificateProvider, GoogleCloudNetworksecurityV1beta1CertificateProviderArgs
- Certificate
Provider Pulumi.Instance Google Native. Network Security. V1Beta1. Inputs. Certificate Provider Instance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- Grpc
Endpoint Pulumi.Google Native. Network Security. V1Beta1. Inputs. Google Cloud Networksecurity V1beta1Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
- Certificate
Provider CertificateInstance Provider Instance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- Grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
- certificate
Provider CertificateInstance Provider Instance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
- certificate
Provider CertificateInstance Provider Instance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
- certificate_
provider_ Certificateinstance Provider Instance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc_
endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
- certificate
Provider Property MapInstance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint Property Map - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
GoogleCloudNetworksecurityV1beta1CertificateProviderResponse, GoogleCloudNetworksecurityV1beta1CertificateProviderResponseArgs
- Certificate
Provider Pulumi.Instance Google Native. Network Security. V1Beta1. Inputs. Certificate Provider Instance Response - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- Grpc
Endpoint Pulumi.Google Native. Network Security. V1Beta1. Inputs. Google Cloud Networksecurity V1beta1Grpc Endpoint Response - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
- Certificate
Provider CertificateInstance Provider Instance Response - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- Grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint Response - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
- certificate
Provider CertificateInstance Provider Instance Response - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint Response - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
- certificate
Provider CertificateInstance Provider Instance Response - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint Response - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
- certificate_
provider_ Certificateinstance Provider Instance Response - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc_
endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint Response - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
- certificate
Provider Property MapInstance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint Property Map - gRPC specific configuration to access the gRPC server to obtain the cert and private key.
GoogleCloudNetworksecurityV1beta1GrpcEndpoint, GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs
- Target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- Target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri String - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target_
uri str - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri String - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse, GoogleCloudNetworksecurityV1beta1GrpcEndpointResponseArgs
- Target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- Target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri String - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri string - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target_
uri str - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
- target
Uri String - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
MTLSPolicy, MTLSPolicyArgs
- Client
Validation List<Pulumi.Ca Google Native. Network Security. V1Beta1. Inputs. Validation CA> - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- Client
Validation Pulumi.Mode Google Native. Network Security. V1Beta1. MTLSPolicy Client Validation Mode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - Client
Validation stringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- Client
Validation []ValidationCa CA - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- Client
Validation MTLSPolicyMode Client Validation Mode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - Client
Validation stringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client
Validation List<ValidationCa CA> - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- client
Validation MTLSPolicyMode Client Validation Mode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - client
Validation StringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client
Validation ValidationCa CA[] - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- client
Validation MTLSPolicyMode Client Validation Mode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - client
Validation stringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client_
validation_ Sequence[Validationca CA] - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- client_
validation_ MTLSPolicymode Client Validation Mode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - client_
validation_ strtrust_ config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client
Validation List<Property Map>Ca - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- client
Validation "CLIENT_VALIDATION_MODE_UNSPECIFIED" | "ALLOW_INVALID_OR_MISSING_CLIENT_CERT" | "REJECT_INVALID"Mode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - client
Validation StringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
MTLSPolicyClientValidationMode, MTLSPolicyClientValidationModeArgs
- Client
Validation Mode Unspecified - CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
- Allow
Invalid Or Missing Client Cert - ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
- Reject
Invalid - REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in
client_validation_trust_config
.
- MTLSPolicy
Client Validation Mode Client Validation Mode Unspecified - CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
- MTLSPolicy
Client Validation Mode Allow Invalid Or Missing Client Cert - ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
- MTLSPolicy
Client Validation Mode Reject Invalid - REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in
client_validation_trust_config
.
- Client
Validation Mode Unspecified - CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
- Allow
Invalid Or Missing Client Cert - ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
- Reject
Invalid - REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in
client_validation_trust_config
.
- Client
Validation Mode Unspecified - CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
- Allow
Invalid Or Missing Client Cert - ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
- Reject
Invalid - REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in
client_validation_trust_config
.
- CLIENT_VALIDATION_MODE_UNSPECIFIED
- CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
- ALLOW_INVALID_OR_MISSING_CLIENT_CERT
- ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
- REJECT_INVALID
- REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in
client_validation_trust_config
.
- "CLIENT_VALIDATION_MODE_UNSPECIFIED"
- CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
- "ALLOW_INVALID_OR_MISSING_CLIENT_CERT"
- ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
- "REJECT_INVALID"
- REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in
client_validation_trust_config
.
MTLSPolicyResponse, MTLSPolicyResponseArgs
- Client
Validation List<Pulumi.Ca Google Native. Network Security. V1Beta1. Inputs. Validation CAResponse> - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- Client
Validation stringMode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - Client
Validation stringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- Client
Validation []ValidationCa CAResponse - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- Client
Validation stringMode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - Client
Validation stringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client
Validation List<ValidationCa CAResponse> - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- client
Validation StringMode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - client
Validation StringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client
Validation ValidationCa CAResponse[] - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- client
Validation stringMode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - client
Validation stringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client_
validation_ Sequence[Validationca CAResponse] - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- client_
validation_ strmode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - client_
validation_ strtrust_ config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
- client
Validation List<Property Map>Ca - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
- client
Validation StringMode - When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_mode
specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - client
Validation StringTrust Config - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
ValidationCA, ValidationCAArgs
- Certificate
Provider Pulumi.Instance Google Native. Network Security. V1Beta1. Inputs. Certificate Provider Instance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- Grpc
Endpoint Pulumi.Google Native. Network Security. V1Beta1. Inputs. Google Cloud Networksecurity V1beta1Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
- Certificate
Provider CertificateInstance Provider Instance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- Grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
- certificate
Provider CertificateInstance Provider Instance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
- certificate
Provider CertificateInstance Provider Instance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
- certificate_
provider_ Certificateinstance Provider Instance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc_
endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
- certificate
Provider Property MapInstance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint Property Map - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
ValidationCAResponse, ValidationCAResponseArgs
- Certificate
Provider Pulumi.Instance Google Native. Network Security. V1Beta1. Inputs. Certificate Provider Instance Response - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- Grpc
Endpoint Pulumi.Google Native. Network Security. V1Beta1. Inputs. Google Cloud Networksecurity V1beta1Grpc Endpoint Response - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
- Certificate
Provider CertificateInstance Provider Instance Response - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- Grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint Response - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
- certificate
Provider CertificateInstance Provider Instance Response - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint Response - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
- certificate
Provider CertificateInstance Provider Instance Response - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint Response - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
- certificate_
provider_ Certificateinstance Provider Instance Response - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc_
endpoint GoogleCloud Networksecurity V1beta1Grpc Endpoint Response - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
- certificate
Provider Property MapInstance - The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
- grpc
Endpoint Property Map - gRPC specific configuration to access the gRPC server to obtain the CA certificate.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.