1. Packages
  2. Google Cloud Native
  3. API Docs
  4. networksecurity
  5. networksecurity/v1beta1
  6. ServerTlsPolicy

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.networksecurity/v1beta1.ServerTlsPolicy

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Creates a new ServerTlsPolicy in a given project and location.

    Create ServerTlsPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ServerTlsPolicy(name: string, args: ServerTlsPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def ServerTlsPolicy(resource_name: str,
                        args: ServerTlsPolicyArgs,
                        opts: Optional[ResourceOptions] = None)
    
    @overload
    def ServerTlsPolicy(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        server_tls_policy_id: Optional[str] = None,
                        allow_open: Optional[bool] = None,
                        description: Optional[str] = None,
                        labels: Optional[Mapping[str, str]] = None,
                        location: Optional[str] = None,
                        mtls_policy: Optional[MTLSPolicyArgs] = None,
                        name: Optional[str] = None,
                        project: Optional[str] = None,
                        server_certificate: Optional[GoogleCloudNetworksecurityV1beta1CertificateProviderArgs] = None)
    func NewServerTlsPolicy(ctx *Context, name string, args ServerTlsPolicyArgs, opts ...ResourceOption) (*ServerTlsPolicy, error)
    public ServerTlsPolicy(string name, ServerTlsPolicyArgs args, CustomResourceOptions? opts = null)
    public ServerTlsPolicy(String name, ServerTlsPolicyArgs args)
    public ServerTlsPolicy(String name, ServerTlsPolicyArgs args, CustomResourceOptions options)
    
    type: google-native:networksecurity/v1beta1:ServerTlsPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ServerTlsPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ServerTlsPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ServerTlsPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ServerTlsPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ServerTlsPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var google_nativeServerTlsPolicyResource = new GoogleNative.NetworkSecurity.V1Beta1.ServerTlsPolicy("google-nativeServerTlsPolicyResource", new()
    {
        ServerTlsPolicyId = "string",
        AllowOpen = false,
        Description = "string",
        Labels = 
        {
            { "string", "string" },
        },
        Location = "string",
        MtlsPolicy = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.MTLSPolicyArgs
        {
            ClientValidationCa = new[]
            {
                new GoogleNative.NetworkSecurity.V1Beta1.Inputs.ValidationCAArgs
                {
                    CertificateProviderInstance = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.CertificateProviderInstanceArgs
                    {
                        PluginInstance = "string",
                    },
                    GrpcEndpoint = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs
                    {
                        TargetUri = "string",
                    },
                },
            },
            ClientValidationMode = GoogleNative.NetworkSecurity.V1Beta1.MTLSPolicyClientValidationMode.ClientValidationModeUnspecified,
            ClientValidationTrustConfig = "string",
        },
        Name = "string",
        Project = "string",
        ServerCertificate = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1CertificateProviderArgs
        {
            CertificateProviderInstance = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.CertificateProviderInstanceArgs
            {
                PluginInstance = "string",
            },
            GrpcEndpoint = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs
            {
                TargetUri = "string",
            },
        },
    });
    
    example, err := networksecurityv1beta1.NewServerTlsPolicy(ctx, "google-nativeServerTlsPolicyResource", &networksecurityv1beta1.ServerTlsPolicyArgs{
    	ServerTlsPolicyId: pulumi.String("string"),
    	AllowOpen:         pulumi.Bool(false),
    	Description:       pulumi.String("string"),
    	Labels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Location: pulumi.String("string"),
    	MtlsPolicy: &networksecurity.MTLSPolicyArgs{
    		ClientValidationCa: networksecurity.ValidationCAArray{
    			&networksecurity.ValidationCAArgs{
    				CertificateProviderInstance: &networksecurity.CertificateProviderInstanceArgs{
    					PluginInstance: pulumi.String("string"),
    				},
    				GrpcEndpoint: &networksecurity.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs{
    					TargetUri: pulumi.String("string"),
    				},
    			},
    		},
    		ClientValidationMode:        networksecurityv1beta1.MTLSPolicyClientValidationModeClientValidationModeUnspecified,
    		ClientValidationTrustConfig: pulumi.String("string"),
    	},
    	Name:    pulumi.String("string"),
    	Project: pulumi.String("string"),
    	ServerCertificate: &networksecurity.GoogleCloudNetworksecurityV1beta1CertificateProviderArgs{
    		CertificateProviderInstance: &networksecurity.CertificateProviderInstanceArgs{
    			PluginInstance: pulumi.String("string"),
    		},
    		GrpcEndpoint: &networksecurity.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs{
    			TargetUri: pulumi.String("string"),
    		},
    	},
    })
    
    var google_nativeServerTlsPolicyResource = new ServerTlsPolicy("google-nativeServerTlsPolicyResource", ServerTlsPolicyArgs.builder()
        .serverTlsPolicyId("string")
        .allowOpen(false)
        .description("string")
        .labels(Map.of("string", "string"))
        .location("string")
        .mtlsPolicy(MTLSPolicyArgs.builder()
            .clientValidationCa(ValidationCAArgs.builder()
                .certificateProviderInstance(CertificateProviderInstanceArgs.builder()
                    .pluginInstance("string")
                    .build())
                .grpcEndpoint(GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs.builder()
                    .targetUri("string")
                    .build())
                .build())
            .clientValidationMode("CLIENT_VALIDATION_MODE_UNSPECIFIED")
            .clientValidationTrustConfig("string")
            .build())
        .name("string")
        .project("string")
        .serverCertificate(GoogleCloudNetworksecurityV1beta1CertificateProviderArgs.builder()
            .certificateProviderInstance(CertificateProviderInstanceArgs.builder()
                .pluginInstance("string")
                .build())
            .grpcEndpoint(GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs.builder()
                .targetUri("string")
                .build())
            .build())
        .build());
    
    google_native_server_tls_policy_resource = google_native.networksecurity.v1beta1.ServerTlsPolicy("google-nativeServerTlsPolicyResource",
        server_tls_policy_id="string",
        allow_open=False,
        description="string",
        labels={
            "string": "string",
        },
        location="string",
        mtls_policy=google_native.networksecurity.v1beta1.MTLSPolicyArgs(
            client_validation_ca=[google_native.networksecurity.v1beta1.ValidationCAArgs(
                certificate_provider_instance=google_native.networksecurity.v1beta1.CertificateProviderInstanceArgs(
                    plugin_instance="string",
                ),
                grpc_endpoint=google_native.networksecurity.v1beta1.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs(
                    target_uri="string",
                ),
            )],
            client_validation_mode=google_native.networksecurity.v1beta1.MTLSPolicyClientValidationMode.CLIENT_VALIDATION_MODE_UNSPECIFIED,
            client_validation_trust_config="string",
        ),
        name="string",
        project="string",
        server_certificate=google_native.networksecurity.v1beta1.GoogleCloudNetworksecurityV1beta1CertificateProviderArgs(
            certificate_provider_instance=google_native.networksecurity.v1beta1.CertificateProviderInstanceArgs(
                plugin_instance="string",
            ),
            grpc_endpoint=google_native.networksecurity.v1beta1.GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs(
                target_uri="string",
            ),
        ))
    
    const google_nativeServerTlsPolicyResource = new google_native.networksecurity.v1beta1.ServerTlsPolicy("google-nativeServerTlsPolicyResource", {
        serverTlsPolicyId: "string",
        allowOpen: false,
        description: "string",
        labels: {
            string: "string",
        },
        location: "string",
        mtlsPolicy: {
            clientValidationCa: [{
                certificateProviderInstance: {
                    pluginInstance: "string",
                },
                grpcEndpoint: {
                    targetUri: "string",
                },
            }],
            clientValidationMode: google_native.networksecurity.v1beta1.MTLSPolicyClientValidationMode.ClientValidationModeUnspecified,
            clientValidationTrustConfig: "string",
        },
        name: "string",
        project: "string",
        serverCertificate: {
            certificateProviderInstance: {
                pluginInstance: "string",
            },
            grpcEndpoint: {
                targetUri: "string",
            },
        },
    });
    
    type: google-native:networksecurity/v1beta1:ServerTlsPolicy
    properties:
        allowOpen: false
        description: string
        labels:
            string: string
        location: string
        mtlsPolicy:
            clientValidationCa:
                - certificateProviderInstance:
                    pluginInstance: string
                  grpcEndpoint:
                    targetUri: string
            clientValidationMode: CLIENT_VALIDATION_MODE_UNSPECIFIED
            clientValidationTrustConfig: string
        name: string
        project: string
        serverCertificate:
            certificateProviderInstance:
                pluginInstance: string
            grpcEndpoint:
                targetUri: string
        serverTlsPolicyId: string
    

    ServerTlsPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ServerTlsPolicy resource accepts the following input properties:

    ServerTlsPolicyId string
    Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
    AllowOpen bool
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    Description string
    Free-text description of the resource.
    Labels Dictionary<string, string>
    Set of label tags associated with the resource.
    Location string
    MtlsPolicy Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.MTLSPolicy
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections.
    Name string
    Name of the ServerTlsPolicy resource. It matches the pattern projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
    Project string
    ServerCertificate Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1CertificateProvider
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported.
    ServerTlsPolicyId string
    Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
    AllowOpen bool
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    Description string
    Free-text description of the resource.
    Labels map[string]string
    Set of label tags associated with the resource.
    Location string
    MtlsPolicy MTLSPolicyArgs
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections.
    Name string
    Name of the ServerTlsPolicy resource. It matches the pattern projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
    Project string
    ServerCertificate GoogleCloudNetworksecurityV1beta1CertificateProviderArgs
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported.
    serverTlsPolicyId String
    Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
    allowOpen Boolean
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    description String
    Free-text description of the resource.
    labels Map<String,String>
    Set of label tags associated with the resource.
    location String
    mtlsPolicy MTLSPolicy
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections.
    name String
    Name of the ServerTlsPolicy resource. It matches the pattern projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
    project String
    serverCertificate GoogleCloudNetworksecurityV1beta1CertificateProvider
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported.
    serverTlsPolicyId string
    Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
    allowOpen boolean
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    description string
    Free-text description of the resource.
    labels {[key: string]: string}
    Set of label tags associated with the resource.
    location string
    mtlsPolicy MTLSPolicy
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections.
    name string
    Name of the ServerTlsPolicy resource. It matches the pattern projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
    project string
    serverCertificate GoogleCloudNetworksecurityV1beta1CertificateProvider
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported.
    server_tls_policy_id str
    Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
    allow_open bool
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    description str
    Free-text description of the resource.
    labels Mapping[str, str]
    Set of label tags associated with the resource.
    location str
    mtls_policy MTLSPolicyArgs
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections.
    name str
    Name of the ServerTlsPolicy resource. It matches the pattern projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
    project str
    server_certificate GoogleCloudNetworksecurityV1beta1CertificateProviderArgs
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported.
    serverTlsPolicyId String
    Required. Short name of the ServerTlsPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "server_mtls_policy".
    allowOpen Boolean
    This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
    description String
    Free-text description of the resource.
    labels Map<String>
    Set of label tags associated with the resource.
    location String
    mtlsPolicy Property Map
    This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections.
    name String
    Name of the ServerTlsPolicy resource. It matches the pattern projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}
    project String
    serverCertificate Property Map
    Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ServerTlsPolicy resource produces the following output properties:

    CreateTime string
    The timestamp when the resource was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    UpdateTime string
    The timestamp when the resource was updated.
    CreateTime string
    The timestamp when the resource was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    UpdateTime string
    The timestamp when the resource was updated.
    createTime String
    The timestamp when the resource was created.
    id String
    The provider-assigned unique ID for this managed resource.
    updateTime String
    The timestamp when the resource was updated.
    createTime string
    The timestamp when the resource was created.
    id string
    The provider-assigned unique ID for this managed resource.
    updateTime string
    The timestamp when the resource was updated.
    create_time str
    The timestamp when the resource was created.
    id str
    The provider-assigned unique ID for this managed resource.
    update_time str
    The timestamp when the resource was updated.
    createTime String
    The timestamp when the resource was created.
    id String
    The provider-assigned unique ID for this managed resource.
    updateTime String
    The timestamp when the resource was updated.

    Supporting Types

    CertificateProviderInstance, CertificateProviderInstanceArgs

    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    plugin_instance str
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.

    CertificateProviderInstanceResponse, CertificateProviderInstanceResponseArgs

    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    PluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance string
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    plugin_instance str
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.
    pluginInstance String
    Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance.

    GoogleCloudNetworksecurityV1beta1CertificateProvider, GoogleCloudNetworksecurityV1beta1CertificateProviderArgs

    CertificateProviderInstance Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    CertificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificate_provider_instance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpc_endpoint GoogleCloudNetworksecurityV1beta1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance Property Map
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint Property Map
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.

    GoogleCloudNetworksecurityV1beta1CertificateProviderResponse, GoogleCloudNetworksecurityV1beta1CertificateProviderResponseArgs

    CertificateProviderInstance Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    CertificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificate_provider_instance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpc_endpoint GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.
    certificateProviderInstance Property Map
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint Property Map
    gRPC specific configuration to access the gRPC server to obtain the cert and private key.

    GoogleCloudNetworksecurityV1beta1GrpcEndpoint, GoogleCloudNetworksecurityV1beta1GrpcEndpointArgs

    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    target_uri str
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".

    GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse, GoogleCloudNetworksecurityV1beta1GrpcEndpointResponseArgs

    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    TargetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri string
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    target_uri str
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".
    targetUri String
    The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:".

    MTLSPolicy, MTLSPolicyArgs

    ClientValidationCa List<Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.ValidationCA>
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    ClientValidationMode Pulumi.GoogleNative.NetworkSecurity.V1Beta1.MTLSPolicyClientValidationMode
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    ClientValidationTrustConfig string
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    ClientValidationCa []ValidationCA
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    ClientValidationMode MTLSPolicyClientValidationMode
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    ClientValidationTrustConfig string
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    clientValidationCa List<ValidationCA>
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    clientValidationMode MTLSPolicyClientValidationMode
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    clientValidationTrustConfig String
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    clientValidationCa ValidationCA[]
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    clientValidationMode MTLSPolicyClientValidationMode
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    clientValidationTrustConfig string
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    client_validation_ca Sequence[ValidationCA]
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    client_validation_mode MTLSPolicyClientValidationMode
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    client_validation_trust_config str
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    clientValidationCa List<Property Map>
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    clientValidationMode "CLIENT_VALIDATION_MODE_UNSPECIFIED" | "ALLOW_INVALID_OR_MISSING_CLIENT_CERT" | "REJECT_INVALID"
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    clientValidationTrustConfig String
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.

    MTLSPolicyClientValidationMode, MTLSPolicyClientValidationModeArgs

    ClientValidationModeUnspecified
    CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
    AllowInvalidOrMissingClientCert
    ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
    RejectInvalid
    REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in client_validation_trust_config.
    MTLSPolicyClientValidationModeClientValidationModeUnspecified
    CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
    MTLSPolicyClientValidationModeAllowInvalidOrMissingClientCert
    ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
    MTLSPolicyClientValidationModeRejectInvalid
    REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in client_validation_trust_config.
    ClientValidationModeUnspecified
    CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
    AllowInvalidOrMissingClientCert
    ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
    RejectInvalid
    REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in client_validation_trust_config.
    ClientValidationModeUnspecified
    CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
    AllowInvalidOrMissingClientCert
    ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
    RejectInvalid
    REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in client_validation_trust_config.
    CLIENT_VALIDATION_MODE_UNSPECIFIED
    CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
    ALLOW_INVALID_OR_MISSING_CLIENT_CERT
    ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
    REJECT_INVALID
    REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in client_validation_trust_config.
    "CLIENT_VALIDATION_MODE_UNSPECIFIED"
    CLIENT_VALIDATION_MODE_UNSPECIFIEDNot allowed.
    "ALLOW_INVALID_OR_MISSING_CLIENT_CERT"
    ALLOW_INVALID_OR_MISSING_CLIENT_CERTAllow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.
    "REJECT_INVALID"
    REJECT_INVALIDRequire a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in client_validation_trust_config.

    MTLSPolicyResponse, MTLSPolicyResponseArgs

    ClientValidationCa List<Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.ValidationCAResponse>
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    ClientValidationMode string
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    ClientValidationTrustConfig string
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    ClientValidationCa []ValidationCAResponse
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    ClientValidationMode string
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    ClientValidationTrustConfig string
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    clientValidationCa List<ValidationCAResponse>
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    clientValidationMode String
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    clientValidationTrustConfig String
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    clientValidationCa ValidationCAResponse[]
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    clientValidationMode string
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    clientValidationTrustConfig string
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    client_validation_ca Sequence[ValidationCAResponse]
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    client_validation_mode str
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    client_validation_trust_config str
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.
    clientValidationCa List<Property Map>
    Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
    clientValidationMode String
    When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled. Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty.
    clientValidationTrustConfig String
    Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with external HTTPS load balancers.

    ValidationCA, ValidationCAArgs

    CertificateProviderInstance Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    CertificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificate_provider_instance CertificateProviderInstance
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpc_endpoint GoogleCloudNetworksecurityV1beta1GrpcEndpoint
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance Property Map
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint Property Map
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.

    ValidationCAResponse, ValidationCAResponseArgs

    CertificateProviderInstance Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint Pulumi.GoogleNative.NetworkSecurity.V1Beta1.Inputs.GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    CertificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    GrpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificate_provider_instance CertificateProviderInstanceResponse
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpc_endpoint GoogleCloudNetworksecurityV1beta1GrpcEndpointResponse
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.
    certificateProviderInstance Property Map
    The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.
    grpcEndpoint Property Map
    gRPC specific configuration to access the gRPC server to obtain the CA certificate.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi