Docs Home
Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi
gcp.certificatemanager.TrustConfig
Explore with Pulumi AI
TrustConfig represents a resource that represents your Public Key Infrastructure (PKI) configuration in Certificate Manager for use in mutual TLS authentication scenarios.
To get more information about TrustConfig, see:
- API documentation
- How-to Guides
Example Usage
Certificate Manager Trust Config
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const _default = new gcp.certificatemanager.TrustConfig("default", {
name: "trust-config",
description: "sample description for the trust config",
location: "us-central1",
trustStores: [{
trustAnchors: [{
pemCertificate: std.file({
input: "test-fixtures/cert.pem",
}).then(invoke => invoke.result),
}],
intermediateCas: [{
pemCertificate: std.file({
input: "test-fixtures/cert.pem",
}).then(invoke => invoke.result),
}],
}],
labels: {
foo: "bar",
},
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
default = gcp.certificatemanager.TrustConfig("default",
name="trust-config",
description="sample description for the trust config",
location="us-central1",
trust_stores=[{
"trust_anchors": [{
"pem_certificate": std.file(input="test-fixtures/cert.pem").result,
}],
"intermediate_cas": [{
"pem_certificate": std.file(input="test-fixtures/cert.pem").result,
}],
}],
labels={
"foo": "bar",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert.pem",
}, nil)
if err != nil {
return err
}
_, err = certificatemanager.NewTrustConfig(ctx, "default", &certificatemanager.TrustConfigArgs{
Name: pulumi.String("trust-config"),
Description: pulumi.String("sample description for the trust config"),
Location: pulumi.String("us-central1"),
TrustStores: certificatemanager.TrustConfigTrustStoreArray{
&certificatemanager.TrustConfigTrustStoreArgs{
TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
&certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
PemCertificate: pulumi.String(invokeFile.Result),
},
},
IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
&certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
PemCertificate: pulumi.String(invokeFile1.Result),
},
},
},
},
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.CertificateManager.TrustConfig("default", new()
{
Name = "trust-config",
Description = "sample description for the trust config",
Location = "us-central1",
TrustStores = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
{
TrustAnchors = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert.pem",
}).Apply(invoke => invoke.Result),
},
},
IntermediateCas = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert.pem",
}).Apply(invoke => invoke.Result),
},
},
},
},
Labels =
{
{ "foo", "bar" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.TrustConfig;
import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new TrustConfig("default", TrustConfigArgs.builder()
.name("trust-config")
.description("sample description for the trust config")
.location("us-central1")
.trustStores(TrustConfigTrustStoreArgs.builder()
.trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert.pem")
.build()).result())
.build())
.intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert.pem")
.build()).result())
.build())
.build())
.labels(Map.of("foo", "bar"))
.build());
}
}
resources:
default:
type: gcp:certificatemanager:TrustConfig
properties:
name: trust-config
description: sample description for the trust config
location: us-central1
trustStores:
- trustAnchors:
- pemCertificate:
fn::invoke:
function: std:file
arguments:
input: test-fixtures/cert.pem
return: result
intermediateCas:
- pemCertificate:
fn::invoke:
function: std:file
arguments:
input: test-fixtures/cert.pem
return: result
labels:
foo: bar
Certificate Manager Trust Config Allowlisted Certificates
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const _default = new gcp.certificatemanager.TrustConfig("default", {
name: "trust-config",
description: "A sample trust config resource with allowlisted certificates",
location: "global",
allowlistedCertificates: [
{
pemCertificate: std.file({
input: "test-fixtures/cert.pem",
}).then(invoke => invoke.result),
},
{
pemCertificate: std.file({
input: "test-fixtures/cert2.pem",
}).then(invoke => invoke.result),
},
],
labels: {
foo: "bar",
},
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
default = gcp.certificatemanager.TrustConfig("default",
name="trust-config",
description="A sample trust config resource with allowlisted certificates",
location="global",
allowlisted_certificates=[
{
"pem_certificate": std.file(input="test-fixtures/cert.pem").result,
},
{
"pem_certificate": std.file(input="test-fixtures/cert2.pem").result,
},
],
labels={
"foo": "bar",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert2.pem",
}, nil)
if err != nil {
return err
}
_, err = certificatemanager.NewTrustConfig(ctx, "default", &certificatemanager.TrustConfigArgs{
Name: pulumi.String("trust-config"),
Description: pulumi.String("A sample trust config resource with allowlisted certificates"),
Location: pulumi.String("global"),
AllowlistedCertificates: certificatemanager.TrustConfigAllowlistedCertificateArray{
&certificatemanager.TrustConfigAllowlistedCertificateArgs{
PemCertificate: pulumi.String(invokeFile.Result),
},
&certificatemanager.TrustConfigAllowlistedCertificateArgs{
PemCertificate: pulumi.String(invokeFile1.Result),
},
},
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.CertificateManager.TrustConfig("default", new()
{
Name = "trust-config",
Description = "A sample trust config resource with allowlisted certificates",
Location = "global",
AllowlistedCertificates = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigAllowlistedCertificateArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert.pem",
}).Apply(invoke => invoke.Result),
},
new Gcp.CertificateManager.Inputs.TrustConfigAllowlistedCertificateArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert2.pem",
}).Apply(invoke => invoke.Result),
},
},
Labels =
{
{ "foo", "bar" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.TrustConfig;
import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.TrustConfigAllowlistedCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new TrustConfig("default", TrustConfigArgs.builder()
.name("trust-config")
.description("A sample trust config resource with allowlisted certificates")
.location("global")
.allowlistedCertificates(
TrustConfigAllowlistedCertificateArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert.pem")
.build()).result())
.build(),
TrustConfigAllowlistedCertificateArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert2.pem")
.build()).result())
.build())
.labels(Map.of("foo", "bar"))
.build());
}
}
resources:
default:
type: gcp:certificatemanager:TrustConfig
properties:
name: trust-config
description: A sample trust config resource with allowlisted certificates
location: global
allowlistedCertificates:
- pemCertificate:
fn::invoke:
function: std:file
arguments:
input: test-fixtures/cert.pem
return: result
- pemCertificate:
fn::invoke:
function: std:file
arguments:
input: test-fixtures/cert2.pem
return: result
labels:
foo: bar
Create TrustConfig Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TrustConfig(name: string, args: TrustConfigArgs, opts?: CustomResourceOptions);@overload
def TrustConfig(resource_name: str,
args: TrustConfigArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TrustConfig(resource_name: str,
opts: Optional[ResourceOptions] = None,
location: Optional[str] = None,
allowlisted_certificates: Optional[Sequence[TrustConfigAllowlistedCertificateArgs]] = None,
description: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
project: Optional[str] = None,
trust_stores: Optional[Sequence[TrustConfigTrustStoreArgs]] = None)func NewTrustConfig(ctx *Context, name string, args TrustConfigArgs, opts ...ResourceOption) (*TrustConfig, error)public TrustConfig(string name, TrustConfigArgs args, CustomResourceOptions? opts = null)
public TrustConfig(String name, TrustConfigArgs args)
public TrustConfig(String name, TrustConfigArgs args, CustomResourceOptions options)
type: gcp:certificatemanager:TrustConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TrustConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TrustConfigArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TrustConfigArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TrustConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TrustConfigArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var trustConfigResource = new Gcp.CertificateManager.TrustConfig("trustConfigResource", new()
{
Location = "string",
AllowlistedCertificates = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigAllowlistedCertificateArgs
{
PemCertificate = "string",
},
},
Description = "string",
Labels =
{
{ "string", "string" },
},
Name = "string",
Project = "string",
TrustStores = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
{
IntermediateCas = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
{
PemCertificate = "string",
},
},
TrustAnchors = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
{
PemCertificate = "string",
},
},
},
},
});
example, err := certificatemanager.NewTrustConfig(ctx, "trustConfigResource", &certificatemanager.TrustConfigArgs{
Location: pulumi.String("string"),
AllowlistedCertificates: certificatemanager.TrustConfigAllowlistedCertificateArray{
&certificatemanager.TrustConfigAllowlistedCertificateArgs{
PemCertificate: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Name: pulumi.String("string"),
Project: pulumi.String("string"),
TrustStores: certificatemanager.TrustConfigTrustStoreArray{
&certificatemanager.TrustConfigTrustStoreArgs{
IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
&certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
PemCertificate: pulumi.String("string"),
},
},
TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
&certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
PemCertificate: pulumi.String("string"),
},
},
},
},
})
var trustConfigResource = new TrustConfig("trustConfigResource", TrustConfigArgs.builder()
.location("string")
.allowlistedCertificates(TrustConfigAllowlistedCertificateArgs.builder()
.pemCertificate("string")
.build())
.description("string")
.labels(Map.of("string", "string"))
.name("string")
.project("string")
.trustStores(TrustConfigTrustStoreArgs.builder()
.intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
.pemCertificate("string")
.build())
.trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
.pemCertificate("string")
.build())
.build())
.build());
trust_config_resource = gcp.certificatemanager.TrustConfig("trustConfigResource",
location="string",
allowlisted_certificates=[{
"pem_certificate": "string",
}],
description="string",
labels={
"string": "string",
},
name="string",
project="string",
trust_stores=[{
"intermediate_cas": [{
"pem_certificate": "string",
}],
"trust_anchors": [{
"pem_certificate": "string",
}],
}])
const trustConfigResource = new gcp.certificatemanager.TrustConfig("trustConfigResource", {
location: "string",
allowlistedCertificates: [{
pemCertificate: "string",
}],
description: "string",
labels: {
string: "string",
},
name: "string",
project: "string",
trustStores: [{
intermediateCas: [{
pemCertificate: "string",
}],
trustAnchors: [{
pemCertificate: "string",
}],
}],
});
type: gcp:certificatemanager:TrustConfig
properties:
allowlistedCertificates:
- pemCertificate: string
description: string
labels:
string: string
location: string
name: string
project: string
trustStores:
- intermediateCas:
- pemCertificate: string
trustAnchors:
- pemCertificate: string
TrustConfig Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The TrustConfig resource accepts the following input properties:
- Location string
- The trust config location.
- Allowlisted
Certificates List<TrustConfig Allowlisted Certificate> - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- Description string
- One or more paragraphs of text description of a trust config.
- Labels Dictionary<string, string>
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Name string
- A user-defined name of the trust config. Trust config names must be unique globally.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Trust
Stores List<TrustConfig Trust Store> - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- Location string
- The trust config location.
- Allowlisted
Certificates []TrustConfig Allowlisted Certificate Args - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- Description string
- One or more paragraphs of text description of a trust config.
- Labels map[string]string
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Name string
- A user-defined name of the trust config. Trust config names must be unique globally.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Trust
Stores []TrustConfig Trust Store Args - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- location String
- The trust config location.
- allowlisted
Certificates List<TrustConfig Allowlisted Certificate> - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- description String
- One or more paragraphs of text description of a trust config.
- labels Map<String,String>
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - name String
- A user-defined name of the trust config. Trust config names must be unique globally.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- trust
Stores List<TrustConfig Trust Store> - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- location string
- The trust config location.
- allowlisted
Certificates TrustConfig Allowlisted Certificate[] - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- description string
- One or more paragraphs of text description of a trust config.
- labels {[key: string]: string}
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - name string
- A user-defined name of the trust config. Trust config names must be unique globally.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- trust
Stores TrustConfig Trust Store[] - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- location str
- The trust config location.
- allowlisted_
certificates Sequence[TrustConfig Allowlisted Certificate Args] - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- description str
- One or more paragraphs of text description of a trust config.
- labels Mapping[str, str]
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - name str
- A user-defined name of the trust config. Trust config names must be unique globally.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- trust_
stores Sequence[TrustConfig Trust Store Args] - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- location String
- The trust config location.
- allowlisted
Certificates List<Property Map> - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- description String
- One or more paragraphs of text description of a trust config.
- labels Map<String>
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - name String
- A user-defined name of the trust config. Trust config names must be unique globally.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- trust
Stores List<Property Map> - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the TrustConfig resource produces the following output properties:
- Create
Time string - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Update
Time string - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Create
Time string - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Update
Time string - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- create
Time String - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time String - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- create
Time string - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id string
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time string - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- create_
time str - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id str
- The provider-assigned unique ID for this managed resource.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- update_
time str - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- create
Time String - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time String - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
Look up Existing TrustConfig Resource
Get an existing TrustConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TrustConfigState, opts?: CustomResourceOptions): TrustConfig@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowlisted_certificates: Optional[Sequence[TrustConfigAllowlistedCertificateArgs]] = None,
create_time: Optional[str] = None,
description: Optional[str] = None,
effective_labels: Optional[Mapping[str, str]] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
project: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
trust_stores: Optional[Sequence[TrustConfigTrustStoreArgs]] = None,
update_time: Optional[str] = None) -> TrustConfigfunc GetTrustConfig(ctx *Context, name string, id IDInput, state *TrustConfigState, opts ...ResourceOption) (*TrustConfig, error)public static TrustConfig Get(string name, Input<string> id, TrustConfigState? state, CustomResourceOptions? opts = null)public static TrustConfig get(String name, Output<String> id, TrustConfigState state, CustomResourceOptions options)resources: _: type: gcp:certificatemanager:TrustConfig get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowlisted
Certificates List<TrustConfig Allowlisted Certificate> - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- Create
Time string - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Description string
- One or more paragraphs of text description of a trust config.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Labels Dictionary<string, string>
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Location string
- The trust config location.
- Name string
- A user-defined name of the trust config. Trust config names must be unique globally.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Trust
Stores List<TrustConfig Trust Store> - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- Update
Time string - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Allowlisted
Certificates []TrustConfig Allowlisted Certificate Args - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- Create
Time string - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Description string
- One or more paragraphs of text description of a trust config.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Labels map[string]string
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Location string
- The trust config location.
- Name string
- A user-defined name of the trust config. Trust config names must be unique globally.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Trust
Stores []TrustConfig Trust Store Args - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- Update
Time string - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- allowlisted
Certificates List<TrustConfig Allowlisted Certificate> - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- create
Time String - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- description String
- One or more paragraphs of text description of a trust config.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels Map<String,String>
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location String
- The trust config location.
- name String
- A user-defined name of the trust config. Trust config names must be unique globally.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- trust
Stores List<TrustConfig Trust Store> - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- update
Time String - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- allowlisted
Certificates TrustConfig Allowlisted Certificate[] - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- create
Time string - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- description string
- One or more paragraphs of text description of a trust config.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels {[key: string]: string}
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location string
- The trust config location.
- name string
- A user-defined name of the trust config. Trust config names must be unique globally.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- trust
Stores TrustConfig Trust Store[] - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- update
Time string - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- allowlisted_
certificates Sequence[TrustConfig Allowlisted Certificate Args] - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- create_
time str - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- description str
- One or more paragraphs of text description of a trust config.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels Mapping[str, str]
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location str
- The trust config location.
- name str
- A user-defined name of the trust config. Trust config names must be unique globally.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- trust_
stores Sequence[TrustConfig Trust Store Args] - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- update_
time str - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- allowlisted
Certificates List<Property Map> - Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. Structure is documented below.
- create
Time String - The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- description String
- One or more paragraphs of text description of a trust config.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels Map<String>
- Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location String
- The trust config location.
- name String
- A user-defined name of the trust config. Trust config names must be unique globally.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- trust
Stores List<Property Map> - Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Structure is documented below.
- update
Time String - The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
Supporting Types
TrustConfigAllowlistedCertificate, TrustConfigAllowlistedCertificateArgs
- Pem
Certificate string - PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
- Pem
Certificate string - PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
- pem
Certificate String - PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
- pem
Certificate string - PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
- pem_
certificate str - PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
- pem
Certificate String - PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
TrustConfigTrustStore, TrustConfigTrustStoreArgs
- Intermediate
Cas List<TrustConfig Trust Store Intermediate Ca> - Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
- Trust
Anchors List<TrustConfig Trust Store Trust Anchor> - List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
- Intermediate
Cas []TrustConfig Trust Store Intermediate Ca - Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
- Trust
Anchors []TrustConfig Trust Store Trust Anchor - List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
- intermediate
Cas List<TrustConfig Trust Store Intermediate Ca> - Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
- trust
Anchors List<TrustConfig Trust Store Trust Anchor> - List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
- intermediate
Cas TrustConfig Trust Store Intermediate Ca[] - Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
- trust
Anchors TrustConfig Trust Store Trust Anchor[] - List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
- intermediate_
cas Sequence[TrustConfig Trust Store Intermediate Ca] - Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
- trust_
anchors Sequence[TrustConfig Trust Store Trust Anchor] - List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
- intermediate
Cas List<Property Map> - Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if trust config is used for the workload certificate feature. Structure is documented below.
- trust
Anchors List<Property Map> - List of Trust Anchors to be used while performing validation against a given TrustStore. Structure is documented below.
TrustConfigTrustStoreIntermediateCa, TrustConfigTrustStoreIntermediateCaArgs
- Pem
Certificate string - PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
- Pem
Certificate string - PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
- pem
Certificate String - PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
- pem
Certificate string - PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
- pem_
certificate str - PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
- pem
Certificate String - PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
TrustConfigTrustStoreTrustAnchor, TrustConfigTrustStoreTrustAnchorArgs
- Pem
Certificate string - PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
- Pem
Certificate string - PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
- pem
Certificate String - PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
- pem
Certificate string - PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
- pem_
certificate str - PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
- pem
Certificate String - PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. Note: This property is sensitive and will not be displayed in the plan.
Import
TrustConfig can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}{{project}}/{{location}}/{{name}}{{location}}/{{name}}
When using the pulumi import command, TrustConfig can be imported using one of the formats above. For example:
$ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}
$ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default {{project}}/{{location}}/{{name}}
$ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default {{location}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.