Added certificate-manager module (#2387)
This commit is contained in:
parent
85c1b7c156
commit
00d4673093
|
@ -35,7 +35,7 @@ Currently available modules:
|
|||
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud)
|
||||
- **data** - <!-- [AlloyDB instance](./modules/alloydb-instance), --> [Analytics Hub](./modules/analytics-hub), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan), [Cloud SQL instance](./modules/cloudsql-instance), [Spanner instance](./modules/spanner-instance), [Firestore](./modules/firestore), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Data Catalog Tag](./modules/data-catalog-tag), [Data Catalog Tag Template](./modules/data-catalog-tag-template), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub), [Dataform Repository](./modules/dataform-repository/)
|
||||
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository), [Workstation cluster](./modules/workstation-cluster)
|
||||
- **security** - [Binauthz](./modules/binauthz/), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc)
|
||||
- **security** - [Binauthz](./modules/binauthz/), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc), [Certificate Manager](./modules/certificate-manager/)
|
||||
- **serverless** - [Cloud Function v1](./modules/cloud-function-v1), [Cloud Function v2](./modules/cloud-function-v2), [Cloud Run](./modules/cloud-run), [Cloud Run v2](./modules/cloud-run-v2)
|
||||
|
||||
For more information and usage examples see each module's README file.
|
||||
|
|
|
@ -113,6 +113,7 @@ These modules are used in the examples included in this repository. If you are u
|
|||
- [SecretManager](./secret-manager)
|
||||
- [VPC Service Control](./vpc-sc)
|
||||
- [Secure Web Proxy](./net-swp)
|
||||
- [Certificate Manager](./certificate-manager)
|
||||
|
||||
## Serverless
|
||||
|
||||
|
|
|
@ -0,0 +1,263 @@
|
|||
# Certificate manager
|
||||
|
||||
This module allows you to create a certificate manager map and associated entries, certificates, DNS authorizations and issueance configs. Map and associated entries creation is optional.
|
||||
|
||||
## Examples
|
||||
|
||||
### Self-managed certificate
|
||||
|
||||
```hcl
|
||||
resource "tls_private_key" "private_key" {
|
||||
algorithm = "RSA"
|
||||
rsa_bits = 2048
|
||||
}
|
||||
|
||||
resource "tls_self_signed_cert" "cert" {
|
||||
private_key_pem = tls_private_key.private_key.private_key_pem
|
||||
subject {
|
||||
common_name = "example.com"
|
||||
organization = "ACME Examples, Inc"
|
||||
}
|
||||
validity_period_hours = 720
|
||||
allowed_uses = [
|
||||
"key_encipherment",
|
||||
"digital_signature",
|
||||
"server_auth",
|
||||
]
|
||||
}
|
||||
|
||||
module "certificate-manager" {
|
||||
source = "./fabric/modules/certificate-manager"
|
||||
project_id = var.project_id
|
||||
certificates = {
|
||||
my-certificate-1 = {
|
||||
self_managed = {
|
||||
pem_certificate = tls_self_signed_cert.cert.cert_pem
|
||||
pem_private_key = tls_private_key.private_key.private_key_pem
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=self-managed-cert.yaml
|
||||
```
|
||||
|
||||
### Certificate map with 1 entry with 1 self-managed certificate
|
||||
|
||||
```hcl
|
||||
resource "tls_private_key" "private_key" {
|
||||
algorithm = "RSA"
|
||||
rsa_bits = 2048
|
||||
}
|
||||
|
||||
resource "tls_self_signed_cert" "cert" {
|
||||
private_key_pem = tls_private_key.private_key.private_key_pem
|
||||
subject {
|
||||
common_name = "example.com"
|
||||
organization = "ACME Examples, Inc"
|
||||
}
|
||||
validity_period_hours = 720
|
||||
allowed_uses = [
|
||||
"key_encipherment",
|
||||
"digital_signature",
|
||||
"server_auth",
|
||||
]
|
||||
}
|
||||
|
||||
module "certificate-manager" {
|
||||
source = "./fabric/modules/certificate-manager"
|
||||
project_id = var.project_id
|
||||
map = {
|
||||
name = "my-certificate-map"
|
||||
description = "My certificate map"
|
||||
entries = {
|
||||
mydomain-mycompany-org = {
|
||||
certificates = [
|
||||
"my-certificate-1"
|
||||
]
|
||||
hostname = "mydomain.mycompany.org"
|
||||
}
|
||||
}
|
||||
}
|
||||
certificates = {
|
||||
my-certificate-1 = {
|
||||
self_managed = {
|
||||
pem_certificate = tls_self_signed_cert.cert.cert_pem
|
||||
pem_private_key = tls_private_key.private_key.private_key_pem
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=map-with-self-managed-cert.yaml
|
||||
|
||||
```
|
||||
|
||||
### Certificate map with 1 entry with 1 managed certificate with load balancer authorization
|
||||
|
||||
```hcl
|
||||
module "certificate-manager" {
|
||||
source = "./fabric/modules/certificate-manager"
|
||||
project_id = var.project_id
|
||||
map = {
|
||||
name = "my-certificate-map"
|
||||
description = "My certificate map"
|
||||
entries = {
|
||||
mydomain-mycompany-org = {
|
||||
certificates = [
|
||||
"my-certificate-1"
|
||||
]
|
||||
matcher = "PRIMARY"
|
||||
}
|
||||
}
|
||||
}
|
||||
certificates = {
|
||||
my-certificate-1 = {
|
||||
managed = {
|
||||
domains = ["mydomain.mycompany.org"]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=map-with-managed-cert-lb-authz.yaml
|
||||
```
|
||||
|
||||
### Certificate map with 1 entry with 1 managed certificate with DNS authorization
|
||||
|
||||
```hcl
|
||||
module "certificate-manager" {
|
||||
source = "./fabric/modules/certificate-manager"
|
||||
project_id = var.project_id
|
||||
map = {
|
||||
name = "my-certificate-map"
|
||||
description = "My certificate map"
|
||||
entries = {
|
||||
mydomain-mycompany-org = {
|
||||
certificates = [
|
||||
"my-certificate-1"
|
||||
]
|
||||
matcher = "PRIMARY"
|
||||
}
|
||||
}
|
||||
}
|
||||
certificates = {
|
||||
my-certificate-1 = {
|
||||
managed = {
|
||||
domains = ["mydomain.mycompany.org"]
|
||||
dns_authorizations = ["mydomain-mycompany-org"]
|
||||
}
|
||||
}
|
||||
}
|
||||
dns_authorizations = {
|
||||
mydomain-mycompany-org = {
|
||||
type = "PER_PROJECT_RECORD"
|
||||
domain = "mydomain.mycompany.org"
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4 inventory=map-with-managed-cert-dns-authz.yaml
|
||||
```
|
||||
|
||||
### Certificate map with 1 entry with 1 managed certificate with issued by a CA Service instance
|
||||
|
||||
```hcl
|
||||
resource "google_privateca_ca_pool" "pool" {
|
||||
name = "ca-pool"
|
||||
project = var.project_id
|
||||
location = "us-central1"
|
||||
tier = "ENTERPRISE"
|
||||
}
|
||||
|
||||
resource "google_privateca_certificate_authority" "ca_authority" {
|
||||
project = var.project_id
|
||||
location = "us-central1"
|
||||
pool = google_privateca_ca_pool.pool.name
|
||||
certificate_authority_id = "ca-authority"
|
||||
config {
|
||||
subject_config {
|
||||
subject {
|
||||
organization = "My Company"
|
||||
common_name = "my-company-authority"
|
||||
}
|
||||
subject_alt_name {
|
||||
dns_names = ["mycompany.org"]
|
||||
}
|
||||
}
|
||||
x509_config {
|
||||
ca_options {
|
||||
is_ca = true
|
||||
}
|
||||
key_usage {
|
||||
base_key_usage {
|
||||
cert_sign = true
|
||||
crl_sign = true
|
||||
}
|
||||
extended_key_usage {
|
||||
server_auth = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
key_spec {
|
||||
algorithm = "RSA_PKCS1_4096_SHA256"
|
||||
}
|
||||
deletion_protection = false
|
||||
skip_grace_period = true
|
||||
ignore_active_certificates_on_deletion = true
|
||||
}
|
||||
|
||||
module "certificate-manager" {
|
||||
source = "./fabric/modules/certificate-manager"
|
||||
project_id = var.project_id
|
||||
map = {
|
||||
name = "my-certificate-map"
|
||||
description = "My certificate map"
|
||||
entries = {
|
||||
mydomain-mycompany-org = {
|
||||
certificates = [
|
||||
"my-certificate-1"
|
||||
]
|
||||
matcher = "PRIMARY"
|
||||
}
|
||||
}
|
||||
}
|
||||
certificates = {
|
||||
my-certificate-1 = {
|
||||
managed = {
|
||||
domains = ["mydomain.mycompany.org"]
|
||||
issuance_config = "my-issuance-config"
|
||||
}
|
||||
}
|
||||
}
|
||||
issuance_configs = {
|
||||
my-issuance-config = {
|
||||
ca_pool = google_privateca_ca_pool.pool.id
|
||||
key_algorithm = "ECDSA_P256"
|
||||
lifetime = "1814400s"
|
||||
rotation_window_percentage = 34
|
||||
}
|
||||
}
|
||||
depends_on = [
|
||||
google_privateca_certificate_authority.ca_authority
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=6 inventory=map-with-managed-cert-ca-service.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L102) | Project id. | <code>string</code> | ✓ | |
|
||||
| [certificates](variables.tf#L17) | Certificates. | <code title="map(object({ description = optional(string) labels = optional(map(string), {}) location = optional(string) scope = optional(string) self_managed = optional(object({ pem_certificate = string pem_private_key = string })) managed = optional(object({ domains = list(string) dns_authorizations = optional(list(string)) issuance_config = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [dns_authorizations](variables.tf#L53) | DNS authorizations. | <code title="map(object({ domain = string description = optional(string) location = optional(string) type = optional(string) labels = optional(map(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [issuance_configs](variables.tf#L66) | Issuance configs. | <code title="map(object({ ca_pool = string description = optional(string) key_algorithm = string labels = optional(map(string), {}) lifetime = string rotation_window_percentage = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [map](variables.tf#L80) | Map attributes. | <code title="object({ name = string description = optional(string) labels = optional(map(string), {}) entries = optional(map(object({ description = optional(string) hostname = optional(string) labels = optional(map(string), {}) matcher = optional(string) certificates = list(string) })), {}) })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [certificate_ids](outputs.tf#L17) | Certificate ids. | |
|
||||
| [certificates](outputs.tf#L22) | Certificates. | |
|
||||
| [map](outputs.tf#L27) | Map. | |
|
||||
| [map_id](outputs.tf#L32) | Map id. | |
|
||||
<!-- END TFDOC -->
|
|
@ -0,0 +1,85 @@
|
|||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
resource "google_certificate_manager_certificate_map" "map" {
|
||||
count = var.map == null ? 0 : 1
|
||||
project = var.project_id
|
||||
name = var.map.name
|
||||
description = var.map.description
|
||||
labels = var.map.labels
|
||||
}
|
||||
|
||||
resource "google_certificate_manager_certificate_map_entry" "entries" {
|
||||
for_each = try(var.map.entries, {})
|
||||
project = google_certificate_manager_certificate_map.map[0].project
|
||||
name = each.key
|
||||
description = each.value.description
|
||||
map = google_certificate_manager_certificate_map.map[0].name
|
||||
labels = each.value.labels
|
||||
certificates = [for v in each.value.certificates : google_certificate_manager_certificate.certificates[v].id]
|
||||
hostname = each.value.hostname
|
||||
matcher = each.value.matcher
|
||||
}
|
||||
|
||||
resource "google_certificate_manager_certificate" "certificates" {
|
||||
for_each = var.certificates
|
||||
project = var.project_id
|
||||
name = each.key
|
||||
description = each.value.description
|
||||
scope = each.value.scope
|
||||
labels = each.value.labels
|
||||
dynamic "managed" {
|
||||
for_each = each.value.managed == null ? [] : [""]
|
||||
content {
|
||||
domains = each.value.managed.domains
|
||||
dns_authorizations = each.value.managed.dns_authorizations
|
||||
issuance_config = each.value.managed.issuance_config
|
||||
}
|
||||
}
|
||||
dynamic "self_managed" {
|
||||
for_each = each.value.self_managed == null ? [] : [""]
|
||||
content {
|
||||
pem_certificate = each.value.self_managed.pem_certificate
|
||||
pem_private_key = each.value.self_managed.pem_private_key
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_certificate_manager_dns_authorization" "dns_authorizations" {
|
||||
for_each = var.dns_authorizations
|
||||
project = var.project_id
|
||||
name = each.key
|
||||
location = each.value.location
|
||||
description = each.value.description
|
||||
type = each.value.type
|
||||
domain = each.value.domain
|
||||
}
|
||||
|
||||
resource "google_certificate_manager_certificate_issuance_config" "default" {
|
||||
for_each = var.issuance_configs
|
||||
project = var.project_id
|
||||
name = each.key
|
||||
description = each.value.description
|
||||
certificate_authority_config {
|
||||
certificate_authority_service_config {
|
||||
ca_pool = each.value.ca_pool
|
||||
}
|
||||
}
|
||||
lifetime = each.value.lifetime
|
||||
rotation_window_percentage = each.value.rotation_window_percentage
|
||||
key_algorithm = each.value.key_algorithm
|
||||
labels = each.value.labels
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "certificate_ids" {
|
||||
description = "Certificate ids."
|
||||
value = { for k, v in google_certificate_manager_certificate.certificates : k => v.id }
|
||||
}
|
||||
|
||||
output "certificates" {
|
||||
description = "Certificates."
|
||||
value = google_certificate_manager_certificate.certificates
|
||||
}
|
||||
|
||||
output "map" {
|
||||
description = "Map."
|
||||
value = var.map == null ? null : google_certificate_manager_certificate_map.map[0]
|
||||
}
|
||||
|
||||
output "map_id" {
|
||||
description = "Map id."
|
||||
value = var.map == null ? null : google_certificate_manager_certificate_map.map[0].id
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,106 @@
|
|||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "certificates" {
|
||||
description = "Certificates."
|
||||
type = map(object({
|
||||
description = optional(string)
|
||||
labels = optional(map(string), {})
|
||||
location = optional(string)
|
||||
scope = optional(string)
|
||||
self_managed = optional(object({
|
||||
pem_certificate = string
|
||||
pem_private_key = string
|
||||
}))
|
||||
managed = optional(object({
|
||||
domains = list(string)
|
||||
dns_authorizations = optional(list(string))
|
||||
issuance_config = optional(string)
|
||||
}))
|
||||
}))
|
||||
default = {}
|
||||
nullable = false
|
||||
|
||||
validation {
|
||||
condition = alltrue([for k, v in var.certificates : (
|
||||
v.self_managed != null && v.managed == null
|
||||
|| v.self_managed == null && v.managed != null
|
||||
)])
|
||||
error_message = "Either a self-managed or a managed configuration must be specified for a certificate."
|
||||
}
|
||||
validation {
|
||||
condition = alltrue([for k, v in var.certificates : v.managed == null ? true :
|
||||
!(v.managed.dns_authorizations != null
|
||||
&& v.managed.issuance_config != null)
|
||||
])
|
||||
error_message = "Both DNS authorizations and issuance cannot be specified."
|
||||
}
|
||||
}
|
||||
|
||||
variable "dns_authorizations" {
|
||||
description = "DNS authorizations."
|
||||
type = map(object({
|
||||
domain = string
|
||||
description = optional(string)
|
||||
location = optional(string)
|
||||
type = optional(string)
|
||||
labels = optional(map(string))
|
||||
}))
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "issuance_configs" {
|
||||
description = "Issuance configs."
|
||||
type = map(object({
|
||||
ca_pool = string
|
||||
description = optional(string)
|
||||
key_algorithm = string
|
||||
labels = optional(map(string), {})
|
||||
lifetime = string
|
||||
rotation_window_percentage = number
|
||||
}))
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "map" {
|
||||
description = "Map attributes."
|
||||
type = object({
|
||||
name = string
|
||||
description = optional(string)
|
||||
labels = optional(map(string), {})
|
||||
entries = optional(map(object({
|
||||
description = optional(string)
|
||||
hostname = optional(string)
|
||||
labels = optional(map(string), {})
|
||||
matcher = optional(string)
|
||||
certificates = list(string)
|
||||
})), {})
|
||||
})
|
||||
default = null
|
||||
|
||||
validation {
|
||||
condition = var.map == null ? true : alltrue([for k, v in var.map.entries : v.hostname == null && v.matcher != null || v.hostname != null && v.matcher == null])
|
||||
error_message = "Either hostname or matcher must be specified for an entry."
|
||||
}
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project id."
|
||||
type = string
|
||||
}
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
terraform {
|
||||
required_version = ">= 1.7.4"
|
||||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 5.34.0, < 6.0.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 5.34.0, < 6.0.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,142 @@
|
|||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_privateca_ca_pool.pool:
|
||||
issuance_policy: []
|
||||
labels: null
|
||||
location: us-central1
|
||||
name: ca-pool
|
||||
project: project-id
|
||||
publishing_options: []
|
||||
tier: ENTERPRISE
|
||||
timeouts: null
|
||||
google_privateca_certificate_authority.ca_authority:
|
||||
certificate_authority_id: ca-authority
|
||||
config:
|
||||
- subject_config:
|
||||
- subject:
|
||||
- common_name: my-company-authority
|
||||
country_code: null
|
||||
locality: null
|
||||
organization: My Company
|
||||
organizational_unit: null
|
||||
postal_code: null
|
||||
province: null
|
||||
street_address: null
|
||||
subject_alt_name:
|
||||
- dns_names:
|
||||
- mycompany.org
|
||||
email_addresses: null
|
||||
ip_addresses: null
|
||||
uris: null
|
||||
subject_key_id: []
|
||||
x509_config:
|
||||
- additional_extensions: []
|
||||
aia_ocsp_servers: null
|
||||
ca_options:
|
||||
- is_ca: true
|
||||
max_issuer_path_length: null
|
||||
non_ca: null
|
||||
zero_max_issuer_path_length: null
|
||||
key_usage:
|
||||
- base_key_usage:
|
||||
- cert_sign: true
|
||||
content_commitment: null
|
||||
crl_sign: true
|
||||
data_encipherment: null
|
||||
decipher_only: null
|
||||
digital_signature: null
|
||||
encipher_only: null
|
||||
key_agreement: null
|
||||
key_encipherment: null
|
||||
extended_key_usage:
|
||||
- client_auth: null
|
||||
code_signing: null
|
||||
email_protection: null
|
||||
ocsp_signing: null
|
||||
server_auth: true
|
||||
time_stamping: null
|
||||
unknown_extended_key_usages: []
|
||||
name_constraints: []
|
||||
policy_ids: []
|
||||
deletion_protection: false
|
||||
desired_state: null
|
||||
gcs_bucket: null
|
||||
ignore_active_certificates_on_deletion: true
|
||||
key_spec:
|
||||
- algorithm: RSA_PKCS1_4096_SHA256
|
||||
cloud_kms_key_version: null
|
||||
labels: null
|
||||
lifetime: 315360000s
|
||||
location: us-central1
|
||||
pem_ca_certificate: null
|
||||
pool: ca-pool
|
||||
project: project-id
|
||||
skip_grace_period: true
|
||||
subordinate_config: []
|
||||
timeouts: null
|
||||
type: SELF_SIGNED
|
||||
module.certificate-manager.google_certificate_manager_certificate.certificates["my-certificate-1"]:
|
||||
description: null
|
||||
labels: null
|
||||
location: global
|
||||
managed:
|
||||
- dns_authorizations: null
|
||||
domains:
|
||||
- mydomain.mycompany.org
|
||||
issuance_config: my-issuance-config
|
||||
name: my-certificate-1
|
||||
project: project-id
|
||||
scope: null
|
||||
self_managed: []
|
||||
timeouts: null
|
||||
module.certificate-manager.google_certificate_manager_certificate_issuance_config.default["my-issuance-config"]:
|
||||
certificate_authority_config:
|
||||
- certificate_authority_service_config:
|
||||
- {}
|
||||
description: null
|
||||
key_algorithm: ECDSA_P256
|
||||
labels: null
|
||||
lifetime: 1814400s
|
||||
location: global
|
||||
name: my-issuance-config
|
||||
project: project-id
|
||||
rotation_window_percentage: 34
|
||||
timeouts: null
|
||||
module.certificate-manager.google_certificate_manager_certificate_map.map[0]:
|
||||
description: My certificate map
|
||||
labels: null
|
||||
name: my-certificate-map
|
||||
project: project-id
|
||||
timeouts: null
|
||||
module.certificate-manager.google_certificate_manager_certificate_map_entry.entries["mydomain-mycompany-org"]:
|
||||
description: null
|
||||
hostname: null
|
||||
labels: null
|
||||
map: my-certificate-map
|
||||
matcher: PRIMARY
|
||||
name: mydomain-mycompany-org
|
||||
project: project-id
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
google_certificate_manager_certificate: 1
|
||||
google_certificate_manager_certificate_issuance_config: 1
|
||||
google_certificate_manager_certificate_map: 1
|
||||
google_certificate_manager_certificate_map_entry: 1
|
||||
google_privateca_ca_pool: 1
|
||||
google_privateca_certificate_authority: 1
|
||||
modules: 1
|
||||
resources: 6
|
|
@ -0,0 +1,62 @@
|
|||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.certificate-manager.google_certificate_manager_certificate.certificates["my-certificate-1"]:
|
||||
description: null
|
||||
labels: null
|
||||
location: global
|
||||
managed:
|
||||
- dns_authorizations:
|
||||
- mydomain-mycompany-org
|
||||
domains:
|
||||
- mydomain.mycompany.org
|
||||
issuance_config: null
|
||||
name: my-certificate-1
|
||||
project: project-id
|
||||
scope: null
|
||||
self_managed: []
|
||||
timeouts: null
|
||||
module.certificate-manager.google_certificate_manager_certificate_map.map[0]:
|
||||
description: My certificate map
|
||||
labels: null
|
||||
name: my-certificate-map
|
||||
project: project-id
|
||||
timeouts: null
|
||||
module.certificate-manager.google_certificate_manager_certificate_map_entry.entries["mydomain-mycompany-org"]:
|
||||
description: null
|
||||
hostname: null
|
||||
labels: null
|
||||
map: my-certificate-map
|
||||
matcher: PRIMARY
|
||||
name: mydomain-mycompany-org
|
||||
project: project-id
|
||||
timeouts: null
|
||||
module.certificate-manager.google_certificate_manager_dns_authorization.dns_authorizations["mydomain-mycompany-org"]:
|
||||
description: null
|
||||
domain: mydomain.mycompany.org
|
||||
labels: null
|
||||
location: global
|
||||
name: mydomain-mycompany-org
|
||||
project: project-id
|
||||
timeouts: null
|
||||
type: PER_PROJECT_RECORD
|
||||
|
||||
counts:
|
||||
google_certificate_manager_certificate: 1
|
||||
google_certificate_manager_certificate_map: 1
|
||||
google_certificate_manager_certificate_map_entry: 1
|
||||
google_certificate_manager_dns_authorization: 1
|
||||
modules: 1
|
||||
resources: 4
|
|
@ -0,0 +1,51 @@
|
|||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.certificate-manager.google_certificate_manager_certificate.certificates["my-certificate-1"]:
|
||||
description: null
|
||||
labels: null
|
||||
location: global
|
||||
managed:
|
||||
- dns_authorizations: null
|
||||
domains:
|
||||
- mydomain.mycompany.org
|
||||
issuance_config: null
|
||||
name: my-certificate-1
|
||||
project: project-id
|
||||
scope: null
|
||||
self_managed: []
|
||||
timeouts: null
|
||||
module.certificate-manager.google_certificate_manager_certificate_map.map[0]:
|
||||
description: My certificate map
|
||||
labels: null
|
||||
name: my-certificate-map
|
||||
project: project-id
|
||||
timeouts: null
|
||||
module.certificate-manager.google_certificate_manager_certificate_map_entry.entries["mydomain-mycompany-org"]:
|
||||
description: null
|
||||
hostname: null
|
||||
labels: null
|
||||
map: my-certificate-map
|
||||
matcher: PRIMARY
|
||||
name: mydomain-mycompany-org
|
||||
project: project-id
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
google_certificate_manager_certificate: 1
|
||||
google_certificate_manager_certificate_map: 1
|
||||
google_certificate_manager_certificate_map_entry: 1
|
||||
modules: 1
|
||||
resources: 3
|
|
@ -0,0 +1,79 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.certificate-manager.google_certificate_manager_certificate.certificates["my-certificate-1"]:
|
||||
description: null
|
||||
labels: null
|
||||
location: global
|
||||
managed: []
|
||||
name: my-certificate-1
|
||||
project: project-id
|
||||
scope: null
|
||||
self_managed:
|
||||
- certificate_pem: null
|
||||
private_key_pem: null
|
||||
timeouts: null
|
||||
module.certificate-manager.google_certificate_manager_certificate_map.map[0]:
|
||||
description: My certificate map
|
||||
labels: null
|
||||
name: my-certificate-map
|
||||
project: project-id
|
||||
timeouts: null
|
||||
module.certificate-manager.google_certificate_manager_certificate_map_entry.entries["mydomain-mycompany-org"]:
|
||||
description: null
|
||||
hostname: mydomain.mycompany.org
|
||||
labels: null
|
||||
map: my-certificate-map
|
||||
matcher: null
|
||||
name: mydomain-mycompany-org
|
||||
project: project-id
|
||||
timeouts: null
|
||||
tls_private_key.private_key:
|
||||
algorithm: RSA
|
||||
ecdsa_curve: P224
|
||||
rsa_bits: 2048
|
||||
tls_self_signed_cert.cert:
|
||||
allowed_uses:
|
||||
- key_encipherment
|
||||
- digital_signature
|
||||
- server_auth
|
||||
dns_names: null
|
||||
early_renewal_hours: 0
|
||||
ip_addresses: null
|
||||
is_ca_certificate: false
|
||||
ready_for_renewal: false
|
||||
set_authority_key_id: false
|
||||
set_subject_key_id: false
|
||||
subject:
|
||||
- common_name: example.com
|
||||
country: null
|
||||
locality: null
|
||||
organization: ACME Examples, Inc
|
||||
organizational_unit: null
|
||||
postal_code: null
|
||||
province: null
|
||||
serial_number: null
|
||||
street_address: null
|
||||
uris: null
|
||||
validity_period_hours: 720
|
||||
|
||||
counts:
|
||||
google_certificate_manager_certificate: 1
|
||||
google_certificate_manager_certificate_map: 1
|
||||
google_certificate_manager_certificate_map_entry: 1
|
||||
modules: 1
|
||||
resources: 5
|
||||
tls_private_key: 1
|
||||
tls_self_signed_cert: 1
|
|
@ -0,0 +1,62 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.certificate-manager.google_certificate_manager_certificate.certificates["my-certificate-1"]:
|
||||
description: null
|
||||
labels: null
|
||||
location: global
|
||||
managed: []
|
||||
name: my-certificate-1
|
||||
project: project-id
|
||||
scope: null
|
||||
self_managed:
|
||||
- certificate_pem: null
|
||||
private_key_pem: null
|
||||
timeouts: null
|
||||
tls_private_key.private_key:
|
||||
algorithm: RSA
|
||||
ecdsa_curve: P224
|
||||
rsa_bits: 2048
|
||||
tls_self_signed_cert.cert:
|
||||
allowed_uses:
|
||||
- key_encipherment
|
||||
- digital_signature
|
||||
- server_auth
|
||||
dns_names: null
|
||||
early_renewal_hours: 0
|
||||
ip_addresses: null
|
||||
is_ca_certificate: false
|
||||
ready_for_renewal: false
|
||||
set_authority_key_id: false
|
||||
set_subject_key_id: false
|
||||
subject:
|
||||
- common_name: example.com
|
||||
country: null
|
||||
locality: null
|
||||
organization: ACME Examples, Inc
|
||||
organizational_unit: null
|
||||
postal_code: null
|
||||
province: null
|
||||
serial_number: null
|
||||
street_address: null
|
||||
uris: null
|
||||
validity_period_hours: 720
|
||||
|
||||
counts:
|
||||
google_certificate_manager_certificate: 1
|
||||
modules: 1
|
||||
resources: 3
|
||||
tls_private_key: 1
|
||||
tls_self_signed_cert: 1
|
Loading…
Reference in New Issue