Package com.pulumi.gcp.networksecurity

Class TlsInspectionPolicy

  • public class TlsInspectionPolicy
extends com.pulumi.resources.CustomResource
    ## Example Usage ### Network Security Tls Inspection Policy Basic ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.certificateauthority.CaPool; import com.pulumi.gcp.certificateauthority.CaPoolArgs; import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs; import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs; import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs; import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs; import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs; import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs; import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs; import com.pulumi.gcp.certificateauthority.Authority; import com.pulumi.gcp.certificateauthority.AuthorityArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs; import com.pulumi.gcp.projects.ServiceIdentity; import com.pulumi.gcp.projects.ServiceIdentityArgs; import com.pulumi.gcp.certificateauthority.CaPoolIamMember; import com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs; import com.pulumi.gcp.networksecurity.TlsInspectionPolicy; import com.pulumi.gcp.networksecurity.TlsInspectionPolicyArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var defaultCaPool = new CaPool("defaultCaPool", CaPoolArgs.builder() .location("us-central1") .tier("DEVOPS") .publishingOptions(CaPoolPublishingOptionsArgs.builder() .publishCaCert(false) .publishCrl(false) .build()) .issuancePolicy(CaPoolIssuancePolicyArgs.builder() .maximumLifetime("1209600s") .baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder() .caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder() .isCa(false) .build()) .keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder() .baseKeyUsage() .extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder() .serverAuth(true) .build()) .build()) .build()) .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultAuthority = new Authority("defaultAuthority", AuthorityArgs.builder() .pool(defaultCaPool.name()) .certificateAuthorityId("my-basic-certificate-authority") .location("us-central1") .lifetime("86400s") .type("SELF_SIGNED") .deletionProtection(false) .skipGracePeriod(true) .ignoreActiveCertificatesOnDeletion(true) .config(AuthorityConfigArgs.builder() .subjectConfig(AuthorityConfigSubjectConfigArgs.builder() .subject(AuthorityConfigSubjectConfigSubjectArgs.builder() .organization("Test LLC") .commonName("my-ca") .build()) .build()) .x509Config(AuthorityConfigX509ConfigArgs.builder() .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder() .isCa(true) .build()) .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder() .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder() .certSign(true) .crlSign(true) .build()) .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder() .serverAuth(false) .build()) .build()) .build()) .build()) .keySpec(AuthorityKeySpecArgs.builder() .algorithm("RSA_PKCS1_4096_SHA256") .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var nsSa = new ServiceIdentity("nsSa", ServiceIdentityArgs.builder() .service("networksecurity.googleapis.com") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var tlsInspectionPermission = new CaPoolIamMember("tlsInspectionPermission", CaPoolIamMemberArgs.builder() .caPool(defaultCaPool.id()) .role("roles/privateca.certificateManager") .member(nsSa.email().applyValue(email -> String.format("serviceAccount:%s", email))) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultTlsInspectionPolicy = new TlsInspectionPolicy("defaultTlsInspectionPolicy", TlsInspectionPolicyArgs.builder() .location("us-central1") .caPool(defaultCaPool.id()) .excludePublicCaSet(false) .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn( defaultCaPool, defaultAuthority, tlsInspectionPermission) .build()); } } ``` ## Import TlsInspectionPolicy can be imported using any of these accepted formats* `projects/{{project}}/locations/{{location}}/tlsInspectionPolicies/{{name}}` * `{{project}}/{{location}}/{{name}}` * `{{location}}/{{name}}` In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import TlsInspectionPolicy using one of the formats above. For exampletf import { id = "projects/{{project}}/locations/{{location}}/tlsInspectionPolicies/{{name}}" to = google_network_security_tls_inspection_policy.default } ```sh $ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), TlsInspectionPolicy can be imported using one of the formats above. For example ``` ```sh $ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default projects/{{project}}/locations/{{location}}/tlsInspectionPolicies/{{name}} ``` ```sh $ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default {{project}}/{{location}}/{{name}} ``` ```sh $ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default {{location}}/{{name}} ```

    • Nested Class Summary

      • Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource

        com.pulumi.resources.CustomResource.CustomResourceInternal

      • Nested classes/interfaces inherited from class com.pulumi.resources.Resource

        com.pulumi.resources.Resource.LazyField<T extends java.lang.Object>, com.pulumi.resources.Resource.LazyFields, com.pulumi.resources.Resource.ResourceInternal

    • Field Summary

      • Fields inherited from class com.pulumi.resources.Resource

        childResources, remote

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      com.pulumi.core.Output<java.lang.String> caPool()  
      com.pulumi.core.Output<java.lang.String> createTime()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> description()  
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> excludePublicCaSet()  
      static TlsInspectionPolicy get​(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, TlsInspectionPolicyState state, com.pulumi.resources.CustomResourceOptions options)
      Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> location()  
      com.pulumi.core.Output<java.lang.String> name()  
      com.pulumi.core.Output<java.lang.String> project()  
      com.pulumi.core.Output<java.lang.String> updateTime()  

      • Methods inherited from class com.pulumi.resources.CustomResource

        getId, id, idFuture

      • Methods inherited from class com.pulumi.resources.Resource

        getChildResources, getResourceName, getResourceType, getUrn, pulumiChildResources, pulumiResourceName, pulumiResourceType, urn

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • TlsInspectionPolicy

        public TlsInspectionPolicy​(java.lang.String name)
        Parameters:
        name - The _unique_ name of the resulting resource.

      • TlsInspectionPolicy

        public TlsInspectionPolicy​(java.lang.String name,
                           TlsInspectionPolicyArgs args)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.

      • TlsInspectionPolicy

        public TlsInspectionPolicy​(java.lang.String name,
                           TlsInspectionPolicyArgs args,
                           @Nullable
                           com.pulumi.resources.CustomResourceOptions options)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.
        options - A bag of options that control this resource's behavior.

    • Method Detail

      • caPool

        public com.pulumi.core.Output<java.lang.String> caPool()
        Returns:
        A CA pool resource used to issue interception certificates.

      • createTime

        public com.pulumi.core.Output<java.lang.String> createTime()
        Returns:
        The timestamp when the resource was created.

      • description

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> description()
        Returns:
        Free-text description of the resource.

      • excludePublicCaSet

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> excludePublicCaSet()
        Returns:
        If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trustConfig. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trustConfig will be accepted.

      • location

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> location()
        Returns:
        The location of the tls inspection policy.

      • name

        public com.pulumi.core.Output<java.lang.String> name()
        Returns:
        Short name of the TlsInspectionPolicy resource to be created. ***

      • project

        public com.pulumi.core.Output<java.lang.String> project()
        Returns:
        The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

      • updateTime

        public com.pulumi.core.Output<java.lang.String> updateTime()
        Returns:
        The timestamp when the resource was updated.

      • get

        public static TlsInspectionPolicy get​(java.lang.String name,
                                      com.pulumi.core.Output<java.lang.String> id,
                                      @Nullable
                                      TlsInspectionPolicyState state,
                                      @Nullable
                                      com.pulumi.resources.CustomResourceOptions options)
        Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
        Parameters:
        name - The _unique_ name of the resulting resource.
        id - The _unique_ provider ID of the resource to lookup.
        state -
        options - Optional settings to control the behavior of the CustomResource.