import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource. * * To get more information about ClientTlsPolicy, see: * * * [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-security/rest/v1beta1/projects.locations.clientTlsPolicies) * * How-to Guides * * [Service Security](https://cloud.google.com/traffic-director/docs/security-use-cases) * * ## Example Usage * * ### Network Security Client Tls Policy Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networksecurity.ClientTlsPolicy("default", { * name: "my-client-tls-policy", * labels: { * foo: "bar", * }, * description: "my description", * sni: "secure.example.com", * }); * ``` * ### Network Security Client Tls Policy Advanced * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networksecurity.ClientTlsPolicy("default", { * name: "my-client-tls-policy", * labels: { * foo: "bar", * }, * description: "my description", * clientCertificate: { * certificateProviderInstance: { * pluginInstance: "google_cloud_private_spiffe", * }, * }, * serverValidationCas: [{ * grpcEndpoint: { * targetUri: "unix:mypath", * }, * }], * }); * ``` * * ## Import * * ClientTlsPolicy can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}` * * * `{{project}}/{{location}}/{{name}}` * * * `{{location}}/{{name}}` * * When using the `pulumi import` command, ClientTlsPolicy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}} * ``` * * ```sh * $ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default {{project}}/{{location}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default {{location}}/{{name}} * ``` */ export declare class ClientTlsPolicy extends pulumi.CustomResource { /** * Get an existing ClientTlsPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ClientTlsPolicyState, opts?: pulumi.CustomResourceOptions): ClientTlsPolicy; /** * Returns true if the given object is an instance of ClientTlsPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ClientTlsPolicy; /** * Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. * Structure is documented below. */ readonly clientCertificate: pulumi.Output; /** * Time the ClientTlsPolicy was created in UTC. */ readonly createTime: pulumi.Output; /** * A free-text description of the resource. Max length 1024 characters. */ readonly description: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * Set of label tags associated with the ClientTlsPolicy resource. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The location of the client tls policy. * The default value is `global`. */ readonly location: pulumi.Output; /** * Name of the ClientTlsPolicy resource. * * * - - - */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate. * Structure is documented below. */ readonly serverValidationCas: pulumi.Output; /** * Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com". */ readonly sni: pulumi.Output; /** * Time the ClientTlsPolicy was updated in UTC. */ readonly updateTime: pulumi.Output; /** * Create a ClientTlsPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: ClientTlsPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ClientTlsPolicy resources. */ export interface ClientTlsPolicyState { /** * Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. * Structure is documented below. */ clientCertificate?: pulumi.Input; /** * Time the ClientTlsPolicy was created in UTC. */ createTime?: pulumi.Input; /** * A free-text description of the resource. Max length 1024 characters. */ description?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Set of label tags associated with the ClientTlsPolicy resource. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location of the client tls policy. * The default value is `global`. */ location?: pulumi.Input; /** * Name of the ClientTlsPolicy resource. * * * - - - */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate. * Structure is documented below. */ serverValidationCas?: pulumi.Input[]>; /** * Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com". */ sni?: pulumi.Input; /** * Time the ClientTlsPolicy was updated in UTC. */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a ClientTlsPolicy resource. */ export interface ClientTlsPolicyArgs { /** * Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. * Structure is documented below. */ clientCertificate?: pulumi.Input; /** * A free-text description of the resource. Max length 1024 characters. */ description?: pulumi.Input; /** * Set of label tags associated with the ClientTlsPolicy resource. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location of the client tls policy. * The default value is `global`. */ location?: pulumi.Input; /** * Name of the ClientTlsPolicy resource. * * * - - - */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate. * Structure is documented below. */ serverValidationCas?: pulumi.Input[]>; /** * Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com". */ sni?: pulumi.Input; }