Documentation ¶
Index ¶
- Constants
- func Serve(providerName, version string, schema []byte)
- type Algorithm
- type AllowedUse
- type Certificate
- type CertificateArgs
- type CreateCertificateArgs
- type CreateCertificateResult
- type InstallOnArgs
- type InstallOnResult
- type KeyPair
- type KeyPairArgs
- type RemoteFile
- type RemoteFileArgs
- type RootCa
- type RootCaArgs
Constants ¶
View Source
const ( Ecdsa Algorithm = "ECDSA" Ed25519 Algorithm = "ED25519" Rsa Algorithm = "RSA" AnyExtended AllowedUse = "any_extended" CertSigning AllowedUse = "cert_signing" ClientAuth AllowedUse = "client_auth" CodeSigning AllowedUse = "code_signing" ContentCommitment AllowedUse = "content_commitment" CrlSigning AllowedUse = "crl_signing" DataEncipherment AllowedUse = "data_encipherment" DecipherOnly AllowedUse = "decipher_only" DigitalSignature AllowedUse = "digital_signature" EmailProtection AllowedUse = "email_protection" EncipherOnly AllowedUse = "encipher_only" IpsecEndSystem AllowedUse = "ipsec_end_system" // TODO: Review IpsecTunnel AllowedUse = "ipsec_tunnel" IpsecUser AllowedUse = "ipsec_user" KeyAgreement AllowedUse = "key_agreement" KeyEncipherment AllowedUse = "key_encipherment" OcspSigning AllowedUse = "ocsp_signing" ServerAuth AllowedUse = "server_auth" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AllowedUse ¶
type AllowedUse string
type Certificate ¶
type Certificate struct { pulumi.ResourceState KeyPair Cert *tls.LocallySignedCert `pulumi:"cert"` Csr *tls.CertRequest `pulumi:"csr"` }
func NewCertificate ¶
func NewCertificate(ctx *pulumi.Context, name string, args *CertificateArgs, opts ...pulumi.ResourceOption) (*Certificate, error)
func (*Certificate) InstallOn ¶
func (c *Certificate) InstallOn(ctx *pulumi.Context, args InstallOnArgs) (*InstallOnResult, error)
type CertificateArgs ¶
type CertificateArgs struct { KeyPairArgs AllowedUses pulumi.StringArrayInput `pulumi:"allowedUses"` CaCertPem pulumi.StringInput `pulumi:"caCertPem"` CaPrivateKeyPem pulumi.StringInput `pulumi:"caPrivateKeyPem"` IsCaCertificate pulumi.BoolInput `pulumi:"isCaCertificate"` Subject tls.CertRequestSubjectPtrInput `pulumi:"subject"` }
type CreateCertificateArgs ¶
type CreateCertificateArgs struct { // Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`. Algorithm string `pulumi:"algorithm"` // When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`). EcdsaCurve *string `pulumi:"ecdsaCurve"` // When `algorithm` is `RSA`, the size of the generated RSA key, in bits (default: `2048`). RsaBits *int `pulumi:"rsaBits"` // List of DNS names for which a certificate is being requested (i.e. certificate subjects). DnsNames []string `pulumi:"dnsNames"` // The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This // can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old // certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate // revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the // early renewal period. (default: `0`) EarlyRenewalHours *int `pulumi:"earlyRenewalHours"` // List of IP addresses for which a certificate is being requested (i.e. certificate subjects). IpAddresses []string `pulumi:"ipAddresses"` // Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`). SetAuthorityKeyId *bool `pulumi:"setAuthorityKeyId"` // Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`). SetSubjectKeyId *bool `pulumi:"setSubjectKeyId"` // List of URIs for which a certificate is being requested (i.e. certificate subjects). Uris []string `pulumi:"uris"` // Number of hours, after initial issuing, that the certificate will remain valid for. ValidityPeriodHours int `pulumi:"validityPeriodHours"` AllowedUses []string `pulumi:"allowedUses"` IsCaCertificate bool `pulumi:"isCaCertificate"` Name string `pulumi:"name"` Subject tls.CertRequestSubjectArgs `pulumi:"subject"` }
CreateCertificateArgs is the set of arguments for creating a Certificate resource
type CreateCertificateResult ¶
type CreateCertificateResult struct {
Cert *Certificate `pulumi:"cert"`
}
type InstallOnArgs ¶
type InstallOnArgs struct { Connection remote.ConnectionArgs `pulumi:"connection"` Name string `pulumi:"name"` Path pulumi.StringInput `pulumi:"path"` }
type InstallOnResult ¶
type InstallOnResult struct {
File *RemoteFile `pulumi:"file"`
}
type KeyPair ¶
type KeyPair struct { pulumi.ResourceState CertPem pulumi.StringOutput `pulumi:"certPem"` Key *tls.PrivateKey `pulumi:"key"` KeyPem pulumi.StringOutput `pulumi:"keyPem"` }
type KeyPairArgs ¶
type KeyPairArgs struct { tls.PrivateKeyArgs Algorithm Algorithm `pulumi:"algorithm"` // List of DNS names for which a certificate is being requested (i.e. certificate subjects). DnsNames pulumi.StringArrayInput `pulumi:"dnsNames"` // The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This // can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old // certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate // revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the // early renewal period. (default: `0`) EarlyRenewalHours pulumi.IntPtrInput `pulumi:"earlyRenewalHours"` // List of IP addresses for which a certificate is being requested (i.e. certificate subjects). IpAddresses pulumi.StringArrayInput `pulumi:"ipAddresses"` // Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`). SetAuthorityKeyId pulumi.BoolPtrInput `pulumi:"setAuthorityKeyId"` // Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`). SetSubjectKeyId pulumi.BoolPtrInput `pulumi:"setSubjectKeyId"` // List of URIs for which a certificate is being requested (i.e. certificate subjects). Uris pulumi.StringArrayInput `pulumi:"uris"` // Number of hours, after initial issuing, that the certificate will remain valid for. ValidityPeriodHours pulumi.IntInput `pulumi:"validityPeriodHours"` }
type RemoteFile ¶
type RemoteFile struct { pulumi.ResourceState Command *remote.Command `pulumi:"command"` }
The RemoteFile component resource.
func NewRemoteFile ¶
func NewRemoteFile(ctx *pulumi.Context, name string, args *RemoteFileArgs, opts ...pulumi.ResourceOption) (*RemoteFile, error)
NewRemoteFile creates a new RemoteFile component resource.
type RemoteFileArgs ¶
type RemoteFileArgs struct { Connection remote.ConnectionArgs `pulumi:"connection"` Content pulumi.StringInput `pulumi:"content"` Path pulumi.StringInput `pulumi:"path"` }
The RemoteFileArgs for creating a RemoteFile component resource.
type RootCa ¶
type RootCa struct { pulumi.ResourceState KeyPair Cert *tls.SelfSignedCert `pulumi:"cert"` }
The RootCa for a cluster
func NewRootCa ¶
func NewRootCa(ctx *pulumi.Context, name string, args *RootCaArgs, opts ...pulumi.ResourceOption) (*RootCa, error)
NewRootCa creates a new RootCa component resource.
func (*RootCa) CreateCertificate ¶
func (c *RootCa) CreateCertificate(ctx *pulumi.Context, args CreateCertificateArgs) (*CreateCertificateResult, error)
func (*RootCa) InstallOn ¶
func (c *RootCa) InstallOn(ctx *pulumi.Context, args InstallOnArgs) (*InstallOnResult, error)
type RootCaArgs ¶
type RootCaArgs struct { KeyPairArgs // The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section. Subject tls.SelfSignedCertSubjectPtrInput `pulumi:"subject"` }
Click to show internal directories.
Click to hide internal directories.