Documentation
¶
Index ¶
- Constants
- func Serve(providerName, version string, schema []byte)
- type Algorithm
- type AllowedUse
- type Certificate
- type CertificateArgs
- type CreateCertificateArgs
- type CreateCertificateResult
- type InstallOnArgs
- type InstallOnResult
- type KeyPair
- type KeyPairArgs
- type RemoteFile
- type RemoteFileArgs
- type RootCa
- type RootCaArgs
Constants ¶
View Source
const ( Ecdsa Algorithm = "ECDSA" Ed25519 Algorithm = "ED25519" Rsa Algorithm = "RSA" AnyExtended AllowedUse = "any_extended" CertSigning AllowedUse = "cert_signing" ClientAuth AllowedUse = "client_auth" CodeSigning AllowedUse = "code_signing" ContentCommitment AllowedUse = "content_commitment" CrlSigning AllowedUse = "crl_signing" DataEncipherment AllowedUse = "data_encipherment" DecipherOnly AllowedUse = "decipher_only" DigitalSignature AllowedUse = "digital_signature" EmailProtection AllowedUse = "email_protection" EncipherOnly AllowedUse = "encipher_only" IpsecEndSystem AllowedUse = "ipsec_end_system" // TODO: Review IpsecTunnel AllowedUse = "ipsec_tunnel" IpsecUser AllowedUse = "ipsec_user" KeyAgreement AllowedUse = "key_agreement" KeyEncipherment AllowedUse = "key_encipherment" OcspSigning AllowedUse = "ocsp_signing" ServerAuth AllowedUse = "server_auth" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AllowedUse ¶
type AllowedUse string
type Certificate ¶
type Certificate struct {
pulumi.ResourceState
KeyPair
Cert *tls.LocallySignedCert `pulumi:"cert"`
Csr *tls.CertRequest `pulumi:"csr"`
}
func NewCertificate ¶
func NewCertificate(ctx *pulumi.Context, name string, args *CertificateArgs, opts ...pulumi.ResourceOption) (*Certificate, error)
func (*Certificate) InstallOn ¶
func (c *Certificate) InstallOn(ctx *pulumi.Context, args InstallOnArgs) (*InstallOnResult, error)
type CertificateArgs ¶
type CertificateArgs struct {
KeyPairArgs
AllowedUses pulumi.StringArrayInput `pulumi:"allowedUses"`
CaCertPem pulumi.StringInput `pulumi:"caCertPem"`
CaPrivateKeyPem pulumi.StringInput `pulumi:"caPrivateKeyPem"`
IsCaCertificate pulumi.BoolInput `pulumi:"isCaCertificate"`
Subject tls.CertRequestSubjectPtrInput `pulumi:"subject"`
}
type CreateCertificateArgs ¶
type CreateCertificateArgs struct {
// Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.
Algorithm string `pulumi:"algorithm"`
// When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).
EcdsaCurve *string `pulumi:"ecdsaCurve"`
// When `algorithm` is `RSA`, the size of the generated RSA key, in bits (default: `2048`).
RsaBits *int `pulumi:"rsaBits"`
// List of DNS names for which a certificate is being requested (i.e. certificate subjects).
DnsNames []string `pulumi:"dnsNames"`
// The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
// can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
// certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
// revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
// early renewal period. (default: `0`)
EarlyRenewalHours *int `pulumi:"earlyRenewalHours"`
// List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
IpAddresses []string `pulumi:"ipAddresses"`
// Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
SetAuthorityKeyId *bool `pulumi:"setAuthorityKeyId"`
// Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
SetSubjectKeyId *bool `pulumi:"setSubjectKeyId"`
// List of URIs for which a certificate is being requested (i.e. certificate subjects).
Uris []string `pulumi:"uris"`
// Number of hours, after initial issuing, that the certificate will remain valid for.
ValidityPeriodHours int `pulumi:"validityPeriodHours"`
AllowedUses []string `pulumi:"allowedUses"`
IsCaCertificate bool `pulumi:"isCaCertificate"`
Name string `pulumi:"name"`
Subject tls.CertRequestSubjectArgs `pulumi:"subject"`
}
CreateCertificateArgs is the set of arguments for creating a Certificate resource
type CreateCertificateResult ¶
type CreateCertificateResult struct {
Cert *Certificate `pulumi:"cert"`
}
type InstallOnArgs ¶
type InstallOnArgs struct {
Connection remote.ConnectionArgs `pulumi:"connection"`
Name string `pulumi:"name"`
Path pulumi.StringInput `pulumi:"path"`
}
type InstallOnResult ¶
type InstallOnResult struct {
File *RemoteFile `pulumi:"file"`
}
type KeyPair ¶
type KeyPair struct {
pulumi.ResourceState
CertPem pulumi.StringOutput `pulumi:"certPem"`
Key *tls.PrivateKey `pulumi:"key"`
KeyPem pulumi.StringOutput `pulumi:"keyPem"`
}
type KeyPairArgs ¶
type KeyPairArgs struct {
tls.PrivateKeyArgs
Algorithm Algorithm `pulumi:"algorithm"`
// List of DNS names for which a certificate is being requested (i.e. certificate subjects).
DnsNames pulumi.StringArrayInput `pulumi:"dnsNames"`
// The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
// can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
// certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
// revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
// early renewal period. (default: `0`)
EarlyRenewalHours pulumi.IntPtrInput `pulumi:"earlyRenewalHours"`
// List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
IpAddresses pulumi.StringArrayInput `pulumi:"ipAddresses"`
// Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
SetAuthorityKeyId pulumi.BoolPtrInput `pulumi:"setAuthorityKeyId"`
// Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
SetSubjectKeyId pulumi.BoolPtrInput `pulumi:"setSubjectKeyId"`
// List of URIs for which a certificate is being requested (i.e. certificate subjects).
Uris pulumi.StringArrayInput `pulumi:"uris"`
// Number of hours, after initial issuing, that the certificate will remain valid for.
ValidityPeriodHours pulumi.IntInput `pulumi:"validityPeriodHours"`
}
type RemoteFile ¶
type RemoteFile struct {
pulumi.ResourceState
Command *remote.Command `pulumi:"command"`
}
The RemoteFile component resource.
func NewRemoteFile ¶
func NewRemoteFile(ctx *pulumi.Context, name string, args *RemoteFileArgs, opts ...pulumi.ResourceOption) (*RemoteFile, error)
NewRemoteFile creates a new RemoteFile component resource.
type RemoteFileArgs ¶
type RemoteFileArgs struct {
Connection remote.ConnectionArgs `pulumi:"connection"`
Content pulumi.StringInput `pulumi:"content"`
Path pulumi.StringInput `pulumi:"path"`
}
The RemoteFileArgs for creating a RemoteFile component resource.
type RootCa ¶
type RootCa struct {
pulumi.ResourceState
KeyPair
Cert *tls.SelfSignedCert `pulumi:"cert"`
}
The RootCa for a cluster
func NewRootCa ¶
func NewRootCa(ctx *pulumi.Context, name string, args *RootCaArgs, opts ...pulumi.ResourceOption) (*RootCa, error)
NewRootCa creates a new RootCa component resource.
func (*RootCa) CreateCertificate ¶
func (c *RootCa) CreateCertificate(ctx *pulumi.Context, args CreateCertificateArgs) (*CreateCertificateResult, error)
func (*RootCa) InstallOn ¶
func (c *RootCa) InstallOn(ctx *pulumi.Context, args InstallOnArgs) (*InstallOnResult, error)
type RootCaArgs ¶
type RootCaArgs struct {
KeyPairArgs
// The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
Subject tls.SelfSignedCertSubjectPtrInput `pulumi:"subject"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.