pulumi-gcp 7.21.0a1714543973__py3-none-any.whl → 7.21.0a1714596856__py3-none-any.whl

pulumi_gcp/certificateauthority/certificate.py

@@ -968,6 +968,94 @@ class Certificate(pulumi.CustomResource):
                 ),
             ))
         ```
+        ### Privateca Certificate Custom Ski
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+        import pulumi_std as std
+
+        default = gcp.certificateauthority.CaPool("default",
+            location="us-central1",
+            name="my-pool",
+            tier="ENTERPRISE")
+        default_authority = gcp.certificateauthority.Authority("default",
+            location="us-central1",
+            pool=default.name,
+            certificate_authority_id="my-authority",
+            config=gcp.certificateauthority.AuthorityConfigArgs(
+                subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
+                    subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
+                        organization="HashiCorp",
+                        common_name="my-certificate-authority",
+                    ),
+                    subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
+                        dns_names=["hashicorp.com"],
+                    ),
+                ),
+                x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
+                    ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
+                        is_ca=True,
+                    ),
+                    key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
+                        base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
+                            digital_signature=True,
+                            cert_sign=True,
+                            crl_sign=True,
+                        ),
+                        extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
+                            server_auth=True,
+                        ),
+                    ),
+                ),
+            ),
+            lifetime="86400s",
+            key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
+                algorithm="RSA_PKCS1_4096_SHA256",
+            ),
+            deletion_protection=False,
+            skip_grace_period=True,
+            ignore_active_certificates_on_deletion=True)
+        default_certificate = gcp.certificateauthority.Certificate("default",
+            location="us-central1",
+            pool=default.name,
+            name="my-certificate",
+            lifetime="860s",
+            config=gcp.certificateauthority.CertificateConfigArgs(
+                subject_config=gcp.certificateauthority.CertificateConfigSubjectConfigArgs(
+                    subject=gcp.certificateauthority.CertificateConfigSubjectConfigSubjectArgs(
+                        common_name="san1.example.com",
+                        country_code="us",
+                        organization="google",
+                        organizational_unit="enterprise",
+                        locality="mountain view",
+                        province="california",
+                        street_address="1600 amphitheatre parkway",
+                        postal_code="94109",
+                    ),
+                ),
+                subject_key_id=gcp.certificateauthority.CertificateConfigSubjectKeyIdArgs(
+                    key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
+                ),
+                x509_config=gcp.certificateauthority.CertificateConfigX509ConfigArgs(
+                    ca_options=gcp.certificateauthority.CertificateConfigX509ConfigCaOptionsArgs(
+                        is_ca=False,
+                    ),
+                    key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageArgs(
+                        base_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs(
+                            crl_sign=True,
+                        ),
+                        extended_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
+                            server_auth=True,
+                        ),
+                    ),
+                ),
+                public_key=gcp.certificateauthority.CertificateConfigPublicKeyArgs(
+                    format="PEM",
+                    key=std.filebase64(input="test-fixtures/rsa_public.pem").result,
+                ),
+            ))
+        ```
 
         ## Import
 
@@ -1407,6 +1495,94 @@ class Certificate(pulumi.CustomResource):
                 ),
             ))
         ```
+        ### Privateca Certificate Custom Ski
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+        import pulumi_std as std
+
+        default = gcp.certificateauthority.CaPool("default",
+            location="us-central1",
+            name="my-pool",
+            tier="ENTERPRISE")
+        default_authority = gcp.certificateauthority.Authority("default",
+            location="us-central1",
+            pool=default.name,
+            certificate_authority_id="my-authority",
+            config=gcp.certificateauthority.AuthorityConfigArgs(
+                subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
+                    subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
+                        organization="HashiCorp",
+                        common_name="my-certificate-authority",
+                    ),
+                    subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
+                        dns_names=["hashicorp.com"],
+                    ),
+                ),
+                x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
+                    ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
+                        is_ca=True,
+                    ),
+                    key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
+                        base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
+                            digital_signature=True,
+                            cert_sign=True,
+                            crl_sign=True,
+                        ),
+                        extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
+                            server_auth=True,
+                        ),
+                    ),
+                ),
+            ),
+            lifetime="86400s",
+            key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
+                algorithm="RSA_PKCS1_4096_SHA256",
+            ),
+            deletion_protection=False,
+            skip_grace_period=True,
+            ignore_active_certificates_on_deletion=True)
+        default_certificate = gcp.certificateauthority.Certificate("default",
+            location="us-central1",
+            pool=default.name,
+            name="my-certificate",
+            lifetime="860s",
+            config=gcp.certificateauthority.CertificateConfigArgs(
+                subject_config=gcp.certificateauthority.CertificateConfigSubjectConfigArgs(
+                    subject=gcp.certificateauthority.CertificateConfigSubjectConfigSubjectArgs(
+                        common_name="san1.example.com",
+                        country_code="us",
+                        organization="google",
+                        organizational_unit="enterprise",
+                        locality="mountain view",
+                        province="california",
+                        street_address="1600 amphitheatre parkway",
+                        postal_code="94109",
+                    ),
+                ),
+                subject_key_id=gcp.certificateauthority.CertificateConfigSubjectKeyIdArgs(
+                    key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
+                ),
+                x509_config=gcp.certificateauthority.CertificateConfigX509ConfigArgs(
+                    ca_options=gcp.certificateauthority.CertificateConfigX509ConfigCaOptionsArgs(
+                        is_ca=False,
+                    ),
+                    key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageArgs(
+                        base_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs(
+                            crl_sign=True,
+                        ),
+                        extended_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
+                            server_auth=True,
+                        ),
+                    ),
+                ),
+                public_key=gcp.certificateauthority.CertificateConfigPublicKeyArgs(
+                    format="PEM",
+                    key=std.filebase64(input="test-fixtures/rsa_public.pem").result,
+                ),
+            ))
+        ```
 
         ## Import
 

pulumi_gcp/certificateauthority/outputs.py

@@ -16,6 +16,7 @@ __all__ = [
     'AuthorityConfigSubjectConfig',
     'AuthorityConfigSubjectConfigSubject',
     'AuthorityConfigSubjectConfigSubjectAltName',
+    'AuthorityConfigSubjectKeyId',
     'AuthorityConfigX509Config',
     'AuthorityConfigX509ConfigAdditionalExtension',
     'AuthorityConfigX509ConfigAdditionalExtensionObjectId',
@@ -74,6 +75,7 @@ __all__ = [
     'CertificateConfigSubjectConfig',
     'CertificateConfigSubjectConfigSubject',
     'CertificateConfigSubjectConfigSubjectAltName',
+    'CertificateConfigSubjectKeyId',
     'CertificateConfigX509Config',
     'CertificateConfigX509ConfigAdditionalExtension',
     'CertificateConfigX509ConfigAdditionalExtensionObjectId',
@@ -105,6 +107,7 @@ __all__ = [
     'GetAuthorityConfigSubjectConfigResult',
     'GetAuthorityConfigSubjectConfigSubjectResult',
     'GetAuthorityConfigSubjectConfigSubjectAltNameResult',
+    'GetAuthorityConfigSubjectKeyIdResult',
     'GetAuthorityConfigX509ConfigResult',
     'GetAuthorityConfigX509ConfigAdditionalExtensionResult',
     'GetAuthorityConfigX509ConfigAdditionalExtensionObjectIdResult',
@@ -187,6 +190,8 @@ class AuthorityConfig(dict):
             suggest = "subject_config"
         elif key == "x509Config":
             suggest = "x509_config"
+        elif key == "subjectKeyId":
+            suggest = "subject_key_id"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in AuthorityConfig. Access the value via the '{suggest}' property getter instead.")
@@ -201,18 +206,20 @@ class AuthorityConfig(dict):
 
     def __init__(__self__, *,
                  subject_config: 'outputs.AuthorityConfigSubjectConfig',
-                 x509_config: 'outputs.AuthorityConfigX509Config'):
+                 x509_config: 'outputs.AuthorityConfigX509Config',
+                 subject_key_id: Optional['outputs.AuthorityConfigSubjectKeyId'] = None):
         """
         :param 'AuthorityConfigSubjectConfigArgs' subject_config: Specifies some of the values in a certificate that are related to the subject.
                Structure is documented below.
-               
-               
-               <a name="nested_x509_config"></a>The `x509_config` block supports:
         :param 'AuthorityConfigX509ConfigArgs' x509_config: Describes how some of the technical X.509 fields in a certificate should be populated.
                Structure is documented below.
+        :param 'AuthorityConfigSubjectKeyIdArgs' subject_key_id: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+               Structure is documented below.
         """
         pulumi.set(__self__, "subject_config", subject_config)
         pulumi.set(__self__, "x509_config", x509_config)
+        if subject_key_id is not None:
+            pulumi.set(__self__, "subject_key_id", subject_key_id)
 
     @property
     @pulumi.getter(name="subjectConfig")
@@ -220,9 +227,6 @@ class AuthorityConfig(dict):
         """
         Specifies some of the values in a certificate that are related to the subject.
         Structure is documented below.
-
-
-        <a name="nested_x509_config"></a>The `x509_config` block supports:
         """
         return pulumi.get(self, "subject_config")
 
@@ -235,6 +239,15 @@ class AuthorityConfig(dict):
         """
         return pulumi.get(self, "x509_config")
 
+    @property
+    @pulumi.getter(name="subjectKeyId")
+    def subject_key_id(self) -> Optional['outputs.AuthorityConfigSubjectKeyId']:
+        """
+        When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+        Structure is documented below.
+        """
+        return pulumi.get(self, "subject_key_id")
+
 
 @pulumi.output_type
 class AuthorityConfigSubjectConfig(dict):
@@ -489,6 +502,46 @@ class AuthorityConfigSubjectConfigSubjectAltName(dict):
         return pulumi.get(self, "uris")
 
 
+@pulumi.output_type
+class AuthorityConfigSubjectKeyId(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "keyId":
+            suggest = "key_id"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in AuthorityConfigSubjectKeyId. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        AuthorityConfigSubjectKeyId.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        AuthorityConfigSubjectKeyId.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 key_id: Optional[str] = None):
+        """
+        :param str key_id: The value of the KeyId in lowercase hexidecimal.
+               
+               <a name="nested_x509_config"></a>The `x509_config` block supports:
+        """
+        if key_id is not None:
+            pulumi.set(__self__, "key_id", key_id)
+
+    @property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> Optional[str]:
+        """
+        The value of the KeyId in lowercase hexidecimal.
+
+        <a name="nested_x509_config"></a>The `x509_config` block supports:
+        """
+        return pulumi.get(self, "key_id")
+
+
 @pulumi.output_type
 class AuthorityConfigX509Config(dict):
     @staticmethod
@@ -3720,8 +3773,7 @@ class CertificateCertificateDescriptionSubjectKeyId(dict):
     def __init__(__self__, *,
                  key_id: Optional[str] = None):
         """
-        :param str key_id: (Output)
-               Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
+        :param str key_id: The value of the KeyId in lowercase hexidecimal.
         """
         if key_id is not None:
             pulumi.set(__self__, "key_id", key_id)
@@ -3730,8 +3782,7 @@ class CertificateCertificateDescriptionSubjectKeyId(dict):
     @pulumi.getter(name="keyId")
     def key_id(self) -> Optional[str]:
         """
-        (Output)
-        Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
+        The value of the KeyId in lowercase hexidecimal.
         """
         return pulumi.get(self, "key_id")
 
@@ -4619,6 +4670,8 @@ class CertificateConfig(dict):
             suggest = "subject_config"
         elif key == "x509Config":
             suggest = "x509_config"
+        elif key == "subjectKeyId":
+            suggest = "subject_key_id"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in CertificateConfig. Access the value via the '{suggest}' property getter instead.")
@@ -4634,7 +4687,8 @@ class CertificateConfig(dict):
     def __init__(__self__, *,
                  public_key: 'outputs.CertificateConfigPublicKey',
                  subject_config: 'outputs.CertificateConfigSubjectConfig',
-                 x509_config: 'outputs.CertificateConfigX509Config'):
+                 x509_config: 'outputs.CertificateConfigX509Config',
+                 subject_key_id: Optional['outputs.CertificateConfigSubjectKeyId'] = None):
         """
         :param 'CertificateConfigPublicKeyArgs' public_key: A PublicKey describes a public key.
                Structure is documented below.
@@ -4645,10 +4699,14 @@ class CertificateConfig(dict):
                Structure is documented below.
         :param 'CertificateConfigX509ConfigArgs' x509_config: Describes how some of the technical X.509 fields in a certificate should be populated.
                Structure is documented below.
+        :param 'CertificateConfigSubjectKeyIdArgs' subject_key_id: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+               Structure is documented below.
         """
         pulumi.set(__self__, "public_key", public_key)
         pulumi.set(__self__, "subject_config", subject_config)
         pulumi.set(__self__, "x509_config", x509_config)
+        if subject_key_id is not None:
+            pulumi.set(__self__, "subject_key_id", subject_key_id)
 
     @property
     @pulumi.getter(name="publicKey")
@@ -4680,6 +4738,15 @@ class CertificateConfig(dict):
         """
         return pulumi.get(self, "x509_config")
 
+    @property
+    @pulumi.getter(name="subjectKeyId")
+    def subject_key_id(self) -> Optional['outputs.CertificateConfigSubjectKeyId']:
+        """
+        When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+        Structure is documented below.
+        """
+        return pulumi.get(self, "subject_key_id")
+
 
 @pulumi.output_type
 class CertificateConfigPublicKey(dict):
@@ -4966,6 +5033,42 @@ class CertificateConfigSubjectConfigSubjectAltName(dict):
         return pulumi.get(self, "uris")
 
 
+@pulumi.output_type
+class CertificateConfigSubjectKeyId(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "keyId":
+            suggest = "key_id"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in CertificateConfigSubjectKeyId. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        CertificateConfigSubjectKeyId.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        CertificateConfigSubjectKeyId.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 key_id: Optional[str] = None):
+        """
+        :param str key_id: The value of the KeyId in lowercase hexidecimal.
+        """
+        if key_id is not None:
+            pulumi.set(__self__, "key_id", key_id)
+
+    @property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> Optional[str]:
+        """
+        The value of the KeyId in lowercase hexidecimal.
+        """
+        return pulumi.get(self, "key_id")
+
+
 @pulumi.output_type
 class CertificateConfigX509Config(dict):
     @staticmethod
@@ -6856,12 +6959,15 @@ class GetAuthorityAccessUrlResult(dict):
 class GetAuthorityConfigResult(dict):
     def __init__(__self__, *,
                  subject_configs: Sequence['outputs.GetAuthorityConfigSubjectConfigResult'],
+                 subject_key_ids: Sequence['outputs.GetAuthorityConfigSubjectKeyIdResult'],
                  x509_configs: Sequence['outputs.GetAuthorityConfigX509ConfigResult']):
         """
         :param Sequence['GetAuthorityConfigSubjectConfigArgs'] subject_configs: Specifies some of the values in a certificate that are related to the subject.
+        :param Sequence['GetAuthorityConfigSubjectKeyIdArgs'] subject_key_ids: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
         :param Sequence['GetAuthorityConfigX509ConfigArgs'] x509_configs: Describes how some of the technical X.509 fields in a certificate should be populated.
         """
         pulumi.set(__self__, "subject_configs", subject_configs)
+        pulumi.set(__self__, "subject_key_ids", subject_key_ids)
         pulumi.set(__self__, "x509_configs", x509_configs)
 
     @property
@@ -6872,6 +6978,14 @@ class GetAuthorityConfigResult(dict):
         """
         return pulumi.get(self, "subject_configs")
 
+    @property
+    @pulumi.getter(name="subjectKeyIds")
+    def subject_key_ids(self) -> Sequence['outputs.GetAuthorityConfigSubjectKeyIdResult']:
+        """
+        When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+        """
+        return pulumi.get(self, "subject_key_ids")
+
     @property
     @pulumi.getter(name="x509Configs")
     def x509_configs(self) -> Sequence['outputs.GetAuthorityConfigX509ConfigResult']:
@@ -7056,6 +7170,24 @@ class GetAuthorityConfigSubjectConfigSubjectAltNameResult(dict):
         return pulumi.get(self, "uris")
 
 
+@pulumi.output_type
+class GetAuthorityConfigSubjectKeyIdResult(dict):
+    def __init__(__self__, *,
+                 key_id: str):
+        """
+        :param str key_id: The value of the KeyId in lowercase hexidecimal.
+        """
+        pulumi.set(__self__, "key_id", key_id)
+
+    @property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> str:
+        """
+        The value of the KeyId in lowercase hexidecimal.
+        """
+        return pulumi.get(self, "key_id")
+
+
 @pulumi.output_type
 class GetAuthorityConfigX509ConfigResult(dict):
     def __init__(__self__, *,

pulumi_gcp/composer/__init__.py

@@ -8,5 +8,6 @@ import typing
 from .environment import *
 from .get_environment import *
 from .get_image_versions import *
+from .user_workloads_secret import *
 from ._inputs import *
 from . import outputs