github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/acmpca/certificateAuthority.go (about) 1 // Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. 2 // *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** 3 4 package acmpca 5 6 import ( 7 "context" 8 "reflect" 9 10 "errors" 11 "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal" 12 "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 13 ) 14 15 // Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities). 16 // 17 // > **NOTE:** Creating this resource will leave the certificate authority in a `PENDING_CERTIFICATE` status, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in the `certificateSigningRequest` attribute. The `acmpca.CertificateAuthorityCertificate` resource can be used for this purpose. 18 // 19 // ## Example Usage 20 // 21 // ### Basic 22 // 23 // <!--Start PulumiCodeChooser --> 24 // ```go 25 // package main 26 // 27 // import ( 28 // 29 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca" 30 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 31 // 32 // ) 33 // 34 // func main() { 35 // pulumi.Run(func(ctx *pulumi.Context) error { 36 // _, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{ 37 // CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{ 38 // KeyAlgorithm: pulumi.String("RSA_4096"), 39 // SigningAlgorithm: pulumi.String("SHA512WITHRSA"), 40 // Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{ 41 // CommonName: pulumi.String("example.com"), 42 // }, 43 // }, 44 // PermanentDeletionTimeInDays: pulumi.Int(7), 45 // }) 46 // if err != nil { 47 // return err 48 // } 49 // return nil 50 // }) 51 // } 52 // 53 // ``` 54 // <!--End PulumiCodeChooser --> 55 // 56 // ### Short-lived certificate 57 // 58 // <!--Start PulumiCodeChooser --> 59 // ```go 60 // package main 61 // 62 // import ( 63 // 64 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca" 65 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 66 // 67 // ) 68 // 69 // func main() { 70 // pulumi.Run(func(ctx *pulumi.Context) error { 71 // _, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{ 72 // UsageMode: pulumi.String("SHORT_LIVED_CERTIFICATE"), 73 // CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{ 74 // KeyAlgorithm: pulumi.String("RSA_4096"), 75 // SigningAlgorithm: pulumi.String("SHA512WITHRSA"), 76 // Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{ 77 // CommonName: pulumi.String("example.com"), 78 // }, 79 // }, 80 // }) 81 // if err != nil { 82 // return err 83 // } 84 // return nil 85 // }) 86 // } 87 // 88 // ``` 89 // <!--End PulumiCodeChooser --> 90 // 91 // ### Enable Certificate Revocation List 92 // 93 // <!--Start PulumiCodeChooser --> 94 // ```go 95 // package main 96 // 97 // import ( 98 // 99 // "fmt" 100 // 101 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca" 102 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" 103 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" 104 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 105 // 106 // ) 107 // 108 // func main() { 109 // pulumi.Run(func(ctx *pulumi.Context) error { 110 // example, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{ 111 // Bucket: pulumi.String("example"), 112 // ForceDestroy: pulumi.Bool(true), 113 // }) 114 // if err != nil { 115 // return err 116 // } 117 // acmpcaBucketAccess := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{ 118 // Statements: iam.GetPolicyDocumentStatementArray{ 119 // &iam.GetPolicyDocumentStatementArgs{ 120 // Actions: pulumi.StringArray{ 121 // pulumi.String("s3:GetBucketAcl"), 122 // pulumi.String("s3:GetBucketLocation"), 123 // pulumi.String("s3:PutObject"), 124 // pulumi.String("s3:PutObjectAcl"), 125 // }, 126 // Resources: pulumi.StringArray{ 127 // example.Arn, 128 // example.Arn.ApplyT(func(arn string) (string, error) { 129 // return fmt.Sprintf("%v/*", arn), nil 130 // }).(pulumi.StringOutput), 131 // }, 132 // Principals: iam.GetPolicyDocumentStatementPrincipalArray{ 133 // &iam.GetPolicyDocumentStatementPrincipalArgs{ 134 // Identifiers: pulumi.StringArray{ 135 // pulumi.String("acm-pca.amazonaws.com"), 136 // }, 137 // Type: pulumi.String("Service"), 138 // }, 139 // }, 140 // }, 141 // }, 142 // }, nil) 143 // exampleBucketPolicy, err := s3.NewBucketPolicy(ctx, "example", &s3.BucketPolicyArgs{ 144 // Bucket: example.ID(), 145 // Policy: acmpcaBucketAccess.ApplyT(func(acmpcaBucketAccess iam.GetPolicyDocumentResult) (*string, error) { 146 // return &acmpcaBucketAccess.Json, nil 147 // }).(pulumi.StringPtrOutput), 148 // }) 149 // if err != nil { 150 // return err 151 // } 152 // _, err = acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{ 153 // CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{ 154 // KeyAlgorithm: pulumi.String("RSA_4096"), 155 // SigningAlgorithm: pulumi.String("SHA512WITHRSA"), 156 // Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{ 157 // CommonName: pulumi.String("example.com"), 158 // }, 159 // }, 160 // RevocationConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationArgs{ 161 // CrlConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs{ 162 // CustomCname: pulumi.String("crl.example.com"), 163 // Enabled: pulumi.Bool(true), 164 // ExpirationInDays: pulumi.Int(7), 165 // S3BucketName: example.ID(), 166 // S3ObjectAcl: pulumi.String("BUCKET_OWNER_FULL_CONTROL"), 167 // }, 168 // }, 169 // }, pulumi.DependsOn([]pulumi.Resource{ 170 // exampleBucketPolicy, 171 // })) 172 // if err != nil { 173 // return err 174 // } 175 // return nil 176 // }) 177 // } 178 // 179 // ``` 180 // <!--End PulumiCodeChooser --> 181 // 182 // ## Import 183 // 184 // Using `pulumi import`, import `aws_acmpca_certificate_authority` using the certificate authority ARN. For example: 185 // 186 // ```sh 187 // $ pulumi import aws:acmpca/certificateAuthority:CertificateAuthority example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012 188 // ``` 189 type CertificateAuthority struct { 190 pulumi.CustomResourceState 191 192 // ARN of the certificate authority. 193 Arn pulumi.StringOutput `pulumi:"arn"` 194 // Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported. 195 Certificate pulumi.StringOutput `pulumi:"certificate"` 196 // Nested argument containing algorithms and certificate subject information. Defined below. 197 CertificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationOutput `pulumi:"certificateAuthorityConfiguration"` 198 // Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported. 199 CertificateChain pulumi.StringOutput `pulumi:"certificateChain"` 200 // The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate. 201 CertificateSigningRequest pulumi.StringOutput `pulumi:"certificateSigningRequest"` 202 // Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state. 203 Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` 204 // Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys). 205 KeyStorageSecurityStandard pulumi.StringOutput `pulumi:"keyStorageSecurityStandard"` 206 // Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported. 207 NotAfter pulumi.StringOutput `pulumi:"notAfter"` 208 // Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported. 209 NotBefore pulumi.StringOutput `pulumi:"notBefore"` 210 // Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days. 211 PermanentDeletionTimeInDays pulumi.IntPtrOutput `pulumi:"permanentDeletionTimeInDays"` 212 // Nested argument containing revocation configuration. Defined below. 213 RevocationConfiguration CertificateAuthorityRevocationConfigurationPtrOutput `pulumi:"revocationConfiguration"` 214 // Serial number of the certificate authority. Only available after the certificate authority certificate has been imported. 215 Serial pulumi.StringOutput `pulumi:"serial"` 216 // Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. 217 Tags pulumi.StringMapOutput `pulumi:"tags"` 218 // Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. 219 // 220 // Deprecated: Please use `tags` instead. 221 TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"` 222 // Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`. 223 Type pulumi.StringPtrOutput `pulumi:"type"` 224 // Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`. 225 UsageMode pulumi.StringOutput `pulumi:"usageMode"` 226 } 227 228 // NewCertificateAuthority registers a new resource with the given unique name, arguments, and options. 229 func NewCertificateAuthority(ctx *pulumi.Context, 230 name string, args *CertificateAuthorityArgs, opts ...pulumi.ResourceOption) (*CertificateAuthority, error) { 231 if args == nil { 232 return nil, errors.New("missing one or more required arguments") 233 } 234 235 if args.CertificateAuthorityConfiguration == nil { 236 return nil, errors.New("invalid value for required argument 'CertificateAuthorityConfiguration'") 237 } 238 opts = internal.PkgResourceDefaultOpts(opts) 239 var resource CertificateAuthority 240 err := ctx.RegisterResource("aws:acmpca/certificateAuthority:CertificateAuthority", name, args, &resource, opts...) 241 if err != nil { 242 return nil, err 243 } 244 return &resource, nil 245 } 246 247 // GetCertificateAuthority gets an existing CertificateAuthority resource's state with the given name, ID, and optional 248 // state properties that are used to uniquely qualify the lookup (nil if not required). 249 func GetCertificateAuthority(ctx *pulumi.Context, 250 name string, id pulumi.IDInput, state *CertificateAuthorityState, opts ...pulumi.ResourceOption) (*CertificateAuthority, error) { 251 var resource CertificateAuthority 252 err := ctx.ReadResource("aws:acmpca/certificateAuthority:CertificateAuthority", name, id, state, &resource, opts...) 253 if err != nil { 254 return nil, err 255 } 256 return &resource, nil 257 } 258 259 // Input properties used for looking up and filtering CertificateAuthority resources. 260 type certificateAuthorityState struct { 261 // ARN of the certificate authority. 262 Arn *string `pulumi:"arn"` 263 // Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported. 264 Certificate *string `pulumi:"certificate"` 265 // Nested argument containing algorithms and certificate subject information. Defined below. 266 CertificateAuthorityConfiguration *CertificateAuthorityCertificateAuthorityConfiguration `pulumi:"certificateAuthorityConfiguration"` 267 // Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported. 268 CertificateChain *string `pulumi:"certificateChain"` 269 // The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate. 270 CertificateSigningRequest *string `pulumi:"certificateSigningRequest"` 271 // Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state. 272 Enabled *bool `pulumi:"enabled"` 273 // Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys). 274 KeyStorageSecurityStandard *string `pulumi:"keyStorageSecurityStandard"` 275 // Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported. 276 NotAfter *string `pulumi:"notAfter"` 277 // Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported. 278 NotBefore *string `pulumi:"notBefore"` 279 // Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days. 280 PermanentDeletionTimeInDays *int `pulumi:"permanentDeletionTimeInDays"` 281 // Nested argument containing revocation configuration. Defined below. 282 RevocationConfiguration *CertificateAuthorityRevocationConfiguration `pulumi:"revocationConfiguration"` 283 // Serial number of the certificate authority. Only available after the certificate authority certificate has been imported. 284 Serial *string `pulumi:"serial"` 285 // Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. 286 Tags map[string]string `pulumi:"tags"` 287 // Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. 288 // 289 // Deprecated: Please use `tags` instead. 290 TagsAll map[string]string `pulumi:"tagsAll"` 291 // Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`. 292 Type *string `pulumi:"type"` 293 // Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`. 294 UsageMode *string `pulumi:"usageMode"` 295 } 296 297 type CertificateAuthorityState struct { 298 // ARN of the certificate authority. 299 Arn pulumi.StringPtrInput 300 // Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported. 301 Certificate pulumi.StringPtrInput 302 // Nested argument containing algorithms and certificate subject information. Defined below. 303 CertificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationPtrInput 304 // Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported. 305 CertificateChain pulumi.StringPtrInput 306 // The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate. 307 CertificateSigningRequest pulumi.StringPtrInput 308 // Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state. 309 Enabled pulumi.BoolPtrInput 310 // Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys). 311 KeyStorageSecurityStandard pulumi.StringPtrInput 312 // Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported. 313 NotAfter pulumi.StringPtrInput 314 // Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported. 315 NotBefore pulumi.StringPtrInput 316 // Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days. 317 PermanentDeletionTimeInDays pulumi.IntPtrInput 318 // Nested argument containing revocation configuration. Defined below. 319 RevocationConfiguration CertificateAuthorityRevocationConfigurationPtrInput 320 // Serial number of the certificate authority. Only available after the certificate authority certificate has been imported. 321 Serial pulumi.StringPtrInput 322 // Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. 323 Tags pulumi.StringMapInput 324 // Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. 325 // 326 // Deprecated: Please use `tags` instead. 327 TagsAll pulumi.StringMapInput 328 // Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`. 329 Type pulumi.StringPtrInput 330 // Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`. 331 UsageMode pulumi.StringPtrInput 332 } 333 334 func (CertificateAuthorityState) ElementType() reflect.Type { 335 return reflect.TypeOf((*certificateAuthorityState)(nil)).Elem() 336 } 337 338 type certificateAuthorityArgs struct { 339 // Nested argument containing algorithms and certificate subject information. Defined below. 340 CertificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfiguration `pulumi:"certificateAuthorityConfiguration"` 341 // Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state. 342 Enabled *bool `pulumi:"enabled"` 343 // Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys). 344 KeyStorageSecurityStandard *string `pulumi:"keyStorageSecurityStandard"` 345 // Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days. 346 PermanentDeletionTimeInDays *int `pulumi:"permanentDeletionTimeInDays"` 347 // Nested argument containing revocation configuration. Defined below. 348 RevocationConfiguration *CertificateAuthorityRevocationConfiguration `pulumi:"revocationConfiguration"` 349 // Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. 350 Tags map[string]string `pulumi:"tags"` 351 // Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`. 352 Type *string `pulumi:"type"` 353 // Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`. 354 UsageMode *string `pulumi:"usageMode"` 355 } 356 357 // The set of arguments for constructing a CertificateAuthority resource. 358 type CertificateAuthorityArgs struct { 359 // Nested argument containing algorithms and certificate subject information. Defined below. 360 CertificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationInput 361 // Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state. 362 Enabled pulumi.BoolPtrInput 363 // Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys). 364 KeyStorageSecurityStandard pulumi.StringPtrInput 365 // Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days. 366 PermanentDeletionTimeInDays pulumi.IntPtrInput 367 // Nested argument containing revocation configuration. Defined below. 368 RevocationConfiguration CertificateAuthorityRevocationConfigurationPtrInput 369 // Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. 370 Tags pulumi.StringMapInput 371 // Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`. 372 Type pulumi.StringPtrInput 373 // Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`. 374 UsageMode pulumi.StringPtrInput 375 } 376 377 func (CertificateAuthorityArgs) ElementType() reflect.Type { 378 return reflect.TypeOf((*certificateAuthorityArgs)(nil)).Elem() 379 } 380 381 type CertificateAuthorityInput interface { 382 pulumi.Input 383 384 ToCertificateAuthorityOutput() CertificateAuthorityOutput 385 ToCertificateAuthorityOutputWithContext(ctx context.Context) CertificateAuthorityOutput 386 } 387 388 func (*CertificateAuthority) ElementType() reflect.Type { 389 return reflect.TypeOf((**CertificateAuthority)(nil)).Elem() 390 } 391 392 func (i *CertificateAuthority) ToCertificateAuthorityOutput() CertificateAuthorityOutput { 393 return i.ToCertificateAuthorityOutputWithContext(context.Background()) 394 } 395 396 func (i *CertificateAuthority) ToCertificateAuthorityOutputWithContext(ctx context.Context) CertificateAuthorityOutput { 397 return pulumi.ToOutputWithContext(ctx, i).(CertificateAuthorityOutput) 398 } 399 400 // CertificateAuthorityArrayInput is an input type that accepts CertificateAuthorityArray and CertificateAuthorityArrayOutput values. 401 // You can construct a concrete instance of `CertificateAuthorityArrayInput` via: 402 // 403 // CertificateAuthorityArray{ CertificateAuthorityArgs{...} } 404 type CertificateAuthorityArrayInput interface { 405 pulumi.Input 406 407 ToCertificateAuthorityArrayOutput() CertificateAuthorityArrayOutput 408 ToCertificateAuthorityArrayOutputWithContext(context.Context) CertificateAuthorityArrayOutput 409 } 410 411 type CertificateAuthorityArray []CertificateAuthorityInput 412 413 func (CertificateAuthorityArray) ElementType() reflect.Type { 414 return reflect.TypeOf((*[]*CertificateAuthority)(nil)).Elem() 415 } 416 417 func (i CertificateAuthorityArray) ToCertificateAuthorityArrayOutput() CertificateAuthorityArrayOutput { 418 return i.ToCertificateAuthorityArrayOutputWithContext(context.Background()) 419 } 420 421 func (i CertificateAuthorityArray) ToCertificateAuthorityArrayOutputWithContext(ctx context.Context) CertificateAuthorityArrayOutput { 422 return pulumi.ToOutputWithContext(ctx, i).(CertificateAuthorityArrayOutput) 423 } 424 425 // CertificateAuthorityMapInput is an input type that accepts CertificateAuthorityMap and CertificateAuthorityMapOutput values. 426 // You can construct a concrete instance of `CertificateAuthorityMapInput` via: 427 // 428 // CertificateAuthorityMap{ "key": CertificateAuthorityArgs{...} } 429 type CertificateAuthorityMapInput interface { 430 pulumi.Input 431 432 ToCertificateAuthorityMapOutput() CertificateAuthorityMapOutput 433 ToCertificateAuthorityMapOutputWithContext(context.Context) CertificateAuthorityMapOutput 434 } 435 436 type CertificateAuthorityMap map[string]CertificateAuthorityInput 437 438 func (CertificateAuthorityMap) ElementType() reflect.Type { 439 return reflect.TypeOf((*map[string]*CertificateAuthority)(nil)).Elem() 440 } 441 442 func (i CertificateAuthorityMap) ToCertificateAuthorityMapOutput() CertificateAuthorityMapOutput { 443 return i.ToCertificateAuthorityMapOutputWithContext(context.Background()) 444 } 445 446 func (i CertificateAuthorityMap) ToCertificateAuthorityMapOutputWithContext(ctx context.Context) CertificateAuthorityMapOutput { 447 return pulumi.ToOutputWithContext(ctx, i).(CertificateAuthorityMapOutput) 448 } 449 450 type CertificateAuthorityOutput struct{ *pulumi.OutputState } 451 452 func (CertificateAuthorityOutput) ElementType() reflect.Type { 453 return reflect.TypeOf((**CertificateAuthority)(nil)).Elem() 454 } 455 456 func (o CertificateAuthorityOutput) ToCertificateAuthorityOutput() CertificateAuthorityOutput { 457 return o 458 } 459 460 func (o CertificateAuthorityOutput) ToCertificateAuthorityOutputWithContext(ctx context.Context) CertificateAuthorityOutput { 461 return o 462 } 463 464 // ARN of the certificate authority. 465 func (o CertificateAuthorityOutput) Arn() pulumi.StringOutput { 466 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringOutput { return v.Arn }).(pulumi.StringOutput) 467 } 468 469 // Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported. 470 func (o CertificateAuthorityOutput) Certificate() pulumi.StringOutput { 471 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringOutput { return v.Certificate }).(pulumi.StringOutput) 472 } 473 474 // Nested argument containing algorithms and certificate subject information. Defined below. 475 func (o CertificateAuthorityOutput) CertificateAuthorityConfiguration() CertificateAuthorityCertificateAuthorityConfigurationOutput { 476 return o.ApplyT(func(v *CertificateAuthority) CertificateAuthorityCertificateAuthorityConfigurationOutput { 477 return v.CertificateAuthorityConfiguration 478 }).(CertificateAuthorityCertificateAuthorityConfigurationOutput) 479 } 480 481 // Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported. 482 func (o CertificateAuthorityOutput) CertificateChain() pulumi.StringOutput { 483 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringOutput { return v.CertificateChain }).(pulumi.StringOutput) 484 } 485 486 // The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate. 487 func (o CertificateAuthorityOutput) CertificateSigningRequest() pulumi.StringOutput { 488 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringOutput { return v.CertificateSigningRequest }).(pulumi.StringOutput) 489 } 490 491 // Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state. 492 func (o CertificateAuthorityOutput) Enabled() pulumi.BoolPtrOutput { 493 return o.ApplyT(func(v *CertificateAuthority) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) 494 } 495 496 // Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys). 497 func (o CertificateAuthorityOutput) KeyStorageSecurityStandard() pulumi.StringOutput { 498 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringOutput { return v.KeyStorageSecurityStandard }).(pulumi.StringOutput) 499 } 500 501 // Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported. 502 func (o CertificateAuthorityOutput) NotAfter() pulumi.StringOutput { 503 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringOutput { return v.NotAfter }).(pulumi.StringOutput) 504 } 505 506 // Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported. 507 func (o CertificateAuthorityOutput) NotBefore() pulumi.StringOutput { 508 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringOutput { return v.NotBefore }).(pulumi.StringOutput) 509 } 510 511 // Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days. 512 func (o CertificateAuthorityOutput) PermanentDeletionTimeInDays() pulumi.IntPtrOutput { 513 return o.ApplyT(func(v *CertificateAuthority) pulumi.IntPtrOutput { return v.PermanentDeletionTimeInDays }).(pulumi.IntPtrOutput) 514 } 515 516 // Nested argument containing revocation configuration. Defined below. 517 func (o CertificateAuthorityOutput) RevocationConfiguration() CertificateAuthorityRevocationConfigurationPtrOutput { 518 return o.ApplyT(func(v *CertificateAuthority) CertificateAuthorityRevocationConfigurationPtrOutput { 519 return v.RevocationConfiguration 520 }).(CertificateAuthorityRevocationConfigurationPtrOutput) 521 } 522 523 // Serial number of the certificate authority. Only available after the certificate authority certificate has been imported. 524 func (o CertificateAuthorityOutput) Serial() pulumi.StringOutput { 525 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringOutput { return v.Serial }).(pulumi.StringOutput) 526 } 527 528 // Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. 529 func (o CertificateAuthorityOutput) Tags() pulumi.StringMapOutput { 530 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringMapOutput { return v.Tags }).(pulumi.StringMapOutput) 531 } 532 533 // Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. 534 // 535 // Deprecated: Please use `tags` instead. 536 func (o CertificateAuthorityOutput) TagsAll() pulumi.StringMapOutput { 537 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringMapOutput { return v.TagsAll }).(pulumi.StringMapOutput) 538 } 539 540 // Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`. 541 func (o CertificateAuthorityOutput) Type() pulumi.StringPtrOutput { 542 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringPtrOutput { return v.Type }).(pulumi.StringPtrOutput) 543 } 544 545 // Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`. 546 func (o CertificateAuthorityOutput) UsageMode() pulumi.StringOutput { 547 return o.ApplyT(func(v *CertificateAuthority) pulumi.StringOutput { return v.UsageMode }).(pulumi.StringOutput) 548 } 549 550 type CertificateAuthorityArrayOutput struct{ *pulumi.OutputState } 551 552 func (CertificateAuthorityArrayOutput) ElementType() reflect.Type { 553 return reflect.TypeOf((*[]*CertificateAuthority)(nil)).Elem() 554 } 555 556 func (o CertificateAuthorityArrayOutput) ToCertificateAuthorityArrayOutput() CertificateAuthorityArrayOutput { 557 return o 558 } 559 560 func (o CertificateAuthorityArrayOutput) ToCertificateAuthorityArrayOutputWithContext(ctx context.Context) CertificateAuthorityArrayOutput { 561 return o 562 } 563 564 func (o CertificateAuthorityArrayOutput) Index(i pulumi.IntInput) CertificateAuthorityOutput { 565 return pulumi.All(o, i).ApplyT(func(vs []interface{}) *CertificateAuthority { 566 return vs[0].([]*CertificateAuthority)[vs[1].(int)] 567 }).(CertificateAuthorityOutput) 568 } 569 570 type CertificateAuthorityMapOutput struct{ *pulumi.OutputState } 571 572 func (CertificateAuthorityMapOutput) ElementType() reflect.Type { 573 return reflect.TypeOf((*map[string]*CertificateAuthority)(nil)).Elem() 574 } 575 576 func (o CertificateAuthorityMapOutput) ToCertificateAuthorityMapOutput() CertificateAuthorityMapOutput { 577 return o 578 } 579 580 func (o CertificateAuthorityMapOutput) ToCertificateAuthorityMapOutputWithContext(ctx context.Context) CertificateAuthorityMapOutput { 581 return o 582 } 583 584 func (o CertificateAuthorityMapOutput) MapIndex(k pulumi.StringInput) CertificateAuthorityOutput { 585 return pulumi.All(o, k).ApplyT(func(vs []interface{}) *CertificateAuthority { 586 return vs[0].(map[string]*CertificateAuthority)[vs[1].(string)] 587 }).(CertificateAuthorityOutput) 588 } 589 590 func init() { 591 pulumi.RegisterInputType(reflect.TypeOf((*CertificateAuthorityInput)(nil)).Elem(), &CertificateAuthority{}) 592 pulumi.RegisterInputType(reflect.TypeOf((*CertificateAuthorityArrayInput)(nil)).Elem(), CertificateAuthorityArray{}) 593 pulumi.RegisterInputType(reflect.TypeOf((*CertificateAuthorityMapInput)(nil)).Elem(), CertificateAuthorityMap{}) 594 pulumi.RegisterOutputType(CertificateAuthorityOutput{}) 595 pulumi.RegisterOutputType(CertificateAuthorityArrayOutput{}) 596 pulumi.RegisterOutputType(CertificateAuthorityMapOutput{}) 597 }