TrustConfig represents a resource that represents your Public Key Infrastructure (PKI) configuration in Certificate Manager for use in mutual TLS authentication scenarios.
To get more information about TrustConfig, see:
resource "google_certificate_manager_trust_config" "default" {
name = "trust-config"
description = "sample description for the trust config"
location = "us-central1"
trust_stores {
trust_anchors {
pem_certificate = file("test-fixtures/cert.pem")
}
intermediate_cas {
pem_certificate = file("test-fixtures/cert.pem")
}
}
labels = {
foo = "bar"
}
}
The following arguments are supported:
name
-
(Required)
A user-defined name of the trust config. Trust config names must be unique globally.
location
-
(Required)
The trust config location.
labels
-
(Optional)
Set of label tags associated with the trust config.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
description
-
(Optional)
One or more paragraphs of text description of a trust config.
trust_stores
-
(Optional)
Set of trust stores to perform validation against.
This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation.
Structure is documented below.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The trust_stores
block supports:
trust_anchors
-
(Optional)
List of Trust Anchors to be used while performing validation against a given TrustStore.
Structure is documented below.
intermediate_cas
-
(Optional)
Set of intermediate CA certificates used for the path building phase of chain validation.
The field is currently not supported if trust config is used for the workload certificate feature.
Structure is documented below.
The trust_anchors
block supports:
pem_certificate
-
(Optional)
PEM root certificate of the PKI used for validation.
Each certificate provided in PEM format may occupy up to 5kB.
Note: This property is sensitive and will not be displayed in the plan.The intermediate_cas
block supports:
pem_certificate
-
(Optional)
PEM intermediate certificate used for building up paths for validation.
Each certificate provided in PEM format may occupy up to 5kB.
Note: This property is sensitive and will not be displayed in the plan.In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}
create_time
-
The creation timestamp of a TrustConfig.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
update_time
-
The last update timestamp of a TrustConfig.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.TrustConfig can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}
{{project}}/{{location}}/{{name}}
{{location}}/{{name}}
In Terraform v1.5.0 and later, use an import
block to import TrustConfig using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}"
to = google_certificate_manager_trust_config.default
}
When using the terraform import
command, TrustConfig can be imported using one of the formats above. For example:
$ terraform import google_certificate_manager_trust_config.default projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}
$ terraform import google_certificate_manager_trust_config.default {{project}}/{{location}}/{{name}}
$ terraform import google_certificate_manager_trust_config.default {{location}}/{{name}}
This resource supports User Project Overrides.