google_network_security_server_tls_policy

ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.

To get more information about ServerTlsPolicy, see:

Open in Cloud Shell

Example Usage - Network Security Server Tls Policy Basic

resource "google_network_security_server_tls_policy" "default" {
  provider               = google-beta
  name                   = "my-server-tls-policy"
  labels                 = {
    foo = "bar"
  }
  description            = "my description"
  allow_open             = "false"
  server_certificate {
    certificate_provider_instance {
        plugin_instance = "google_cloud_private_spiffe"
      }
  }
  mtls_policy {
    client_validation_ca {
      grpc_endpoint {
        target_uri = "unix:mypath"
      }
    }
    client_validation_ca {
      grpc_endpoint {
        target_uri = "unix:abc/mypath"
      }
    }
    client_validation_ca {
      certificate_provider_instance {
        plugin_instance = "google_cloud_private_spiffe"
      }
    }
  }
}
Open in Cloud Shell

Example Usage - Network Security Server Tls Policy Advanced

resource "google_network_security_server_tls_policy" "default" {
  provider               = google-beta
  name                   = "my-server-tls-policy"
  labels                 = {
    foo = "bar"
  }
  description            = "my description"
  location               = "global"
  allow_open             = "false"
  mtls_policy {
    client_validation_mode = "ALLOW_INVALID_OR_MISSING_CLIENT_CERT"
  }
}
Open in Cloud Shell

Example Usage - Network Security Server Tls Policy Server Cert

resource "google_network_security_server_tls_policy" "default" {
  provider               = google-beta
  name                   = "my-server-tls-policy"
  labels                 = {
    foo = "bar"
  }
  description            = "my description"
  location               = "global"
  allow_open             = "false"
  server_certificate {
    grpc_endpoint {
        target_uri = "unix:mypath"
      }
  }
}
Open in Cloud Shell

Example Usage - Network Security Server Tls Policy Mtls

data "google_project" "project" {
  provider = google-beta
}

resource "google_network_security_server_tls_policy" "default" {
  provider = google-beta
  name     = "my-server-tls-policy"

  description = "my description"
  location    = "global"
  allow_open  = "false"

  mtls_policy {
    client_validation_mode         = "REJECT_INVALID"
    client_validation_trust_config = "projects/${data.google_project.project.number}/locations/global/trustConfigs/${google_certificate_manager_trust_config.default.name}"
  }

  labels = {
    foo = "bar"
  }
}

resource "google_certificate_manager_trust_config" "default" {
  provider    = google-beta
  name        = "my-trust-config"
  description = "sample trust config description"
  location    = "global"

  trust_stores {
    trust_anchors {
      pem_certificate = file("test-fixtures/ca_cert.pem")
    }
    intermediate_cas {
      pem_certificate = file("test-fixtures/ca_cert.pem")
    }
  }

  labels = {
    foo = "bar"
  }
}

Argument Reference

The following arguments are supported:


The server_certificate block supports:

The grpc_endpoint block supports:

The certificate_provider_instance block supports:

The mtls_policy block supports:

The client_validation_ca block supports:

The grpc_endpoint block supports:

The certificate_provider_instance block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

ServerTlsPolicy can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import ServerTlsPolicy using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}"
  to = google_network_security_server_tls_policy.default
}

When using the terraform import command, ServerTlsPolicy can be imported using one of the formats above. For example:

$ terraform import google_network_security_server_tls_policy.default projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}
$ terraform import google_network_security_server_tls_policy.default {{project}}/{{location}}/{{name}}
$ terraform import google_network_security_server_tls_policy.default {{location}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.