google_certificate_manager_certificate_issuance_config

Certificate represents a HTTP-reachable backend for a Certificate.

To get more information about CertificateIssuanceConfig, see:

Open in Cloud Shell

Example Usage - Certificate Manager Certificate Issuance Config

resource "google_certificate_manager_certificate_issuance_config" "default" {
  name    = "issuance-config"
  description = "sample description for the certificate issuanceConfigs"
  certificate_authority_config {
    certificate_authority_service_config {
        ca_pool = google_privateca_ca_pool.pool.id
    }
  }
  lifetime = "1814400s"
  rotation_window_percentage = 34
  key_algorithm = "ECDSA_P256"
  labels = { "name": "wrench", "count": "3" }

  depends_on=[google_privateca_certificate_authority.ca_authority]
}

resource "google_privateca_ca_pool" "pool" {
  name     = "ca-pool"
  location = "us-central1"
  tier     = "ENTERPRISE"
}

resource "google_privateca_certificate_authority" "ca_authority" {
  location = "us-central1"
  pool = google_privateca_ca_pool.pool.name
  certificate_authority_id = "ca-authority"
  config {
    subject_config {
      subject {
        organization = "HashiCorp"
        common_name = "my-certificate-authority"
      }
      subject_alt_name {
        dns_names = ["hashicorp.com"]
      }
    }
    x509_config {
      ca_options {
        is_ca = true
      }
      key_usage {
        base_key_usage {
          cert_sign = true
          crl_sign = true
        }
        extended_key_usage {
          server_auth = true
        }
      }
    }
  }
  key_spec {
    algorithm = "RSA_PKCS1_4096_SHA256"
  }

  // Disable CA deletion related safe checks for easier cleanup.
  deletion_protection                    = false
  skip_grace_period                      = true
  ignore_active_certificates_on_deletion = true
}

Argument Reference

The following arguments are supported:

The certificate_authority_config block supports:

The certificate_authority_service_config block supports:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

CertificateIssuanceConfig can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import CertificateIssuanceConfig using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}"
  to = google_certificate_manager_certificate_issuance_config.default
}

When using the terraform import command, CertificateIssuanceConfig can be imported using one of the formats above. For example:

$ terraform import google_certificate_manager_certificate_issuance_config.default projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}
$ terraform import google_certificate_manager_certificate_issuance_config.default {{project}}/{{location}}/{{name}}
$ terraform import google_certificate_manager_certificate_issuance_config.default {{location}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.