google_network_security_client_tls_policy

ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.

To get more information about ClientTlsPolicy, see:

Open in Cloud Shell

Example Usage - Network Security Client Tls Policy Basic

resource "google_network_security_client_tls_policy" "default" {
  provider               = google-beta
  name                   = "my-client-tls-policy"
  labels                 = {
    foo = "bar"
  }
  description            = "my description"
  sni                    = "secure.example.com"
}
Open in Cloud Shell

Example Usage - Network Security Client Tls Policy Advanced

resource "google_network_security_client_tls_policy" "default" {
  provider               = google-beta
  name                   = "my-client-tls-policy"
  labels                 = {
    foo = "bar"
  }
  description            = "my description"
  client_certificate {
    certificate_provider_instance {
        plugin_instance = "google_cloud_private_spiffe"
      }
    }
  server_validation_ca {
    grpc_endpoint {
      target_uri = "unix:mypath"
    }
  }
  server_validation_ca {
    grpc_endpoint {
      target_uri = "unix:mypath1"
    }
  }
}

Argument Reference

The following arguments are supported:


The client_certificate block supports:

The grpc_endpoint block supports:

The certificate_provider_instance block supports:

The server_validation_ca block supports:

The grpc_endpoint block supports:

The certificate_provider_instance block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

ClientTlsPolicy can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import ClientTlsPolicy using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}"
  to = google_network_security_client_tls_policy.default
}

When using the terraform import command, ClientTlsPolicy can be imported using one of the formats above. For example:

$ terraform import google_network_security_client_tls_policy.default projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}
$ terraform import google_network_security_client_tls_policy.default {{project}}/{{location}}/{{name}}
$ terraform import google_network_security_client_tls_policy.default {{location}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.