An Environment Keystore Alias for Self Signed Certificate Format in Apigee
To get more information about KeystoresAliasesSelfSignedCert, see:
resource "google_project" "project" {
project_id = "my-project"
name = "my-project"
org_id = "123456789"
billing_account = "000000-0000000-0000000-000000"
}
resource "google_project_service" "apigee" {
project = google_project.project.project_id
service = "apigee.googleapis.com"
}
resource "google_project_service" "servicenetworking" {
project = google_project.project.project_id
service = "servicenetworking.googleapis.com"
depends_on = [google_project_service.apigee]
}
resource "google_project_service" "compute" {
project = google_project.project.project_id
service = "compute.googleapis.com"
depends_on = [google_project_service.servicenetworking]
}
resource "google_compute_network" "apigee_network" {
name = "apigee-network"
project = google_project.project.project_id
depends_on = [google_project_service.compute]
}
resource "google_compute_global_address" "apigee_range" {
name = "apigee-range"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = google_compute_network.apigee_network.id
project = google_project.project.project_id
}
resource "google_service_networking_connection" "apigee_vpc_connection" {
network = google_compute_network.apigee_network.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
depends_on = [google_project_service.servicenetworking]
}
resource "google_apigee_organization" "apigee_org" {
analytics_region = "us-central1"
project_id = google_project.project.project_id
authorized_network = google_compute_network.apigee_network.id
depends_on = [
google_service_networking_connection.apigee_vpc_connection,
google_project_service.apigee,
]
}
resource "google_apigee_environment" "apigee_environment_keystore_ss_alias" {
org_id = google_apigee_organization.apigee_org.id
name = "env-name"
description = "Apigee Environment"
display_name = "environment-1"
}
resource "google_apigee_env_keystore" "apigee_environment_keystore_alias" {
name = "env-keystore"
env_id = google_apigee_environment.apigee_environment_keystore_ss_alias.id
}
resource "google_apigee_keystores_aliases_self_signed_cert" "apigee_environment_keystore_ss_alias" {
environment = google_apigee_environment.apigee_environment_keystore_ss_alias.name
org_id = google_apigee_organization.apigee_org.name
keystore = google_apigee_env_keystore.apigee_environment_keystore_alias.name
alias = "alias"
key_size = 1024
sig_alg = "SHA512withRSA"
cert_validity_in_days = 4
subject {
common_name = "selfsigned_example"
country_code = "US"
locality = "TX"
org = "CCE"
org_unit = "PSO"
}
}
The following arguments are supported:
org_id
-
(Required)
The Apigee Organization name associated with the Apigee environment
environment
-
(Required)
The Apigee environment name
keystore
-
(Required)
The Apigee keystore name associated in an Apigee environment
alias
-
(Required)
Alias for the key/certificate pair. Values must match the regular expression [\w\s-.]{1,255}.
This must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either
this parameter or the JSON body.
sig_alg
-
(Required)
Signature algorithm to generate private key. Valid values are SHA512withRSA, SHA384withRSA, and SHA256withRSA
subject
-
(Required)
Subject details.
Structure is documented below.
country_code
-
(Optional)
Two-letter country code. Example, IN for India, US for United States of America.
state
-
(Optional)
State or district name. Maximum length is 128 characters.
locality
-
(Optional)
City or town name. Maximum length is 128 characters.
org
-
(Optional)
Organization name. Maximum length is 64 characters.
org_unit
-
(Optional)
Organization team name. Maximum length is 64 characters.
common_name
-
(Optional)
Common name of the organization. Maximum length is 64 characters.
email
-
(Optional)
Email address. Max 255 characters.
subject_alternative_dns_names
-
(Optional)
List of alternative host names. Maximum length is 255 characters for each value.
Structure is documented below.
key_size
-
(Optional)
Key size. Default and maximum value is 2048 bits.
cert_validity_in_days
-
(Optional)
Validity duration of certificate, in days. Accepts positive non-zero value. Defaults to 365.
The subject_alternative_dns_names
block supports:
subject_alternative_name
-
(Optional)
Subject Alternative NameIn addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}
certs_info
-
Chain of certificates under this alias.
Structure is documented below.
type
-
Optional.Type of Alias
The certs_info
block contains:
cert_info
-
(Output)
List of all properties in the object.
Structure is documented below.version
-
(Output)
X.509 version.
subject
-
(Output)
X.509 subject.
issuer
-
(Output)
X.509 issuer.
expiry_date
-
(Output)
X.509 notAfter validity period in milliseconds since epoch.
valid_from
-
(Output)
X.509 notBefore validity period in milliseconds since epoch.
is_valid
-
(Output)
Flag that specifies whether the certificate is valid.
Flag is set to Yes if the certificate is valid, No if expired, or Not yet if not yet valid.
subject_alternative_names
-
(Output)
X.509 subject alternative names (SANs) extension.
sig_alg_name
-
(Output)
X.509 signatureAlgorithm.
public_key
-
(Output)
Public key component of the X.509 subject public key info.
basic_constraints
-
(Output)
X.509 basic constraints extension.
serial_number
-
(Output)
X.509 serial number.
This resource provides the following Timeouts configuration options:
create
- Default is 30 minutes.delete
- Default is 30 minutes.KeystoresAliasesSelfSignedCert can be imported using any of these accepted formats:
organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}
{{org_id}}/{{environment}}/{{keystore}}/{{alias}}
In Terraform v1.5.0 and later, use an import
block to import KeystoresAliasesSelfSignedCert using one of the formats above. For example:
import {
id = "organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}"
to = google_apigee_keystores_aliases_self_signed_cert.default
}
When using the terraform import
command, KeystoresAliasesSelfSignedCert can be imported using one of the formats above. For example:
$ terraform import google_apigee_keystores_aliases_self_signed_cert.default organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}
$ terraform import google_apigee_keystores_aliases_self_signed_cert.default {{org_id}}/{{environment}}/{{keystore}}/{{alias}}