Skip to content

googleSqlCaCerts

Get all of the trusted Certificate Authorities (CAs) for the specified SQL database instance. For more information see the official documentation and API.

Example Usage

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const dataGoogleSqlCaCertsCaCerts =
  new google.dataGoogleSqlCaCerts.DataGoogleSqlCaCerts(this, "ca_certs", {
    instance: "primary-database-server",
  });
const furthestExpirationTime = [
  `\${reverse(sort([for k, v in ${dataGoogleSqlCaCertsCaCerts.certs} : v.expiration_time]))[0]}`,
];
const latestCaCert = [
  `\${[for v in ${dataGoogleSqlCaCertsCaCerts.certs} : v.cert if v.expiration_time == ${furthestExpirationTime}]}`,
];
new cdktf.TerraformOutput(this, "db_latest_ca_cert", {
  value: latestCaCert,
  description: "Latest CA cert used by the primary database server",
  sensitive: true,
});

Argument Reference

The following arguments are supported:

  • instance - (Required) The name or self link of the instance.
  • project - (Optional) The ID of the project in which the resource belongs. If project is not provided, the provider project is used.

Attributes Reference

The following attributes are exported:

  • activeVersion - SHA1 fingerprint of the currently active CA certificate.

  • certs - A list of server CA certificates for the instance. Each contains:

    • cert - The CA certificate used to connect to the SQL instance via SSL.
    • commonName - The CN valid for the CA cert.
    • createTime - Creation time of the CA cert.
    • expirationTime - Expiration time of the CA cert.
    • sha1Fingerprint - SHA1 fingerprint of the CA cert.