Skip to content

googleCertificateManagerCertificate

Certificate represents a HTTP-reachable backend for a Certificate.

\~> Warning: All arguments including selfManagedCertificatePem, selfManagedPrivateKeyPem, and selfManagedPemPrivateKey will be stored in the raw state as plain-text. Read more about sensitive data in state.

Open in Cloud Shell

Example Usage - Certificate Manager Google Managed Certificate

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleCertificateManagerDnsAuthorizationInstance =
  new google.certificateManagerDnsAuthorization.CertificateManagerDnsAuthorization(
    this,
    "instance",
    {
      description: "The default dnss",
      domain: "subdomain.hashicorptest.com",
      name: "dns-auth",
    }
  );
const googleCertificateManagerDnsAuthorizationInstance2 =
  new google.certificateManagerDnsAuthorization.CertificateManagerDnsAuthorization(
    this,
    "instance2",
    {
      description: "The default dnss",
      domain: "subdomain2.hashicorptest.com",
      name: "dns-auth2",
    }
  );
new google.certificateManagerCertificate.CertificateManagerCertificate(
  this,
  "default",
  {
    description: "The default cert",
    managed: [
      {
        dns_authorizations: [
          googleCertificateManagerDnsAuthorizationInstance.id,
          googleCertificateManagerDnsAuthorizationInstance2.id,
        ],
        domains: [
          googleCertificateManagerDnsAuthorizationInstance.domain,
          googleCertificateManagerDnsAuthorizationInstance2.domain,
        ],
      },
    ],
    name: "dns-cert",
    scope: "EDGE_CACHE",
  }
);
Open in Cloud Shell

Example Usage - Certificate Manager Self Managed Certificate

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.certificateManagerCertificate.CertificateManagerCertificate(
  this,
  "default",
  {
    description: "The default cert",
    name: "self-managed-cert",
    scope: "EDGE_CACHE",
    self_managed: [
      {
        pem_certificate: '${file("test-fixtures/certificatemanager/cert.pem")}',
        pem_private_key:
          '${file("test-fixtures/certificatemanager/private-key.pem")}',
      },
    ],
  }
);

Argument Reference

The following arguments are supported:

  • name - (Required) A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.

  • description - (Optional) A human-readable description of the resource.

  • labels - (Optional) Set of label tags associated with the Certificate resource.

  • scope - (Optional) The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.

  • selfManaged - (Optional) Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

  • managed - (Optional) Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The selfManaged block supports:

  • certificatePem - (Optional, Deprecated) Deprecated The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

  • privateKeyPem - (Optional, Deprecated) Deprecated The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

  • pemCertificate - (Optional) The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any.

  • pemPrivateKey - (Optional) The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

The managed block supports:

  • domains - (Optional) The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution

  • dnsAuthorizations - (Optional) Authorizations that will be used for performing domain authorization

  • state - (Output) A state of this Managed Certificate.

  • provisioningIssue - (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.

  • authorizationAttemptInfo - (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.

The provisioningIssue block contains:

  • reason - (Output) Reason for provisioning failures.

  • details - (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field.

The authorizationAttemptInfo block contains:

  • domain - (Output) Domain name of the authorization attempt.

  • state - (Output) State of the domain for managed certificate issuance.

  • failureReason - (Output) Reason for failure of the authorization attempt for the domain.

  • details - (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failureReason field.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/locations/global/certificates/{{name}}

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

Certificate can be imported using any of these accepted formats:

$ terraform import google_certificate_manager_certificate.default projects/{{project}}/locations/global/certificates/{{name}}
$ terraform import google_certificate_manager_certificate.default {{project}}/{{name}}
$ terraform import google_certificate_manager_certificate.default {{name}}

User Project Overrides

This resource supports User Project Overrides.