Google Cloud v8.23.0, Mar 24 25

Google Cloud v8.23.0 published on Monday, Mar 24, 2025 by Pulumi

gcp.sql.SslCert

Explore with Pulumi AI

Google Cloud v8.23.0 published on Monday, Mar 24, 2025 by Pulumi

Example Usage

Example creating a SQL Client Certificate.

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as random from "@pulumi/random";

const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4});
const main = new gcp.sql.DatabaseInstance("main", {
    name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,
    databaseVersion: "MYSQL_5_7",
    settings: {
        tier: "db-f1-micro",
    },
});
const clientCert = new gcp.sql.SslCert("client_cert", {
    commonName: "client-name",
    instance: main.name,
});

import pulumi
import pulumi_gcp as gcp
import pulumi_random as random

db_name_suffix = random.RandomId("db_name_suffix", byte_length=4)
main = gcp.sql.DatabaseInstance("main",
    name=db_name_suffix.hex.apply(lambda hex: f"main-instance-{hex}"),
    database_version="MYSQL_5_7",
    settings={
        "tier": "db-f1-micro",
    })
client_cert = gcp.sql.SslCert("client_cert",
    common_name="client-name",
    instance=main.name)

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql"
	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
			ByteLength: pulumi.Int(4),
		})
		if err != nil {
			return err
		}
		main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
			Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
				return fmt.Sprintf("main-instance-%v", hex), nil
			}).(pulumi.StringOutput),
			DatabaseVersion: pulumi.String("MYSQL_5_7"),
			Settings: &sql.DatabaseInstanceSettingsArgs{
				Tier: pulumi.String("db-f1-micro"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sql.NewSslCert(ctx, "client_cert", &sql.SslCertArgs{
			CommonName: pulumi.String("client-name"),
			Instance:   main.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Random = Pulumi.Random;

return await Deployment.RunAsync(() => 
{
    var dbNameSuffix = new Random.RandomId("db_name_suffix", new()
    {
        ByteLength = 4,
    });

    var main = new Gcp.Sql.DatabaseInstance("main", new()
    {
        Name = dbNameSuffix.Hex.Apply(hex => $"main-instance-{hex}"),
        DatabaseVersion = "MYSQL_5_7",
        Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
        {
            Tier = "db-f1-micro",
        },
    });

    var clientCert = new Gcp.Sql.SslCert("client_cert", new()
    {
        CommonName = "client-name",
        Instance = main.Name,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.RandomId;
import com.pulumi.random.RandomIdArgs;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.sql.SslCert;
import com.pulumi.gcp.sql.SslCertArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var dbNameSuffix = new RandomId("dbNameSuffix", RandomIdArgs.builder()
            .byteLength(4)
            .build());

        var main = new DatabaseInstance("main", DatabaseInstanceArgs.builder()
            .name(dbNameSuffix.hex().applyValue(hex -> String.format("main-instance-%s", hex)))
            .databaseVersion("MYSQL_5_7")
            .settings(DatabaseInstanceSettingsArgs.builder()
                .tier("db-f1-micro")
                .build())
            .build());

        var clientCert = new SslCert("clientCert", SslCertArgs.builder()
            .commonName("client-name")
            .instance(main.name())
            .build());

    }
}

resources:
  dbNameSuffix:
    type: random:RandomId
    name: db_name_suffix
    properties:
      byteLength: 4
  main:
    type: gcp:sql:DatabaseInstance
    properties:
      name: main-instance-${dbNameSuffix.hex}
      databaseVersion: MYSQL_5_7
      settings:
        tier: db-f1-micro
  clientCert:
    type: gcp:sql:SslCert
    name: client_cert
    properties:
      commonName: client-name
      instance: ${main.name}

Create SslCert Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new SslCert(name: string, args: SslCertArgs, opts?: CustomResourceOptions);

@overload
def SslCert(resource_name: str,
            args: SslCertArgs,
            opts: Optional[ResourceOptions] = None)

@overload
def SslCert(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            common_name: Optional[str] = None,
            instance: Optional[str] = None,
            project: Optional[str] = None)

func NewSslCert(ctx *Context, name string, args SslCertArgs, opts ...ResourceOption) (*SslCert, error)

public SslCert(string name, SslCertArgs args, CustomResourceOptions? opts = null)

public SslCert(String name, SslCertArgs args)
public SslCert(String name, SslCertArgs args, CustomResourceOptions options)

type: gcp:sql:SslCert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SslCertArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SslCertArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SslCertArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SslCertArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SslCertArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var sslCertResource = new Gcp.Sql.SslCert("sslCertResource", new()
{
    CommonName = "string",
    Instance = "string",
    Project = "string",
});

example, err := sql.NewSslCert(ctx, "sslCertResource", &sql.SslCertArgs{
	CommonName: pulumi.String("string"),
	Instance:   pulumi.String("string"),
	Project:    pulumi.String("string"),
})

var sslCertResource = new SslCert("sslCertResource", SslCertArgs.builder()
    .commonName("string")
    .instance("string")
    .project("string")
    .build());

ssl_cert_resource = gcp.sql.SslCert("sslCertResource",
    common_name="string",
    instance="string",
    project="string")

const sslCertResource = new gcp.sql.SslCert("sslCertResource", {
    commonName: "string",
    instance: "string",
    project: "string",
});

type: gcp:sql:SslCert
properties:
    commonName: string
    instance: string
    project: string

SslCert Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SslCert resource accepts the following input properties:

CommonName string: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
Instance string: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

CommonName string: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
Instance string: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

commonName String: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
instance String: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

commonName string: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
instance string: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

common_name str: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
instance str: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

commonName String: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
instance String: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Outputs

All input properties are implicitly available as output properties. Additionally, the SslCert resource produces the following output properties:

Cert string: The actual certificate data for this client certificate.
CertSerialNumber string: The serial number extracted from the certificate data.
CreateTime string: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
ExpirationTime string: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
Id string: The provider-assigned unique ID for this managed resource.
PrivateKey string: The private key associated with the client certificate.
ServerCaCert string: The CA cert of the server this client cert was generated from.
Sha1Fingerprint string: The SHA1 Fingerprint of the certificate.

Cert string: The actual certificate data for this client certificate.
CertSerialNumber string: The serial number extracted from the certificate data.
CreateTime string: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
ExpirationTime string: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
Id string: The provider-assigned unique ID for this managed resource.
PrivateKey string: The private key associated with the client certificate.
ServerCaCert string: The CA cert of the server this client cert was generated from.
Sha1Fingerprint string: The SHA1 Fingerprint of the certificate.

cert String: The actual certificate data for this client certificate.
certSerialNumber String: The serial number extracted from the certificate data.
createTime String: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
expirationTime String: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
id String: The provider-assigned unique ID for this managed resource.
privateKey String: The private key associated with the client certificate.
serverCaCert String: The CA cert of the server this client cert was generated from.
sha1Fingerprint String: The SHA1 Fingerprint of the certificate.

cert string: The actual certificate data for this client certificate.
certSerialNumber string: The serial number extracted from the certificate data.
createTime string: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
expirationTime string: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
id string: The provider-assigned unique ID for this managed resource.
privateKey string: The private key associated with the client certificate.
serverCaCert string: The CA cert of the server this client cert was generated from.
sha1Fingerprint string: The SHA1 Fingerprint of the certificate.

cert str: The actual certificate data for this client certificate.
cert_serial_number str: The serial number extracted from the certificate data.
create_time str: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
expiration_time str: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
id str: The provider-assigned unique ID for this managed resource.
private_key str: The private key associated with the client certificate.
server_ca_cert str: The CA cert of the server this client cert was generated from.
sha1_fingerprint str: The SHA1 Fingerprint of the certificate.

cert String: The actual certificate data for this client certificate.
certSerialNumber String: The serial number extracted from the certificate data.
createTime String: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
expirationTime String: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
id String: The provider-assigned unique ID for this managed resource.
privateKey String: The private key associated with the client certificate.
serverCaCert String: The CA cert of the server this client cert was generated from.
sha1Fingerprint String: The SHA1 Fingerprint of the certificate.

Look up Existing SslCert Resource

Get an existing SslCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: SslCertState, opts?: CustomResourceOptions): SslCert

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        cert: Optional[str] = None,
        cert_serial_number: Optional[str] = None,
        common_name: Optional[str] = None,
        create_time: Optional[str] = None,
        expiration_time: Optional[str] = None,
        instance: Optional[str] = None,
        private_key: Optional[str] = None,
        project: Optional[str] = None,
        server_ca_cert: Optional[str] = None,
        sha1_fingerprint: Optional[str] = None) -> SslCert

func GetSslCert(ctx *Context, name string, id IDInput, state *SslCertState, opts ...ResourceOption) (*SslCert, error)

public static SslCert Get(string name, Input<string> id, SslCertState? state, CustomResourceOptions? opts = null)

public static SslCert get(String name, Output<String> id, SslCertState state, CustomResourceOptions options)

resources:  _:    type: gcp:sql:SslCert    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Cert string: The actual certificate data for this client certificate.
CertSerialNumber string: The serial number extracted from the certificate data.
CommonName string: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
CreateTime string: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
ExpirationTime string: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
Instance string: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
PrivateKey string: The private key associated with the client certificate.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
ServerCaCert string: The CA cert of the server this client cert was generated from.
Sha1Fingerprint string: The SHA1 Fingerprint of the certificate.

Cert string: The actual certificate data for this client certificate.
CertSerialNumber string: The serial number extracted from the certificate data.
CommonName string: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
CreateTime string: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
ExpirationTime string: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
Instance string: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
PrivateKey string: The private key associated with the client certificate.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
ServerCaCert string: The CA cert of the server this client cert was generated from.
Sha1Fingerprint string: The SHA1 Fingerprint of the certificate.

cert String: The actual certificate data for this client certificate.
certSerialNumber String: The serial number extracted from the certificate data.
commonName String: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
createTime String: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
expirationTime String: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
instance String: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
privateKey String: The private key associated with the client certificate.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
serverCaCert String: The CA cert of the server this client cert was generated from.
sha1Fingerprint String: The SHA1 Fingerprint of the certificate.

cert string: The actual certificate data for this client certificate.
certSerialNumber string: The serial number extracted from the certificate data.
commonName string: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
createTime string: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
expirationTime string: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
instance string: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
privateKey string: The private key associated with the client certificate.
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
serverCaCert string: The CA cert of the server this client cert was generated from.
sha1Fingerprint string: The SHA1 Fingerprint of the certificate.

cert str: The actual certificate data for this client certificate.
cert_serial_number str: The serial number extracted from the certificate data.
common_name str: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
create_time str: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
expiration_time str: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
instance str: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
private_key str: The private key associated with the client certificate.
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
server_ca_cert str: The CA cert of the server this client cert was generated from.
sha1_fingerprint str: The SHA1 Fingerprint of the certificate.

cert String: The actual certificate data for this client certificate.
certSerialNumber String: The serial number extracted from the certificate data.
commonName String: The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
createTime String: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
expirationTime String: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
instance String: The name of the Cloud SQL instance. Changing this forces a new resource to be created.
privateKey String: The private key associated with the client certificate.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
serverCaCert String: The CA cert of the server this client cert was generated from.
sha1Fingerprint String: The SHA1 Fingerprint of the certificate.

Import

Since the contents of the certificate cannot be accessed after its creation, this resource cannot be imported.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud v8.23.0 published on Monday, Mar 24, 2025 by Pulumi

pulumi/pulumi-gcp

gcp.sql.SslCert

On this page

On this page

Example Usage

Create SslCert Resource

Constructor syntax

Parameters

Constructor example

SslCert Resource Properties

Inputs

Outputs

Look up Existing SslCert Resource

Import

Package Details

On this page

On this page