Docs Home
Google Cloud v8.23.0 published on Monday, Mar 24, 2025 by Pulumi
gcp.networksecurity.BackendAuthenticationConfig
Explore with Pulumi AI
Example Usage
Network Security Backend Authentication Config Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.BackendAuthenticationConfig("default", {
name: "my-backend-authentication-config",
labels: {
foo: "bar",
},
description: "my description",
wellKnownRoots: "PUBLIC_ROOTS",
});
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.BackendAuthenticationConfig("default",
name="my-backend-authentication-config",
labels={
"foo": "bar",
},
description="my description",
well_known_roots="PUBLIC_ROOTS")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networksecurity.NewBackendAuthenticationConfig(ctx, "default", &networksecurity.BackendAuthenticationConfigArgs{
Name: pulumi.String("my-backend-authentication-config"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Description: pulumi.String("my description"),
WellKnownRoots: pulumi.String("PUBLIC_ROOTS"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.BackendAuthenticationConfig("default", new()
{
Name = "my-backend-authentication-config",
Labels =
{
{ "foo", "bar" },
},
Description = "my description",
WellKnownRoots = "PUBLIC_ROOTS",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfig;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new BackendAuthenticationConfig("default", BackendAuthenticationConfigArgs.builder()
.name("my-backend-authentication-config")
.labels(Map.of("foo", "bar"))
.description("my description")
.wellKnownRoots("PUBLIC_ROOTS")
.build());
}
}
resources:
default:
type: gcp:networksecurity:BackendAuthenticationConfig
properties:
name: my-backend-authentication-config
labels:
foo: bar
description: my description
wellKnownRoots: PUBLIC_ROOTS
Network Security Backend Authentication Config Full
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const certificate = new gcp.certificatemanager.Certificate("certificate", {
name: "my-certificate",
labels: {
foo: "bar",
},
location: "global",
selfManaged: {
pemCertificate: std.file({
input: "test-fixtures/cert.pem",
}).then(invoke => invoke.result),
pemPrivateKey: std.file({
input: "test-fixtures/key.pem",
}).then(invoke => invoke.result),
},
scope: "CLIENT_AUTH",
});
const trustConfig = new gcp.certificatemanager.TrustConfig("trust_config", {
name: "my-trust-config",
description: "sample description for the trust config",
location: "global",
trustStores: [{
trustAnchors: [{
pemCertificate: std.file({
input: "test-fixtures/cert.pem",
}).then(invoke => invoke.result),
}],
intermediateCas: [{
pemCertificate: std.file({
input: "test-fixtures/cert.pem",
}).then(invoke => invoke.result),
}],
}],
labels: {
foo: "bar",
},
});
const _default = new gcp.networksecurity.BackendAuthenticationConfig("default", {
name: "my-backend-authentication-config",
labels: {
bar: "foo",
},
location: "global",
description: "my description",
wellKnownRoots: "PUBLIC_ROOTS",
clientCertificate: certificate.id,
trustConfig: trustConfig.id,
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
certificate = gcp.certificatemanager.Certificate("certificate",
name="my-certificate",
labels={
"foo": "bar",
},
location="global",
self_managed={
"pem_certificate": std.file(input="test-fixtures/cert.pem").result,
"pem_private_key": std.file(input="test-fixtures/key.pem").result,
},
scope="CLIENT_AUTH")
trust_config = gcp.certificatemanager.TrustConfig("trust_config",
name="my-trust-config",
description="sample description for the trust config",
location="global",
trust_stores=[{
"trust_anchors": [{
"pem_certificate": std.file(input="test-fixtures/cert.pem").result,
}],
"intermediate_cas": [{
"pem_certificate": std.file(input="test-fixtures/cert.pem").result,
}],
}],
labels={
"foo": "bar",
})
default = gcp.networksecurity.BackendAuthenticationConfig("default",
name="my-backend-authentication-config",
labels={
"bar": "foo",
},
location="global",
description="my description",
well_known_roots="PUBLIC_ROOTS",
client_certificate=certificate.id,
trust_config=trust_config.id)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/key.pem",
}, nil)
if err != nil {
return err
}
certificate, err := certificatemanager.NewCertificate(ctx, "certificate", &certificatemanager.CertificateArgs{
Name: pulumi.String("my-certificate"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Location: pulumi.String("global"),
SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
PemCertificate: pulumi.String(invokeFile.Result),
PemPrivateKey: pulumi.String(invokeFile1.Result),
},
Scope: pulumi.String("CLIENT_AUTH"),
})
if err != nil {
return err
}
invokeFile2, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile3, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert.pem",
}, nil)
if err != nil {
return err
}
trustConfig, err := certificatemanager.NewTrustConfig(ctx, "trust_config", &certificatemanager.TrustConfigArgs{
Name: pulumi.String("my-trust-config"),
Description: pulumi.String("sample description for the trust config"),
Location: pulumi.String("global"),
TrustStores: certificatemanager.TrustConfigTrustStoreArray{
&certificatemanager.TrustConfigTrustStoreArgs{
TrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{
&certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{
PemCertificate: pulumi.String(invokeFile2.Result),
},
},
IntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{
&certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{
PemCertificate: pulumi.String(invokeFile3.Result),
},
},
},
},
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
_, err = networksecurity.NewBackendAuthenticationConfig(ctx, "default", &networksecurity.BackendAuthenticationConfigArgs{
Name: pulumi.String("my-backend-authentication-config"),
Labels: pulumi.StringMap{
"bar": pulumi.String("foo"),
},
Location: pulumi.String("global"),
Description: pulumi.String("my description"),
WellKnownRoots: pulumi.String("PUBLIC_ROOTS"),
ClientCertificate: certificate.ID(),
TrustConfig: trustConfig.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var certificate = new Gcp.CertificateManager.Certificate("certificate", new()
{
Name = "my-certificate",
Labels =
{
{ "foo", "bar" },
},
Location = "global",
SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert.pem",
}).Apply(invoke => invoke.Result),
PemPrivateKey = Std.File.Invoke(new()
{
Input = "test-fixtures/key.pem",
}).Apply(invoke => invoke.Result),
},
Scope = "CLIENT_AUTH",
});
var trustConfig = new Gcp.CertificateManager.TrustConfig("trust_config", new()
{
Name = "my-trust-config",
Description = "sample description for the trust config",
Location = "global",
TrustStores = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs
{
TrustAnchors = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert.pem",
}).Apply(invoke => invoke.Result),
},
},
IntermediateCas = new[]
{
new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert.pem",
}).Apply(invoke => invoke.Result),
},
},
},
},
Labels =
{
{ "foo", "bar" },
},
});
var @default = new Gcp.NetworkSecurity.BackendAuthenticationConfig("default", new()
{
Name = "my-backend-authentication-config",
Labels =
{
{ "bar", "foo" },
},
Location = "global",
Description = "my description",
WellKnownRoots = "PUBLIC_ROOTS",
ClientCertificate = certificate.Id,
TrustConfig = trustConfig.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
import com.pulumi.gcp.certificatemanager.TrustConfig;
import com.pulumi.gcp.certificatemanager.TrustConfigArgs;
import com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfig;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var certificate = new Certificate("certificate", CertificateArgs.builder()
.name("my-certificate")
.labels(Map.of("foo", "bar"))
.location("global")
.selfManaged(CertificateSelfManagedArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert.pem")
.build()).result())
.pemPrivateKey(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/key.pem")
.build()).result())
.build())
.scope("CLIENT_AUTH")
.build());
var trustConfig = new TrustConfig("trustConfig", TrustConfigArgs.builder()
.name("my-trust-config")
.description("sample description for the trust config")
.location("global")
.trustStores(TrustConfigTrustStoreArgs.builder()
.trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert.pem")
.build()).result())
.build())
.intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert.pem")
.build()).result())
.build())
.build())
.labels(Map.of("foo", "bar"))
.build());
var default_ = new BackendAuthenticationConfig("default", BackendAuthenticationConfigArgs.builder()
.name("my-backend-authentication-config")
.labels(Map.of("bar", "foo"))
.location("global")
.description("my description")
.wellKnownRoots("PUBLIC_ROOTS")
.clientCertificate(certificate.id())
.trustConfig(trustConfig.id())
.build());
}
}
resources:
certificate:
type: gcp:certificatemanager:Certificate
properties:
name: my-certificate
labels:
foo: bar
location: global
selfManaged:
pemCertificate:
fn::invoke:
function: std:file
arguments:
input: test-fixtures/cert.pem
return: result
pemPrivateKey:
fn::invoke:
function: std:file
arguments:
input: test-fixtures/key.pem
return: result
scope: CLIENT_AUTH
trustConfig:
type: gcp:certificatemanager:TrustConfig
name: trust_config
properties:
name: my-trust-config
description: sample description for the trust config
location: global
trustStores:
- trustAnchors:
- pemCertificate:
fn::invoke:
function: std:file
arguments:
input: test-fixtures/cert.pem
return: result
intermediateCas:
- pemCertificate:
fn::invoke:
function: std:file
arguments:
input: test-fixtures/cert.pem
return: result
labels:
foo: bar
default:
type: gcp:networksecurity:BackendAuthenticationConfig
properties:
name: my-backend-authentication-config
labels:
bar: foo
location: global
description: my description
wellKnownRoots: PUBLIC_ROOTS
clientCertificate: ${certificate.id}
trustConfig: ${trustConfig.id}
Create BackendAuthenticationConfig Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new BackendAuthenticationConfig(name: string, args?: BackendAuthenticationConfigArgs, opts?: CustomResourceOptions);@overload
def BackendAuthenticationConfig(resource_name: str,
args: Optional[BackendAuthenticationConfigArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def BackendAuthenticationConfig(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_certificate: Optional[str] = None,
description: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
project: Optional[str] = None,
trust_config: Optional[str] = None,
well_known_roots: Optional[str] = None)func NewBackendAuthenticationConfig(ctx *Context, name string, args *BackendAuthenticationConfigArgs, opts ...ResourceOption) (*BackendAuthenticationConfig, error)public BackendAuthenticationConfig(string name, BackendAuthenticationConfigArgs? args = null, CustomResourceOptions? opts = null)
public BackendAuthenticationConfig(String name, BackendAuthenticationConfigArgs args)
public BackendAuthenticationConfig(String name, BackendAuthenticationConfigArgs args, CustomResourceOptions options)
type: gcp:networksecurity:BackendAuthenticationConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args BackendAuthenticationConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BackendAuthenticationConfigArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BackendAuthenticationConfigArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BackendAuthenticationConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BackendAuthenticationConfigArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var backendAuthenticationConfigResource = new Gcp.NetworkSecurity.BackendAuthenticationConfig("backendAuthenticationConfigResource", new()
{
ClientCertificate = "string",
Description = "string",
Labels =
{
{ "string", "string" },
},
Location = "string",
Name = "string",
Project = "string",
TrustConfig = "string",
WellKnownRoots = "string",
});
example, err := networksecurity.NewBackendAuthenticationConfig(ctx, "backendAuthenticationConfigResource", &networksecurity.BackendAuthenticationConfigArgs{
ClientCertificate: pulumi.String("string"),
Description: pulumi.String("string"),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Location: pulumi.String("string"),
Name: pulumi.String("string"),
Project: pulumi.String("string"),
TrustConfig: pulumi.String("string"),
WellKnownRoots: pulumi.String("string"),
})
var backendAuthenticationConfigResource = new BackendAuthenticationConfig("backendAuthenticationConfigResource", BackendAuthenticationConfigArgs.builder()
.clientCertificate("string")
.description("string")
.labels(Map.of("string", "string"))
.location("string")
.name("string")
.project("string")
.trustConfig("string")
.wellKnownRoots("string")
.build());
backend_authentication_config_resource = gcp.networksecurity.BackendAuthenticationConfig("backendAuthenticationConfigResource",
client_certificate="string",
description="string",
labels={
"string": "string",
},
location="string",
name="string",
project="string",
trust_config="string",
well_known_roots="string")
const backendAuthenticationConfigResource = new gcp.networksecurity.BackendAuthenticationConfig("backendAuthenticationConfigResource", {
clientCertificate: "string",
description: "string",
labels: {
string: "string",
},
location: "string",
name: "string",
project: "string",
trustConfig: "string",
wellKnownRoots: "string",
});
type: gcp:networksecurity:BackendAuthenticationConfig
properties:
clientCertificate: string
description: string
labels:
string: string
location: string
name: string
project: string
trustConfig: string
wellKnownRoots: string
BackendAuthenticationConfig Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The BackendAuthenticationConfig resource accepts the following input properties:
- Client
Certificate string - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Labels Dictionary<string, string>
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Location string
- The location of the backend authentication config.
The default value is
global. - Name string
- Name of the BackendAuthenticationConfig resource.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Trust
Config string - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- Well
Known stringRoots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
- Client
Certificate string - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Labels map[string]string
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Location string
- The location of the backend authentication config.
The default value is
global. - Name string
- Name of the BackendAuthenticationConfig resource.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Trust
Config string - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- Well
Known stringRoots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
- client
Certificate String - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- description String
- A free-text description of the resource. Max length 1024 characters.
- labels Map<String,String>
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location String
- The location of the backend authentication config.
The default value is
global. - name String
- Name of the BackendAuthenticationConfig resource.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- trust
Config String - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- well
Known StringRoots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
- client
Certificate string - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- description string
- A free-text description of the resource. Max length 1024 characters.
- labels {[key: string]: string}
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location string
- The location of the backend authentication config.
The default value is
global. - name string
- Name of the BackendAuthenticationConfig resource.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- trust
Config string - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- well
Known stringRoots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
- client_
certificate str - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- description str
- A free-text description of the resource. Max length 1024 characters.
- labels Mapping[str, str]
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location str
- The location of the backend authentication config.
The default value is
global. - name str
- Name of the BackendAuthenticationConfig resource.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- trust_
config str - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- well_
known_ strroots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
- client
Certificate String - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- description String
- A free-text description of the resource. Max length 1024 characters.
- labels Map<String>
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location String
- The location of the backend authentication config.
The default value is
global. - name String
- Name of the BackendAuthenticationConfig resource.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- trust
Config String - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- well
Known StringRoots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
Outputs
All input properties are implicitly available as output properties. Additionally, the BackendAuthenticationConfig resource produces the following output properties:
- Create
Time string - Time the BackendAuthenticationConfig was created in UTC.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Update
Time string - Time the BackendAuthenticationConfig was updated in UTC.
- Create
Time string - Time the BackendAuthenticationConfig was created in UTC.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Update
Time string - Time the BackendAuthenticationConfig was updated in UTC.
- create
Time String - Time the BackendAuthenticationConfig was created in UTC.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time String - Time the BackendAuthenticationConfig was updated in UTC.
- create
Time string - Time the BackendAuthenticationConfig was created in UTC.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id string
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time string - Time the BackendAuthenticationConfig was updated in UTC.
- create_
time str - Time the BackendAuthenticationConfig was created in UTC.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id str
- The provider-assigned unique ID for this managed resource.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- update_
time str - Time the BackendAuthenticationConfig was updated in UTC.
- create
Time String - Time the BackendAuthenticationConfig was created in UTC.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time String - Time the BackendAuthenticationConfig was updated in UTC.
Look up Existing BackendAuthenticationConfig Resource
Get an existing BackendAuthenticationConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BackendAuthenticationConfigState, opts?: CustomResourceOptions): BackendAuthenticationConfig@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
client_certificate: Optional[str] = None,
create_time: Optional[str] = None,
description: Optional[str] = None,
effective_labels: Optional[Mapping[str, str]] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
project: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
trust_config: Optional[str] = None,
update_time: Optional[str] = None,
well_known_roots: Optional[str] = None) -> BackendAuthenticationConfigfunc GetBackendAuthenticationConfig(ctx *Context, name string, id IDInput, state *BackendAuthenticationConfigState, opts ...ResourceOption) (*BackendAuthenticationConfig, error)public static BackendAuthenticationConfig Get(string name, Input<string> id, BackendAuthenticationConfigState? state, CustomResourceOptions? opts = null)public static BackendAuthenticationConfig get(String name, Output<String> id, BackendAuthenticationConfigState state, CustomResourceOptions options)resources: _: type: gcp:networksecurity:BackendAuthenticationConfig get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Client
Certificate string - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- Create
Time string - Time the BackendAuthenticationConfig was created in UTC.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Labels Dictionary<string, string>
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Location string
- The location of the backend authentication config.
The default value is
global. - Name string
- Name of the BackendAuthenticationConfig resource.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Trust
Config string - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- Update
Time string - Time the BackendAuthenticationConfig was updated in UTC.
- Well
Known stringRoots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
- Client
Certificate string - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- Create
Time string - Time the BackendAuthenticationConfig was created in UTC.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Labels map[string]string
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - Location string
- The location of the backend authentication config.
The default value is
global. - Name string
- Name of the BackendAuthenticationConfig resource.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Trust
Config string - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- Update
Time string - Time the BackendAuthenticationConfig was updated in UTC.
- Well
Known stringRoots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
- client
Certificate String - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- create
Time String - Time the BackendAuthenticationConfig was created in UTC.
- description String
- A free-text description of the resource. Max length 1024 characters.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels Map<String,String>
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location String
- The location of the backend authentication config.
The default value is
global. - name String
- Name of the BackendAuthenticationConfig resource.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- trust
Config String - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- update
Time String - Time the BackendAuthenticationConfig was updated in UTC.
- well
Known StringRoots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
- client
Certificate string - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- create
Time string - Time the BackendAuthenticationConfig was created in UTC.
- description string
- A free-text description of the resource. Max length 1024 characters.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels {[key: string]: string}
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location string
- The location of the backend authentication config.
The default value is
global. - name string
- Name of the BackendAuthenticationConfig resource.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- trust
Config string - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- update
Time string - Time the BackendAuthenticationConfig was updated in UTC.
- well
Known stringRoots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
- client_
certificate str - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- create_
time str - Time the BackendAuthenticationConfig was created in UTC.
- description str
- A free-text description of the resource. Max length 1024 characters.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels Mapping[str, str]
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location str
- The location of the backend authentication config.
The default value is
global. - name str
- Name of the BackendAuthenticationConfig resource.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- trust_
config str - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- update_
time str - Time the BackendAuthenticationConfig was updated in UTC.
- well_
known_ strroots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
- client
Certificate String - Reference to a Certificate resource from the certificatemanager.googleapis.com namespace. Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope.
- create
Time String - Time the BackendAuthenticationConfig was created in UTC.
- description String
- A free-text description of the resource. Max length 1024 characters.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- labels Map<String>
- Set of label tags associated with the BackendAuthenticationConfig resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labelsfor all of the labels present on the resource. - location String
- The location of the backend authentication config.
The default value is
global. - name String
- Name of the BackendAuthenticationConfig resource.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- trust
Config String - Reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS.
- update
Time String - Time the BackendAuthenticationConfig was updated in UTC.
- well
Known StringRoots - Well known roots to use for server certificate validation. If set to NONE, the BackendService will only validate server certificates against roots specified in TrustConfig.
If set to PUBLIC_ROOTS, the BackendService uses a set of well-known public roots, in addition to any roots specified in the trustConfig field, when validating the server certificates presented by the backend.
Validation with these roots is only considered when the TlsSettings.sni field in the BackendService is set. The well-known roots are a set of root CAs managed by Google. CAs in this set can be added or removed without notice.
Possible values are:
NONE,PUBLIC_ROOTS.
Import
BackendAuthenticationConfig can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/backendAuthenticationConfigs/{{name}}{{project}}/{{location}}/{{name}}{{location}}/{{name}}
When using the pulumi import command, BackendAuthenticationConfig can be imported using one of the formats above. For example:
$ pulumi import gcp:networksecurity/backendAuthenticationConfig:BackendAuthenticationConfig default projects/{{project}}/locations/{{location}}/backendAuthenticationConfigs/{{name}}
$ pulumi import gcp:networksecurity/backendAuthenticationConfig:BackendAuthenticationConfig default {{project}}/{{location}}/{{name}}
$ pulumi import gcp:networksecurity/backendAuthenticationConfig:BackendAuthenticationConfig default {{location}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.