1/**
2 * Copyright 2022 Google LLC
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17```hcl
18resource "google_privateca_ca_pool" "default" {
19 location = "us-central1"
20 name = "my-pool"
21 tier = "ENTERPRISE"
22}
23
24resource "google_privateca_certificate_authority" "default" {
25 location = "us-central1"
26 pool = google_privateca_ca_pool.default.name
27 certificate_authority_id = "my-authority"
28 config {
29 subject_config {
30 subject {
31 organization = "HashiCorp"
32 common_name = "my-certificate-authority"
33 }
34 subject_alt_name {
35 dns_names = ["hashicorp.com"]
36 }
37 }
38 x509_config {
39 ca_options {
40 # is_ca *MUST* be true for certificate authorities
41 is_ca = true
42 }
43 key_usage {
44 base_key_usage {
45 # cert_sign and crl_sign *MUST* be true for certificate authorities
46 cert_sign = true
47 crl_sign = true
48 }
49 extended_key_usage {
50 server_auth = false
51 }
52 }
53 }
54 }
55 key_spec {
56 algorithm = "RSA_PKCS1_4096_SHA256"
57 }
58
59 // Disable CA deletion related safe checks for easier cleanup.
60 deletion_protection = false
61 skip_grace_period = true
62 ignore_active_certificates_on_deletion = true
63}
64
65
66resource "google_privateca_certificate" "default" {
67 location = "us-central1"
68 pool = google_privateca_ca_pool.default.name
69 certificate_authority = google_privateca_certificate_authority.default.certificate_authority_id
70 name = "my-certificate"
71 lifetime = "860s"
72 pem_csr = file("test-fixtures/rsa_csr.pem")
73}
74```
View as plain text