Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / 7018e2f3f116fdacfd66c03551fbf0c3db62170a / . / v5.18.0 / website / docs / r / secure_source_manager_instance.html.markdown
blob: 09a1a0ac1e906770e772b7bbb39d70aa9c74d869 [file] [log] [blame]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Secure Source Manager"
description: |-
Instances are deployed to an available Google Cloud region and are accessible via their web interface.
---
# google\_secure\_source\_manager\_instance
Instances are deployed to an available Google Cloud region and are accessible via their web interface.
To get more information about Instance, see:
* [API documentation](https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.instances)
* How-to Guides
* [Official Documentation](https://cloud.google.com/secure-source-manager/docs/create-instance)
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secure_source_manager_instance_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Secure Source Manager Instance Basic
```hcl
resource "google_secure_source_manager_instance" "default" {
location = "us-central1"
instance_id = "my-instance"
labels = {
"foo" = "bar"
}
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secure_source_manager_instance_cmek&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Secure Source Manager Instance Cmek
```hcl
resource "google_kms_key_ring" "key_ring" {
name = "my-keyring"
location = "us-central1"
}
resource "google_kms_crypto_key" "crypto_key" {
name = "my-key"
key_ring = google_kms_key_ring.key_ring.id
}
resource "google_kms_crypto_key_iam_member" "crypto_key_binding" {
crypto_key_id = google_kms_crypto_key.crypto_key.id
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"
}
resource "google_secure_source_manager_instance" "default" {
location = "us-central1"
instance_id = "my-instance"
kms_key = google_kms_crypto_key.crypto_key.id
depends_on = [
google_kms_crypto_key_iam_member.crypto_key_binding
]
}
data "google_project" "project" {}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secure_source_manager_instance_private&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Secure Source Manager Instance Private
```hcl
resource "google_privateca_ca_pool" "ca_pool" {
name = "ca-pool"
location = "us-central1"
tier = "ENTERPRISE"
publishing_options {
publish_ca_cert = true
publish_crl = true
}
}
resource "google_privateca_certificate_authority" "root_ca" {
pool = google_privateca_ca_pool.ca_pool.name
certificate_authority_id = "root-ca"
location = "us-central1"
config {
subject_config {
subject {
organization = "google"
common_name = "my-certificate-authority"
}
}
x509_config {
ca_options {
is_ca = true
}
key_usage {
base_key_usage {
cert_sign = true
crl_sign = true
}
extended_key_usage {
server_auth = true
}
}
}
}
key_spec {
algorithm = "RSA_PKCS1_4096_SHA256"
}
// Disable deletion protections for easier test cleanup purposes
deletion_protection = false
ignore_active_certificates_on_deletion = true
skip_grace_period = true
}
resource "google_privateca_ca_pool_iam_binding" "ca_pool_binding" {
ca_pool = google_privateca_ca_pool.ca_pool.id
role = "roles/privateca.certificateRequester"
members = [
"serviceAccount:service-${data.google_project.project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"
]
}
resource "google_secure_source_manager_instance" "default" {
instance_id = "my-instance"
location = "us-central1"
private_config {
is_private = true
ca_pool = google_privateca_ca_pool.ca_pool.id
}
depends_on = [
google_privateca_certificate_authority.root_ca,
time_sleep.wait_60_seconds
]
}
# ca pool IAM permissions can take time to propagate
resource "time_sleep" "wait_60_seconds" {
depends_on = [google_privateca_ca_pool_iam_binding.ca_pool_binding]
create_duration = "60s"
}
data "google_project" "project" {}
```
## Argument Reference
The following arguments are supported:
* `location` -
(Required)
The location for the Instance.
* `instance_id` -
(Required)
The name for the Instance.
- - -
* `labels` -
(Optional)
Labels as key value pairs.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field `effective_labels` for all of the labels present on the resource.
* `kms_key` -
(Optional)
Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
* `private_config` -
(Optional)
Private settings for private instance.
Structure is [documented below](#nested_private_config).
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
<a name="nested_private_config"></a>The `private_config` block supports:
* `is_private` -
(Required)
'Indicate if it's private instance.'
* `ca_pool` -
(Required)
CA pool resource, resource must in the format of `projects/{project}/locations/{location}/caPools/{ca_pool}`.
* `http_service_attachment` -
(Output)
Service Attachment for HTTP, resource is in the format of `projects/{project}/regions/{region}/serviceAttachments/{service_attachment}`.
* `ssh_service_attachment` -
(Output)
Service Attachment for SSH, resource is in the format of `projects/{project}/regions/{region}/serviceAttachments/{service_attachment}`.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/instances/{{instance_id}}`
* `name` -
The resource name for the Instance.
* `create_time` -
Time the Instance was created in UTC.
* `update_time` -
Time the Instance was updated in UTC.
* `state` -
The current state of the Instance.
* `host_config` -
A list of hostnames for this instance.
Structure is [documented below](#nested_host_config).
* `state_note` -
Provides information about the current instance state.
* `terraform_labels` -
The combination of labels configured directly on the resource
and default labels configured on the provider.
* `effective_labels` -
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
<a name="nested_host_config"></a>The `host_config` block contains:
* `html` -
(Output)
HTML hostname.
* `api` -
(Output)
API hostname.
* `git_http` -
(Output)
Git HTTP hostname.
* `git_ssh` -
(Output)
Git SSH hostname.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 60 minutes.
- `update` - Default is 60 minutes.
- `delete` - Default is 60 minutes.
## Import
Instance can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/instances/{{instance_id}}`
* `{{project}}/{{location}}/{{instance_id}}`
* `{{location}}/{{instance_id}}`
* `{{instance_id}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Instance using one of the formats above. For example:
```tf
import {
id = "projects/{{project}}/locations/{{location}}/instances/{{instance_id}}"
to = google_secure_source_manager_instance.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Instance can be imported using one of the formats above. For example:
```
$ terraform import google_secure_source_manager_instance.default projects/{{project}}/locations/{{location}}/instances/{{instance_id}}
$ terraform import google_secure_source_manager_instance.default {{project}}/{{location}}/{{instance_id}}
$ terraform import google_secure_source_manager_instance.default {{location}}/{{instance_id}}
$ terraform import google_secure_source_manager_instance.default {{instance_id}}
```
## User Project Overrides
This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).