blob: 500ca02bba9c894bb06338da7116cbc02061fec8 [file] [log] [blame] [edit]
---
subcategory: "Cloud SQL"
description: |-
Get all of the trusted Certificate Authorities (CAs) for the specified SQL database instance.
---
# google_sql_ca_certs
Get all of the trusted Certificate Authorities (CAs) for the specified SQL database instance. For more information see the
[official documentation](https://cloud.google.com/sql/)
and
[API](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/instances/listServerCas).
## Example Usage
```hcl
data "google_sql_ca_certs" "ca_certs" {
instance = "primary-database-server"
}
locals {
furthest_expiration_time = reverse(sort([for k, v in data.google_sql_ca_certs.ca_certs.certs : v.expiration_time]))[0]
latest_ca_cert = [for v in data.google_sql_ca_certs.ca_certs.certs : v.cert if v.expiration_time == local.furthest_expiration_time]
}
output "db_latest_ca_cert" {
description = "Latest CA cert used by the primary database server"
value = local.latest_ca_cert
sensitive = true
}
```
## Argument Reference
The following arguments are supported:
* `instance` - (Required) The name or self link of the instance.
---
* `project` - (Optional) The ID of the project in which the resource belongs. If `project` is not provided, the provider project is used.
## Attributes Reference
The following attributes are exported:
* `active_version` - SHA1 fingerprint of the currently active CA certificate.
* `certs` - A list of server CA certificates for the instance. Each contains:
* `cert` - The CA certificate used to connect to the SQL instance via SSL.
* `common_name` - The CN valid for the CA cert.
* `create_time` - Creation time of the CA cert.
* `expiration_time` - Expiration time of the CA cert.
* `sha1_fingerprint` - SHA1 fingerprint of the CA cert.