Leaf Certificate certificate_ca

The following parameters are available for creating certificate_leaf resources, when a new resource is created jumppad will create the certificate and associated private key and write them to the output folder. Certificates do not perisist the lifecycle of a blueprint, when a blueprint is destroyed the created certs and keys are removed from the output folder.

To create a leaf certificate jumppad needs a valid CA certificate and private key, these can be generated using the certificate_ca resource or can be an existing x509 certificate and associated RSA private key.

Leaf Certificates have a pre-set Common Name corresponding to the name of the resource

Properties

  • Name
    output
    Type
    (string: "")
    Required
    required
    Readonly
    Description

    Output folder to write the certifcate and private key to.

  • Name
    ca_key
    Type
    (string: "")
    Required
    required
    Readonly
    Description

    Path to the key used to generate the certificate authority

  • Name
    ca_cert
    Type
    (string: "")
    Required
    required
    Readonly
    Description

    Path to the root certificate

  • Name
    ip_addresses
    Type
    ([]string: [])
    Required
    Readonly
    Description

    List of IP addresses to add to the certiicate

      ip_addresses = ["127.0.0.1"]
  • Name
    dns_names
    Type
    ([]string: [])
    Required
    Readonly
    Description

    List of DNS names to add to the certiicate

      dns_names = [
    "localhost",
    "server.${variable.cd_consul_dc}.consul",
    "1.consul.server.container.local.jmpd.in",
    "2.consul.server.container.local.jmpd.in",
    "3.consul.server.container.local.jmpd.in"
  ]
  • Name
    private_key
    Type
    (file: {})
    Required
    Readonly
    readonly
    Description

    Details related to the private key generated by the certificate_leaf resource.

  • Name
    public_key_pem
    Type
    (file: {})
    Required
    Readonly
    readonly
    Description

    Details related to the PEM encoded public key generated by the certificate_leaf resource.

  • Name
    public_key_ssh
    Type
    (file: {})
    Required
    Readonly
    readonly
    Description

    Details related to the SSH encoded public key generated by the certificate_leaf resource.

  • Name
    certificate
    Type
    (file: {})
    Required
    Readonly
    readonly
    Description

    Details related to the certificate generated by the certificate_leaf resource.

Meta Properties

In addition to the main properties, all resources have meta properties, such as the id of the resource. To see the list of these properties please see the Meta Properties section in the documentation /docs/resources/meta.

File

  • Name
    filename
    Type
    (string: "")
    Required
    Readonly
    readonly
    Description

    Filename for the file

  • Name
    directory
    Type
    (string: "")
    Required
    Readonly
    readonly
    Description

    Directory for the file

  • Name
    path
    Type
    (string: "")
    Required
    Readonly
    readonly
    Description

    Full path for the file

  • Name
    contents
    Type
    (string: "")
    Required
    Readonly
    readonly
    Description

    Contents of the file

Examples

resource "certificate_ca" "cd_consul_ca" {
  output = data("certs")
}

resource "certificate_leaf" "cd_consul_server" {
  ca_key = resource.certificate_ca.cd_consul_ca.key_path
  ca_cert = resource.certificate_ca.cd_consul_ca.cert_path

  ip_addresses = ["127.0.0.1"]

  dns_names = [
    "localhost",
    "server.${var.cd_consul_dc}.consul",
    "1.consul.server.container.local.jmpd.in",
    "2.consul.server.container.local.jmpd.in",
    "3.consul.server.container.local.jmpd.in"
  ]

  output = data("certs")
}