Skip to main content
← back to extensions

@swamp/gcp/certificatemanager

v2026.04.23.1

Google Cloud certificatemanager infrastructure models

Repository

https://github.com/systeminit/swamp-extensions

Platforms

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

Labels

gcpgoogle-cloudcertificatemanagercloudinfrastructure

Contents

models

Quality score

Verified by Swamp

How well-documented and verifiable this extension is.

100%

Grade A

  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • At least one platform tag (or universal)1/1earned
  • Two or more platform tags (or universal)1/1earned
  • License declared1/1earned
  • Verified public repository2/2earned

Install

$ swamp extension pull @swamp/gcp/certificatemanager

@swamp/gcp/certificatemanager/certificateissuanceconfigsv2026.04.23.1certificateissuanceconfigs.ts

Global Arguments

ArgumentTypeDescription
certificateAuthorityConfig?objectThe CA that issues the workload certificate. It includes CA address, type, authentication to CA service, etc.
description?stringOptional. One or more paragraphs of text description of a CertificateIssuanceConfig.
keyAlgorithm?enumRequired. The key algorithm to use when generating the private key.
labels?recordOptional. Set of labels associated with a CertificateIssuanceConfig.
lifetime?stringRequired. Workload certificate lifetime requested.
name?stringIdentifier. A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally and match pattern `projects/*/locations/*/certificateIssuanceConfigs/*`.
rotationWindowPercentage?numberRequired. Specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive.
certificateIssuanceConfigId?stringRequired. A user-provided name of the certificate config.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a certificateIssuanceConfigs
getGet a certificateIssuanceConfigs
ArgumentTypeDescription
identifierstringThe name of the certificateIssuanceConfigs
updateUpdate certificateIssuanceConfigs attributes
deleteDelete the certificateIssuanceConfigs
ArgumentTypeDescription
identifierstringThe name of the certificateIssuanceConfigs
syncSync certificateIssuanceConfigs state from GCP

Resources

state(infinite)— CertificateIssuanceConfig specifies how to issue and manage a certificate.
@swamp/gcp/certificatemanager/certificatemapsv2026.04.23.1certificatemaps.ts

Global Arguments

ArgumentTypeDescription
description?stringOptional. One or more paragraphs of text description of a certificate map.
labels?recordOptional. Set of labels associated with a Certificate Map.
name?stringIdentifier. A user-defined name of the Certificate Map. Certificate Map names must be unique globally and match pattern `projects/*/locations/*/certificateMaps/*`.
certificateMapId?stringRequired. A user-provided name of the certificate map.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a certificateMaps
getGet a certificateMaps
ArgumentTypeDescription
identifierstringThe name of the certificateMaps
updateUpdate certificateMaps attributes
deleteDelete the certificateMaps
ArgumentTypeDescription
identifierstringThe name of the certificateMaps
syncSync certificateMaps state from GCP

Resources

state(infinite)— Defines a collection of certificate configurations.
@swamp/gcp/certificatemanager/certificatemaps-certificatemapentriesv2026.04.23.1certificatemaps_certificatemapentries.ts

Global Arguments

ArgumentTypeDescription
certificates?arrayOptional. A set of Certificates defines for the given `hostname`. There can be defined up to four certificates in each Certificate Map Entry. Each certificate must match pattern `projects/*/locations/*/certificates/*`.
description?stringOptional. One or more paragraphs of text description of a certificate map entry.
hostname?stringA Hostname (FQDN, e.g. `example.com`) or a wildcard hostname expression (`*.example.com`) for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for selecting a proper certificate.
labels?recordOptional. Set of labels associated with a Certificate Map Entry.
matcher?enumA predefined matcher for particular cases, other than SNI selection.
name?stringIdentifier. A user-defined name of the Certificate Map Entry. Certificate Map Entry names must be unique globally and match pattern `projects/*/locations/*/certificateMaps/*/certificateMapEntries/*`.
certificateMapEntryId?stringRequired. A user-provided name of the certificate map entry.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a certificateMapEntries
ArgumentTypeDescription
waitForReady?booleanWait for the resource to reach a ready state after creation (default: true)
getGet a certificateMapEntries
ArgumentTypeDescription
identifierstringThe name of the certificateMapEntries
updateUpdate certificateMapEntries attributes
ArgumentTypeDescription
waitForReady?booleanWait for the resource to reach a ready state after update (default: true)
deleteDelete the certificateMapEntries
ArgumentTypeDescription
identifierstringThe name of the certificateMapEntries
syncSync certificateMapEntries state from GCP

Resources

state(infinite)— Defines a certificate map entry.
@swamp/gcp/certificatemanager/certificatesv2026.04.23.1certificates.ts

Global Arguments

ArgumentTypeDescription
description?stringOptional. One or more paragraphs of text description of a certificate.
labels?recordOptional. Set of labels associated with a Certificate.
managed?objectConfiguration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so.
managedIdentity?objectConfiguration and state of a Managed Identity Certificate. Certificate Manager provisions and renews Managed Identity Certificates automatically, for as long as it's authorized to do so.
name?stringIdentifier. A user-defined name of the certificate. Certificate names must be unique globally and match pattern `projects/*/locations/*/certificates/*`.
scope?enumOptional. Immutable. The scope of the certificate.
selfManaged?objectCertificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility.
certificateId?stringRequired. A user-provided name of the certificate.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a certificates
getGet a certificates
ArgumentTypeDescription
identifierstringThe name of the certificates
updateUpdate certificates attributes
deleteDelete the certificates
ArgumentTypeDescription
identifierstringThe name of the certificates
syncSync certificates state from GCP

Resources

state(infinite)— Defines TLS certificate.
@swamp/gcp/certificatemanager/dnsauthorizationsv2026.04.23.1dnsauthorizations.ts

Global Arguments

ArgumentTypeDescription
description?stringOptional. One or more paragraphs of text description of a DnsAuthorization.
dnsResourceRecord?objectThe structure describing the DNS Resource Record that needs to be added to DNS configuration for the authorization to be usable by certificate.
domain?stringRequired. Immutable. A domain that is being authorized. A DnsAuthorization resource covers a single domain and its wildcard, e.g. authorization for `example.com` can be used to issue certificates for `example.com` and `*.example.com`.
labels?recordOptional. Set of labels associated with a DnsAuthorization.
name?stringIdentifier. A user-defined name of the dns authorization. DnsAuthorization names must be unique globally and match pattern `projects/*/locations/*/dnsAuthorizations/*`.
type?enumOptional. Immutable. Type of DnsAuthorization. If unset during resource creation the following default will be used: - in location `global`: FIXED_RECORD, - in other locations: PER_PROJECT_RECORD.
dnsAuthorizationId?stringRequired. A user-provided name of the dns authorization.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a dnsAuthorizations
getGet a dnsAuthorizations
ArgumentTypeDescription
identifierstringThe name of the dnsAuthorizations
updateUpdate dnsAuthorizations attributes
deleteDelete the dnsAuthorizations
ArgumentTypeDescription
identifierstringThe name of the dnsAuthorizations
syncSync dnsAuthorizations state from GCP

Resources

state(infinite)— A DnsAuthorization resource describes a way to perform domain authorization f...
@swamp/gcp/certificatemanager/locationsv2026.04.23.1locations.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
getGet a locations
ArgumentTypeDescription
identifierstringThe name of the locations
syncSync locations state from GCP

Resources

state(infinite)— A resource that represents a Google Cloud location.
@swamp/gcp/certificatemanager/trustconfigsv2026.04.23.1trustconfigs.ts

Global Arguments

ArgumentTypeDescription
allowlistedCertificates?arrayOptional. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.
description?stringOptional. One or more paragraphs of text description of a TrustConfig.
labels?recordOptional. Set of labels associated with a TrustConfig.
name?stringIdentifier. A user-defined name of the trust config. TrustConfig names must be unique globally and match pattern `projects/*/locations/*/trustConfigs/*`.
spiffeTrustStores?recordOptional. Defines a mapping from a trust domain to a TrustStore. This is used for SPIFFE certificate validation.
trustStores?arrayOptional. Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Only one TrustStore specified is currently allowed.
trustConfigId?stringRequired. A user-provided name of the TrustConfig. Must match the regexp `[a-z0-9-]{1,63}`.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a trustConfigs
getGet a trustConfigs
ArgumentTypeDescription
identifierstringThe name of the trustConfigs
updateUpdate trustConfigs attributes
deleteDelete the trustConfigs
ArgumentTypeDescription
identifierstringThe name of the trustConfigs
syncSync trustConfigs state from GCP

Resources

state(infinite)— Defines a trust config.