-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathsso.ts
32 lines (26 loc) · 1.17 KB
/
sso.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
import { PrivateKey, SelfSignedCert } from "@pulumi/tls";
import { ComponentResource, ComponentResourceOptions } from "@pulumi/pulumi";
export interface SsoCertificateArgs {
apiDomain: string,
}
export class SsoCertificate extends ComponentResource {
public privateKey: PrivateKey;
public cert: SelfSignedCert;
constructor(name: string, args: SsoCertificateArgs, opts?: ComponentResourceOptions) {
super("selfhosted:index:ssocertificate", name, opts);
// We use currentYear to ensure the TLS certs are rotated at least once a year - https://github.com/pulumi/pulumi-tls/issues/39.
const currentYear = new Date().getFullYear();
this.privateKey = new PrivateKey(`${name}-sso-${currentYear}`, {
algorithm: "RSA", rsaBits: 2048
}, { parent: this });
this.cert = new SelfSignedCert(`${name}-sso-${currentYear}`, {
allowedUses: ["cert_signing"],
keyAlgorithm: "RSA",
privateKeyPem: this.privateKey.privateKeyPem,
subjects: [
{ commonName: `${args.apiDomain}` }
],
validityPeriodHours: (400 * 24)
}, { parent: this });
}
}