gcp.certificateauthority.CertificateTemplate
Explore with Pulumi AI
Certificate Authority Service provides reusable and parameterized templates that you can use for common certificate issuance scenarios. A certificate template represents a relatively static and well-defined certificate issuance schema within an organization. A certificate template can essentially become a full-fledged vertical certificate issuance framework.
To get more information about CertificateTemplate, see:
- API documentation
- How-to Guides
Example Usage
Privateca Template Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.certificateauthority.CertificateTemplate("default", {
name: "my-template",
location: "us-central1",
description: "A sample certificate template",
identityConstraints: {
allowSubjectAltNamesPassthrough: true,
allowSubjectPassthrough: true,
celExpression: {
description: "Always true",
expression: "true",
location: "any.file.anywhere",
title: "Sample expression",
},
},
maximumLifetime: "86400s",
passthroughExtensions: {
additionalExtensions: [{
objectIdPaths: [
1,
6,
],
}],
knownExtensions: ["EXTENDED_KEY_USAGE"],
},
predefinedValues: {
additionalExtensions: [{
objectId: {
objectIdPaths: [
1,
6,
],
},
value: "c3RyaW5nCg==",
critical: true,
}],
aiaOcspServers: ["string"],
caOptions: {
isCa: false,
maxIssuerPathLength: 6,
},
keyUsage: {
baseKeyUsage: {
certSign: false,
contentCommitment: true,
crlSign: false,
dataEncipherment: true,
decipherOnly: true,
digitalSignature: true,
encipherOnly: true,
keyAgreement: true,
keyEncipherment: true,
},
extendedKeyUsage: {
clientAuth: true,
codeSigning: true,
emailProtection: true,
ocspSigning: true,
serverAuth: true,
timeStamping: true,
},
unknownExtendedKeyUsages: [{
objectIdPaths: [
1,
6,
],
}],
},
policyIds: [{
objectIdPaths: [
1,
6,
],
}],
},
labels: {
"label-one": "value-one",
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.certificateauthority.CertificateTemplate("default",
name="my-template",
location="us-central1",
description="A sample certificate template",
identity_constraints={
"allow_subject_alt_names_passthrough": True,
"allow_subject_passthrough": True,
"cel_expression": {
"description": "Always true",
"expression": "true",
"location": "any.file.anywhere",
"title": "Sample expression",
},
},
maximum_lifetime="86400s",
passthrough_extensions={
"additional_extensions": [{
"object_id_paths": [
1,
6,
],
}],
"known_extensions": ["EXTENDED_KEY_USAGE"],
},
predefined_values={
"additional_extensions": [{
"object_id": {
"object_id_paths": [
1,
6,
],
},
"value": "c3RyaW5nCg==",
"critical": True,
}],
"aia_ocsp_servers": ["string"],
"ca_options": {
"is_ca": False,
"max_issuer_path_length": 6,
},
"key_usage": {
"base_key_usage": {
"cert_sign": False,
"content_commitment": True,
"crl_sign": False,
"data_encipherment": True,
"decipher_only": True,
"digital_signature": True,
"encipher_only": True,
"key_agreement": True,
"key_encipherment": True,
},
"extended_key_usage": {
"client_auth": True,
"code_signing": True,
"email_protection": True,
"ocsp_signing": True,
"server_auth": True,
"time_stamping": True,
},
"unknown_extended_key_usages": [{
"object_id_paths": [
1,
6,
],
}],
},
"policy_ids": [{
"object_id_paths": [
1,
6,
],
}],
},
labels={
"label-one": "value-one",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := certificateauthority.NewCertificateTemplate(ctx, "default", &certificateauthority.CertificateTemplateArgs{
Name: pulumi.String("my-template"),
Location: pulumi.String("us-central1"),
Description: pulumi.String("A sample certificate template"),
IdentityConstraints: &certificateauthority.CertificateTemplateIdentityConstraintsArgs{
AllowSubjectAltNamesPassthrough: pulumi.Bool(true),
AllowSubjectPassthrough: pulumi.Bool(true),
CelExpression: &certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs{
Description: pulumi.String("Always true"),
Expression: pulumi.String("true"),
Location: pulumi.String("any.file.anywhere"),
Title: pulumi.String("Sample expression"),
},
},
MaximumLifetime: pulumi.String("86400s"),
PassthroughExtensions: &certificateauthority.CertificateTemplatePassthroughExtensionsArgs{
AdditionalExtensions: certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArray{
&certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(1),
pulumi.Int(6),
},
},
},
KnownExtensions: pulumi.StringArray{
pulumi.String("EXTENDED_KEY_USAGE"),
},
},
PredefinedValues: &certificateauthority.CertificateTemplatePredefinedValuesArgs{
AdditionalExtensions: certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArray{
&certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs{
ObjectId: &certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(1),
pulumi.Int(6),
},
},
Value: pulumi.String("c3RyaW5nCg=="),
Critical: pulumi.Bool(true),
},
},
AiaOcspServers: pulumi.StringArray{
pulumi.String("string"),
},
CaOptions: &certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs{
IsCa: pulumi.Bool(false),
MaxIssuerPathLength: pulumi.Int(6),
},
KeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs{
BaseKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs{
CertSign: pulumi.Bool(false),
ContentCommitment: pulumi.Bool(true),
CrlSign: pulumi.Bool(false),
DataEncipherment: pulumi.Bool(true),
DecipherOnly: pulumi.Bool(true),
DigitalSignature: pulumi.Bool(true),
EncipherOnly: pulumi.Bool(true),
KeyAgreement: pulumi.Bool(true),
KeyEncipherment: pulumi.Bool(true),
},
ExtendedKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs{
ClientAuth: pulumi.Bool(true),
CodeSigning: pulumi.Bool(true),
EmailProtection: pulumi.Bool(true),
OcspSigning: pulumi.Bool(true),
ServerAuth: pulumi.Bool(true),
TimeStamping: pulumi.Bool(true),
},
UnknownExtendedKeyUsages: certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArray{
&certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(1),
pulumi.Int(6),
},
},
},
},
PolicyIds: certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArray{
&certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(1),
pulumi.Int(6),
},
},
},
},
Labels: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.CertificateAuthority.CertificateTemplate("default", new()
{
Name = "my-template",
Location = "us-central1",
Description = "A sample certificate template",
IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsArgs
{
AllowSubjectAltNamesPassthrough = true,
AllowSubjectPassthrough = true,
CelExpression = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs
{
Description = "Always true",
Expression = "true",
Location = "any.file.anywhere",
Title = "Sample expression",
},
},
MaximumLifetime = "86400s",
PassthroughExtensions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsArgs
{
AdditionalExtensions = new[]
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs
{
ObjectIdPaths = new[]
{
1,
6,
},
},
},
KnownExtensions = new[]
{
"EXTENDED_KEY_USAGE",
},
},
PredefinedValues = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesArgs
{
AdditionalExtensions = new[]
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionArgs
{
ObjectId = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs
{
ObjectIdPaths = new[]
{
1,
6,
},
},
Value = "c3RyaW5nCg==",
Critical = true,
},
},
AiaOcspServers = new[]
{
"string",
},
CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesCaOptionsArgs
{
IsCa = false,
MaxIssuerPathLength = 6,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs
{
CertSign = false,
ContentCommitment = true,
CrlSign = false,
DataEncipherment = true,
DecipherOnly = true,
DigitalSignature = true,
EncipherOnly = true,
KeyAgreement = true,
KeyEncipherment = true,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs
{
ClientAuth = true,
CodeSigning = true,
EmailProtection = true,
OcspSigning = true,
ServerAuth = true,
TimeStamping = true,
},
UnknownExtendedKeyUsages = new[]
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs
{
ObjectIdPaths = new[]
{
1,
6,
},
},
},
},
PolicyIds = new[]
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesPolicyIdArgs
{
ObjectIdPaths = new[]
{
1,
6,
},
},
},
},
Labels =
{
{ "label-one", "value-one" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CertificateTemplate;
import com.pulumi.gcp.certificateauthority.CertificateTemplateArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePassthroughExtensionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new CertificateTemplate("default", CertificateTemplateArgs.builder()
.name("my-template")
.location("us-central1")
.description("A sample certificate template")
.identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
.allowSubjectAltNamesPassthrough(true)
.allowSubjectPassthrough(true)
.celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
.description("Always true")
.expression("true")
.location("any.file.anywhere")
.title("Sample expression")
.build())
.build())
.maximumLifetime("86400s")
.passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
.additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
.objectIdPaths(
1,
6)
.build())
.knownExtensions("EXTENDED_KEY_USAGE")
.build())
.predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
.additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
.objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
.objectIdPaths(
1,
6)
.build())
.value("c3RyaW5nCg==")
.critical(true)
.build())
.aiaOcspServers("string")
.caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
.isCa(false)
.maxIssuerPathLength(6)
.build())
.keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
.baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
.certSign(false)
.contentCommitment(true)
.crlSign(false)
.dataEncipherment(true)
.decipherOnly(true)
.digitalSignature(true)
.encipherOnly(true)
.keyAgreement(true)
.keyEncipherment(true)
.build())
.extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
.clientAuth(true)
.codeSigning(true)
.emailProtection(true)
.ocspSigning(true)
.serverAuth(true)
.timeStamping(true)
.build())
.unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
.objectIdPaths(
1,
6)
.build())
.build())
.policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
.objectIdPaths(
1,
6)
.build())
.build())
.labels(Map.of("label-one", "value-one"))
.build());
}
}
resources:
default:
type: gcp:certificateauthority:CertificateTemplate
properties:
name: my-template
location: us-central1
description: A sample certificate template
identityConstraints:
allowSubjectAltNamesPassthrough: true
allowSubjectPassthrough: true
celExpression:
description: Always true
expression: 'true'
location: any.file.anywhere
title: Sample expression
maximumLifetime: 86400s
passthroughExtensions:
additionalExtensions:
- objectIdPaths:
- 1
- 6
knownExtensions:
- EXTENDED_KEY_USAGE
predefinedValues:
additionalExtensions:
- objectId:
objectIdPaths:
- 1
- 6
value: c3RyaW5nCg==
critical: true
aiaOcspServers:
- string
caOptions:
isCa: false
maxIssuerPathLength: 6
keyUsage:
baseKeyUsage:
certSign: false
contentCommitment: true
crlSign: false
dataEncipherment: true
decipherOnly: true
digitalSignature: true
encipherOnly: true
keyAgreement: true
keyEncipherment: true
extendedKeyUsage:
clientAuth: true
codeSigning: true
emailProtection: true
ocspSigning: true
serverAuth: true
timeStamping: true
unknownExtendedKeyUsages:
- objectIdPaths:
- 1
- 6
policyIds:
- objectIdPaths:
- 1
- 6
labels:
label-one: value-one
Create CertificateTemplate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CertificateTemplate(name: string, args: CertificateTemplateArgs, opts?: CustomResourceOptions);
@overload
def CertificateTemplate(resource_name: str,
args: CertificateTemplateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CertificateTemplate(resource_name: str,
opts: Optional[ResourceOptions] = None,
location: Optional[str] = None,
description: Optional[str] = None,
identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
labels: Optional[Mapping[str, str]] = None,
maximum_lifetime: Optional[str] = None,
name: Optional[str] = None,
passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
project: Optional[str] = None)
func NewCertificateTemplate(ctx *Context, name string, args CertificateTemplateArgs, opts ...ResourceOption) (*CertificateTemplate, error)
public CertificateTemplate(string name, CertificateTemplateArgs args, CustomResourceOptions? opts = null)
public CertificateTemplate(String name, CertificateTemplateArgs args)
public CertificateTemplate(String name, CertificateTemplateArgs args, CustomResourceOptions options)
type: gcp:certificateauthority:CertificateTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var certificateTemplateResource = new Gcp.CertificateAuthority.CertificateTemplate("certificateTemplateResource", new()
{
Location = "string",
Description = "string",
IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsArgs
{
AllowSubjectAltNamesPassthrough = false,
AllowSubjectPassthrough = false,
CelExpression = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs
{
Description = "string",
Expression = "string",
Location = "string",
Title = "string",
},
},
Labels =
{
{ "string", "string" },
},
MaximumLifetime = "string",
Name = "string",
PassthroughExtensions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsArgs
{
AdditionalExtensions = new[]
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs
{
ObjectIdPaths = new[]
{
0,
},
},
},
KnownExtensions = new[]
{
"string",
},
},
PredefinedValues = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesArgs
{
AdditionalExtensions = new[]
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionArgs
{
ObjectId = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs
{
ObjectIdPaths = new[]
{
0,
},
},
Value = "string",
Critical = false,
},
},
AiaOcspServers = new[]
{
"string",
},
CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesCaOptionsArgs
{
IsCa = false,
MaxIssuerPathLength = 0,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs
{
CertSign = false,
ContentCommitment = false,
CrlSign = false,
DataEncipherment = false,
DecipherOnly = false,
DigitalSignature = false,
EncipherOnly = false,
KeyAgreement = false,
KeyEncipherment = false,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs
{
ClientAuth = false,
CodeSigning = false,
EmailProtection = false,
OcspSigning = false,
ServerAuth = false,
TimeStamping = false,
},
UnknownExtendedKeyUsages = new[]
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs
{
ObjectIdPaths = new[]
{
0,
},
},
},
},
PolicyIds = new[]
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesPolicyIdArgs
{
ObjectIdPaths = new[]
{
0,
},
},
},
},
Project = "string",
});
example, err := certificateauthority.NewCertificateTemplate(ctx, "certificateTemplateResource", &certificateauthority.CertificateTemplateArgs{
Location: pulumi.String("string"),
Description: pulumi.String("string"),
IdentityConstraints: &certificateauthority.CertificateTemplateIdentityConstraintsArgs{
AllowSubjectAltNamesPassthrough: pulumi.Bool(false),
AllowSubjectPassthrough: pulumi.Bool(false),
CelExpression: &certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs{
Description: pulumi.String("string"),
Expression: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
},
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
MaximumLifetime: pulumi.String("string"),
Name: pulumi.String("string"),
PassthroughExtensions: &certificateauthority.CertificateTemplatePassthroughExtensionsArgs{
AdditionalExtensions: certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArray{
&certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(0),
},
},
},
KnownExtensions: pulumi.StringArray{
pulumi.String("string"),
},
},
PredefinedValues: &certificateauthority.CertificateTemplatePredefinedValuesArgs{
AdditionalExtensions: certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArray{
&certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs{
ObjectId: &certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(0),
},
},
Value: pulumi.String("string"),
Critical: pulumi.Bool(false),
},
},
AiaOcspServers: pulumi.StringArray{
pulumi.String("string"),
},
CaOptions: &certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs{
IsCa: pulumi.Bool(false),
MaxIssuerPathLength: pulumi.Int(0),
},
KeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs{
BaseKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs{
CertSign: pulumi.Bool(false),
ContentCommitment: pulumi.Bool(false),
CrlSign: pulumi.Bool(false),
DataEncipherment: pulumi.Bool(false),
DecipherOnly: pulumi.Bool(false),
DigitalSignature: pulumi.Bool(false),
EncipherOnly: pulumi.Bool(false),
KeyAgreement: pulumi.Bool(false),
KeyEncipherment: pulumi.Bool(false),
},
ExtendedKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs{
ClientAuth: pulumi.Bool(false),
CodeSigning: pulumi.Bool(false),
EmailProtection: pulumi.Bool(false),
OcspSigning: pulumi.Bool(false),
ServerAuth: pulumi.Bool(false),
TimeStamping: pulumi.Bool(false),
},
UnknownExtendedKeyUsages: certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArray{
&certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(0),
},
},
},
},
PolicyIds: certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArray{
&certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(0),
},
},
},
},
Project: pulumi.String("string"),
})
var certificateTemplateResource = new CertificateTemplate("certificateTemplateResource", CertificateTemplateArgs.builder()
.location("string")
.description("string")
.identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
.allowSubjectAltNamesPassthrough(false)
.allowSubjectPassthrough(false)
.celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
.description("string")
.expression("string")
.location("string")
.title("string")
.build())
.build())
.labels(Map.of("string", "string"))
.maximumLifetime("string")
.name("string")
.passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
.additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
.objectIdPaths(0)
.build())
.knownExtensions("string")
.build())
.predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
.additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
.objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
.objectIdPaths(0)
.build())
.value("string")
.critical(false)
.build())
.aiaOcspServers("string")
.caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
.isCa(false)
.maxIssuerPathLength(0)
.build())
.keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
.baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
.certSign(false)
.contentCommitment(false)
.crlSign(false)
.dataEncipherment(false)
.decipherOnly(false)
.digitalSignature(false)
.encipherOnly(false)
.keyAgreement(false)
.keyEncipherment(false)
.build())
.extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
.clientAuth(false)
.codeSigning(false)
.emailProtection(false)
.ocspSigning(false)
.serverAuth(false)
.timeStamping(false)
.build())
.unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
.objectIdPaths(0)
.build())
.build())
.policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
.objectIdPaths(0)
.build())
.build())
.project("string")
.build());
certificate_template_resource = gcp.certificateauthority.CertificateTemplate("certificateTemplateResource",
location="string",
description="string",
identity_constraints={
"allow_subject_alt_names_passthrough": False,
"allow_subject_passthrough": False,
"cel_expression": {
"description": "string",
"expression": "string",
"location": "string",
"title": "string",
},
},
labels={
"string": "string",
},
maximum_lifetime="string",
name="string",
passthrough_extensions={
"additional_extensions": [{
"object_id_paths": [0],
}],
"known_extensions": ["string"],
},
predefined_values={
"additional_extensions": [{
"object_id": {
"object_id_paths": [0],
},
"value": "string",
"critical": False,
}],
"aia_ocsp_servers": ["string"],
"ca_options": {
"is_ca": False,
"max_issuer_path_length": 0,
},
"key_usage": {
"base_key_usage": {
"cert_sign": False,
"content_commitment": False,
"crl_sign": False,
"data_encipherment": False,
"decipher_only": False,
"digital_signature": False,
"encipher_only": False,
"key_agreement": False,
"key_encipherment": False,
},
"extended_key_usage": {
"client_auth": False,
"code_signing": False,
"email_protection": False,
"ocsp_signing": False,
"server_auth": False,
"time_stamping": False,
},
"unknown_extended_key_usages": [{
"object_id_paths": [0],
}],
},
"policy_ids": [{
"object_id_paths": [0],
}],
},
project="string")
const certificateTemplateResource = new gcp.certificateauthority.CertificateTemplate("certificateTemplateResource", {
location: "string",
description: "string",
identityConstraints: {
allowSubjectAltNamesPassthrough: false,
allowSubjectPassthrough: false,
celExpression: {
description: "string",
expression: "string",
location: "string",
title: "string",
},
},
labels: {
string: "string",
},
maximumLifetime: "string",
name: "string",
passthroughExtensions: {
additionalExtensions: [{
objectIdPaths: [0],
}],
knownExtensions: ["string"],
},
predefinedValues: {
additionalExtensions: [{
objectId: {
objectIdPaths: [0],
},
value: "string",
critical: false,
}],
aiaOcspServers: ["string"],
caOptions: {
isCa: false,
maxIssuerPathLength: 0,
},
keyUsage: {
baseKeyUsage: {
certSign: false,
contentCommitment: false,
crlSign: false,
dataEncipherment: false,
decipherOnly: false,
digitalSignature: false,
encipherOnly: false,
keyAgreement: false,
keyEncipherment: false,
},
extendedKeyUsage: {
clientAuth: false,
codeSigning: false,
emailProtection: false,
ocspSigning: false,
serverAuth: false,
timeStamping: false,
},
unknownExtendedKeyUsages: [{
objectIdPaths: [0],
}],
},
policyIds: [{
objectIdPaths: [0],
}],
},
project: "string",
});
type: gcp:certificateauthority:CertificateTemplate
properties:
description: string
identityConstraints:
allowSubjectAltNamesPassthrough: false
allowSubjectPassthrough: false
celExpression:
description: string
expression: string
location: string
title: string
labels:
string: string
location: string
maximumLifetime: string
name: string
passthroughExtensions:
additionalExtensions:
- objectIdPaths:
- 0
knownExtensions:
- string
predefinedValues:
additionalExtensions:
- critical: false
objectId:
objectIdPaths:
- 0
value: string
aiaOcspServers:
- string
caOptions:
isCa: false
maxIssuerPathLength: 0
keyUsage:
baseKeyUsage:
certSign: false
contentCommitment: false
crlSign: false
dataEncipherment: false
decipherOnly: false
digitalSignature: false
encipherOnly: false
keyAgreement: false
keyEncipherment: false
extendedKeyUsage:
clientAuth: false
codeSigning: false
emailProtection: false
ocspSigning: false
serverAuth: false
timeStamping: false
unknownExtendedKeyUsages:
- objectIdPaths:
- 0
policyIds:
- objectIdPaths:
- 0
project: string
CertificateTemplate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CertificateTemplate resource accepts the following input properties:
- Location string
- The location for the resource
- Description string
- Optional. A human-readable description of scenarios this template is intended for.
- Identity
Constraints CertificateTemplate Identity Constraints - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- Labels Dictionary<string, string>
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - Maximum
Lifetime string - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Name string
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - Passthrough
Extensions CertificateTemplate Passthrough Extensions - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- Predefined
Values CertificateTemplate Predefined Values - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Location string
- The location for the resource
- Description string
- Optional. A human-readable description of scenarios this template is intended for.
- Identity
Constraints CertificateTemplate Identity Constraints Args - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- Labels map[string]string
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - Maximum
Lifetime string - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Name string
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - Passthrough
Extensions CertificateTemplate Passthrough Extensions Args - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- Predefined
Values CertificateTemplate Predefined Values Args - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- location String
- The location for the resource
- description String
- Optional. A human-readable description of scenarios this template is intended for.
- identity
Constraints CertificateTemplate Identity Constraints - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- labels Map<String,String>
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - maximum
Lifetime String - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- name String
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - passthrough
Extensions CertificateTemplate Passthrough Extensions - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- predefined
Values CertificateTemplate Predefined Values - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- location string
- The location for the resource
- description string
- Optional. A human-readable description of scenarios this template is intended for.
- identity
Constraints CertificateTemplate Identity Constraints - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- labels {[key: string]: string}
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - maximum
Lifetime string - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- name string
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - passthrough
Extensions CertificateTemplate Passthrough Extensions - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- predefined
Values CertificateTemplate Predefined Values - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- location str
- The location for the resource
- description str
- Optional. A human-readable description of scenarios this template is intended for.
- identity_
constraints CertificateTemplate Identity Constraints Args - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- labels Mapping[str, str]
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - maximum_
lifetime str - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- name str
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - passthrough_
extensions CertificateTemplate Passthrough Extensions Args - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- predefined_
values CertificateTemplate Predefined Values Args - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- location String
- The location for the resource
- description String
- Optional. A human-readable description of scenarios this template is intended for.
- identity
Constraints Property Map - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- labels Map<String>
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - maximum
Lifetime String - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- name String
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - passthrough
Extensions Property Map - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- predefined
Values Property Map - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Outputs
All input properties are implicitly available as output properties. Additionally, the CertificateTemplate resource produces the following output properties:
- Create
Time string - Output only. The time at which this CertificateTemplate was created.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Update
Time string - Output only. The time at which this CertificateTemplate was updated.
- Create
Time string - Output only. The time at which this CertificateTemplate was created.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Update
Time string - Output only. The time at which this CertificateTemplate was updated.
- create
Time String - Output only. The time at which this CertificateTemplate was created.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time String - Output only. The time at which this CertificateTemplate was updated.
- create
Time string - Output only. The time at which this CertificateTemplate was created.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id string
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time string - Output only. The time at which this CertificateTemplate was updated.
- create_
time str - Output only. The time at which this CertificateTemplate was created.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id str
- The provider-assigned unique ID for this managed resource.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- update_
time str - Output only. The time at which this CertificateTemplate was updated.
- create
Time String - Output only. The time at which this CertificateTemplate was created.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time String - Output only. The time at which this CertificateTemplate was updated.
Look up Existing CertificateTemplate Resource
Get an existing CertificateTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CertificateTemplateState, opts?: CustomResourceOptions): CertificateTemplate
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
create_time: Optional[str] = None,
description: Optional[str] = None,
effective_labels: Optional[Mapping[str, str]] = None,
identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
maximum_lifetime: Optional[str] = None,
name: Optional[str] = None,
passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
project: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
update_time: Optional[str] = None) -> CertificateTemplate
func GetCertificateTemplate(ctx *Context, name string, id IDInput, state *CertificateTemplateState, opts ...ResourceOption) (*CertificateTemplate, error)
public static CertificateTemplate Get(string name, Input<string> id, CertificateTemplateState? state, CustomResourceOptions? opts = null)
public static CertificateTemplate get(String name, Output<String> id, CertificateTemplateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Create
Time string - Output only. The time at which this CertificateTemplate was created.
- Description string
- Optional. A human-readable description of scenarios this template is intended for.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Identity
Constraints CertificateTemplate Identity Constraints - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- Labels Dictionary<string, string>
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - Location string
- The location for the resource
- Maximum
Lifetime string - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Name string
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - Passthrough
Extensions CertificateTemplate Passthrough Extensions - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- Predefined
Values CertificateTemplate Predefined Values - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Update
Time string - Output only. The time at which this CertificateTemplate was updated.
- Create
Time string - Output only. The time at which this CertificateTemplate was created.
- Description string
- Optional. A human-readable description of scenarios this template is intended for.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Identity
Constraints CertificateTemplate Identity Constraints Args - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- Labels map[string]string
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - Location string
- The location for the resource
- Maximum
Lifetime string - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Name string
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - Passthrough
Extensions CertificateTemplate Passthrough Extensions Args - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- Predefined
Values CertificateTemplate Predefined Values Args - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Update
Time string - Output only. The time at which this CertificateTemplate was updated.
- create
Time String - Output only. The time at which this CertificateTemplate was created.
- description String
- Optional. A human-readable description of scenarios this template is intended for.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- identity
Constraints CertificateTemplate Identity Constraints - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- labels Map<String,String>
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location String
- The location for the resource
- maximum
Lifetime String - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- name String
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - passthrough
Extensions CertificateTemplate Passthrough Extensions - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- predefined
Values CertificateTemplate Predefined Values - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time String - Output only. The time at which this CertificateTemplate was updated.
- create
Time string - Output only. The time at which this CertificateTemplate was created.
- description string
- Optional. A human-readable description of scenarios this template is intended for.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- identity
Constraints CertificateTemplate Identity Constraints - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- labels {[key: string]: string}
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location string
- The location for the resource
- maximum
Lifetime string - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- name string
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - passthrough
Extensions CertificateTemplate Passthrough Extensions - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- predefined
Values CertificateTemplate Predefined Values - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time string - Output only. The time at which this CertificateTemplate was updated.
- create_
time str - Output only. The time at which this CertificateTemplate was created.
- description str
- Optional. A human-readable description of scenarios this template is intended for.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- identity_
constraints CertificateTemplate Identity Constraints Args - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- labels Mapping[str, str]
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location str
- The location for the resource
- maximum_
lifetime str - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- name str
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - passthrough_
extensions CertificateTemplate Passthrough Extensions Args - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- predefined_
values CertificateTemplate Predefined Values Args - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- update_
time str - Output only. The time at which this CertificateTemplate was updated.
- create
Time String - Output only. The time at which this CertificateTemplate was created.
- description String
- Optional. A human-readable description of scenarios this template is intended for.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- identity
Constraints Property Map - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
- labels Map<String>
- Optional. Labels with user-defined metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location String
- The location for the resource
- maximum
Lifetime String - Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- name String
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - passthrough
Extensions Property Map - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
- predefined
Values Property Map - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- update
Time String - Output only. The time at which this CertificateTemplate was updated.
Supporting Types
CertificateTemplateIdentityConstraints, CertificateTemplateIdentityConstraintsArgs
- Allow
Subject boolAlt Names Passthrough - Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough - Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression CertificateTemplate Identity Constraints Cel Expression - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
- Allow
Subject boolAlt Names Passthrough - Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough - Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression CertificateTemplate Identity Constraints Cel Expression - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
- allow
Subject BooleanAlt Names Passthrough - Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough - Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression CertificateTemplate Identity Constraints Cel Expression - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
- allow
Subject booleanAlt Names Passthrough - Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject booleanPassthrough - Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression CertificateTemplate Identity Constraints Cel Expression - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
- allow_
subject_ boolalt_ names_ passthrough - Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow_
subject_ boolpassthrough - Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel_
expression CertificateTemplate Identity Constraints Cel Expression - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
- allow
Subject BooleanAlt Names Passthrough - Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough - Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Property Map - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
CertificateTemplateIdentityConstraintsCelExpression, CertificateTemplateIdentityConstraintsCelExpressionArgs
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
CertificateTemplatePassthroughExtensions, CertificateTemplatePassthroughExtensionsArgs
- Additional
Extensions List<CertificateTemplate Passthrough Extensions Additional Extension> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
- Known
Extensions List<string> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- Additional
Extensions []CertificateTemplate Passthrough Extensions Additional Extension - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
- Known
Extensions []string - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<CertificateTemplate Passthrough Extensions Additional Extension> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
- known
Extensions List<String> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions CertificateTemplate Passthrough Extensions Additional Extension[] - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
- known
Extensions string[] - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional_
extensions Sequence[CertificateTemplate Passthrough Extensions Additional Extension] - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
- known_
extensions Sequence[str] - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<Property Map> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
- known
Extensions List<String> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
CertificateTemplatePassthroughExtensionsAdditionalExtension, CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs
- Object
Id List<int>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPaths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
CertificateTemplatePredefinedValues, CertificateTemplatePredefinedValuesArgs
- Additional
Extensions List<CertificateTemplate Predefined Values Additional Extension> - Optional. Describes custom X.509 extensions. Structure is documented below.
- Aia
Ocsp List<string>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CertificateTemplate Predefined Values Ca Options - Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
- Key
Usage CertificateTemplate Predefined Values Key Usage - Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- Policy
Ids List<CertificateTemplate Predefined Values Policy Id> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- Additional
Extensions []CertificateTemplate Predefined Values Additional Extension - Optional. Describes custom X.509 extensions. Structure is documented below.
- Aia
Ocsp []stringServers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CertificateTemplate Predefined Values Ca Options - Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
- Key
Usage CertificateTemplate Predefined Values Key Usage - Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- Policy
Ids []CertificateTemplate Predefined Values Policy Id - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- additional
Extensions List<CertificateTemplate Predefined Values Additional Extension> - Optional. Describes custom X.509 extensions. Structure is documented below.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CertificateTemplate Predefined Values Ca Options - Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
- key
Usage CertificateTemplate Predefined Values Key Usage - Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- policy
Ids List<CertificateTemplate Predefined Values Policy Id> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- additional
Extensions CertificateTemplate Predefined Values Additional Extension[] - Optional. Describes custom X.509 extensions. Structure is documented below.
- aia
Ocsp string[]Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CertificateTemplate Predefined Values Ca Options - Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
- key
Usage CertificateTemplate Predefined Values Key Usage - Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- policy
Ids CertificateTemplate Predefined Values Policy Id[] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- additional_
extensions Sequence[CertificateTemplate Predefined Values Additional Extension] - Optional. Describes custom X.509 extensions. Structure is documented below.
- aia_
ocsp_ Sequence[str]servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CertificateTemplate Predefined Values Ca Options - Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
- key_
usage CertificateTemplate Predefined Values Key Usage - Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- policy_
ids Sequence[CertificateTemplate Predefined Values Policy Id] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- additional
Extensions List<Property Map> - Optional. Describes custom X.509 extensions. Structure is documented below.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map - Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
- key
Usage Property Map - Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- policy
Ids List<Property Map> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
CertificateTemplatePredefinedValuesAdditionalExtension, CertificateTemplatePredefinedValuesAdditionalExtensionArgs
- Object
Id CertificateTemplate Predefined Values Additional Extension Object Id - Required. The OID for this X.509 extension. Structure is documented below.
- Value string
- Required. The value of this X.509 extension.
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id CertificateTemplate Predefined Values Additional Extension Object Id - Required. The OID for this X.509 extension. Structure is documented below.
- Value string
- Required. The value of this X.509 extension.
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id CertificateTemplate Predefined Values Additional Extension Object Id - Required. The OID for this X.509 extension. Structure is documented below.
- value String
- Required. The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id CertificateTemplate Predefined Values Additional Extension Object Id - Required. The OID for this X.509 extension. Structure is documented below.
- value string
- Required. The value of this X.509 extension.
- critical boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
id CertificateTemplate Predefined Values Additional Extension Object Id - Required. The OID for this X.509 extension. Structure is documented below.
- value str
- Required. The value of this X.509 extension.
- critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map - Required. The OID for this X.509 extension. Structure is documented below.
- value String
- Required. The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
CertificateTemplatePredefinedValuesAdditionalExtensionObjectId, CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs
- Object
Id List<int>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPaths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
CertificateTemplatePredefinedValuesCaOptions, CertificateTemplatePredefinedValuesCaOptionsArgs
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CertificateTemplatePredefinedValuesKeyUsage, CertificateTemplatePredefinedValuesKeyUsageArgs
- Base
Key CertificateUsage Template Predefined Values Key Usage Base Key Usage - Describes high-level ways in which a key may be used. Structure is documented below.
- Extended
Key CertificateUsage Template Predefined Values Key Usage Extended Key Usage - Detailed scenarios in which a key may be used. Structure is documented below.
- Unknown
Extended List<CertificateKey Usages Template Predefined Values Key Usage Unknown Extended Key Usage> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
- Base
Key CertificateUsage Template Predefined Values Key Usage Base Key Usage - Describes high-level ways in which a key may be used. Structure is documented below.
- Extended
Key CertificateUsage Template Predefined Values Key Usage Extended Key Usage - Detailed scenarios in which a key may be used. Structure is documented below.
- Unknown
Extended []CertificateKey Usages Template Predefined Values Key Usage Unknown Extended Key Usage - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
- base
Key CertificateUsage Template Predefined Values Key Usage Base Key Usage - Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key CertificateUsage Template Predefined Values Key Usage Extended Key Usage - Detailed scenarios in which a key may be used. Structure is documented below.
- unknown
Extended List<CertificateKey Usages Template Predefined Values Key Usage Unknown Extended Key Usage> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
- base
Key CertificateUsage Template Predefined Values Key Usage Base Key Usage - Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key CertificateUsage Template Predefined Values Key Usage Extended Key Usage - Detailed scenarios in which a key may be used. Structure is documented below.
- unknown
Extended CertificateKey Usages Template Predefined Values Key Usage Unknown Extended Key Usage[] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
- base_
key_ Certificateusage Template Predefined Values Key Usage Base Key Usage - Describes high-level ways in which a key may be used. Structure is documented below.
- extended_
key_ Certificateusage Template Predefined Values Key Usage Extended Key Usage - Detailed scenarios in which a key may be used. Structure is documented below.
- unknown_
extended_ Sequence[Certificatekey_ usages Template Predefined Values Key Usage Unknown Extended Key Usage] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
- base
Key Property MapUsage - Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key Property MapUsage - Detailed scenarios in which a key may be used. Structure is documented below.
- unknown
Extended List<Property Map>Key Usages - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage, CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
- cert
Sign boolean - The key may be used to sign certificates.
- content
Commitment boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean - The key may be used sign certificate revocation lists.
- data
Encipherment boolean - The key may be used to encipher data.
- decipher
Only boolean - The key may be used to decipher only.
- digital
Signature boolean - The key may be used for digital signatures.
- encipher
Only boolean - The key may be used to encipher only.
- key
Agreement boolean - The key may be used in a key agreement protocol.
- key
Encipherment boolean - The key may be used to encipher other keys.
- cert_
sign bool - The key may be used to sign certificates.
- content_
commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool - The key may be used sign certificate revocation lists.
- data_
encipherment bool - The key may be used to encipher data.
- decipher_
only bool - The key may be used to decipher only.
- digital_
signature bool - The key may be used for digital signatures.
- encipher_
only bool - The key may be used to encipher only.
- key_
agreement bool - The key may be used in a key agreement protocol.
- key_
encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs
- Object
Id List<int>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPaths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
CertificateTemplatePredefinedValuesPolicyId, CertificateTemplatePredefinedValuesPolicyIdArgs
- Object
Id List<int>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPaths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]paths - Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Paths - Required. The parts of an OID path. The most significant parts of the path come first.
Import
CertificateTemplate can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}
{{project}}/{{location}}/{{name}}
{{location}}/{{name}}
When using the pulumi import
command, CertificateTemplate can be imported using one of the formats above. For example:
$ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}
$ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{project}}/{{location}}/{{name}}
$ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{location}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.