1. Packages
  2. Google Cloud Native
  3. API Docs
  4. privateca
  5. privateca/v1
  6. CertificateAuthority

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.privateca/v1.CertificateAuthority

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Create a new CertificateAuthority in a given Project and Location. Auto-naming is currently not supported for this resource.

    Create CertificateAuthority Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: CustomResourceOptions);
    @overload
    def CertificateAuthority(resource_name: str,
                             args: CertificateAuthorityArgs,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def CertificateAuthority(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             ca_pool_id: Optional[str] = None,
                             certificate_authority_id: Optional[str] = None,
                             config: Optional[CertificateConfigArgs] = None,
                             key_spec: Optional[KeyVersionSpecArgs] = None,
                             lifetime: Optional[str] = None,
                             type: Optional[CertificateAuthorityType] = None,
                             gcs_bucket: Optional[str] = None,
                             labels: Optional[Mapping[str, str]] = None,
                             location: Optional[str] = None,
                             project: Optional[str] = None,
                             request_id: Optional[str] = None,
                             subordinate_config: Optional[SubordinateConfigArgs] = None)
    func NewCertificateAuthority(ctx *Context, name string, args CertificateAuthorityArgs, opts ...ResourceOption) (*CertificateAuthority, error)
    public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions? opts = null)
    public CertificateAuthority(String name, CertificateAuthorityArgs args)
    public CertificateAuthority(String name, CertificateAuthorityArgs args, CustomResourceOptions options)
    
    type: google-native:privateca/v1:CertificateAuthority
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var certificateAuthorityResource = new GoogleNative.Privateca.V1.CertificateAuthority("certificateAuthorityResource", new()
    {
        CaPoolId = "string",
        CertificateAuthorityId = "string",
        Config = new GoogleNative.Privateca.V1.Inputs.CertificateConfigArgs
        {
            SubjectConfig = new GoogleNative.Privateca.V1.Inputs.SubjectConfigArgs
            {
                Subject = new GoogleNative.Privateca.V1.Inputs.SubjectArgs
                {
                    CommonName = "string",
                    CountryCode = "string",
                    Locality = "string",
                    Organization = "string",
                    OrganizationalUnit = "string",
                    PostalCode = "string",
                    Province = "string",
                    StreetAddress = "string",
                },
                SubjectAltName = new GoogleNative.Privateca.V1.Inputs.SubjectAltNamesArgs
                {
                    CustomSans = new[]
                    {
                        new GoogleNative.Privateca.V1.Inputs.X509ExtensionArgs
                        {
                            ObjectId = new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                            {
                                ObjectIdPath = new[]
                                {
                                    0,
                                },
                            },
                            Value = "string",
                            Critical = false,
                        },
                    },
                    DnsNames = new[]
                    {
                        "string",
                    },
                    EmailAddresses = new[]
                    {
                        "string",
                    },
                    IpAddresses = new[]
                    {
                        "string",
                    },
                    Uris = new[]
                    {
                        "string",
                    },
                },
            },
            X509Config = new GoogleNative.Privateca.V1.Inputs.X509ParametersArgs
            {
                AdditionalExtensions = new[]
                {
                    new GoogleNative.Privateca.V1.Inputs.X509ExtensionArgs
                    {
                        ObjectId = new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                        {
                            ObjectIdPath = new[]
                            {
                                0,
                            },
                        },
                        Value = "string",
                        Critical = false,
                    },
                },
                AiaOcspServers = new[]
                {
                    "string",
                },
                CaOptions = new GoogleNative.Privateca.V1.Inputs.CaOptionsArgs
                {
                    IsCa = false,
                    MaxIssuerPathLength = 0,
                },
                KeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageArgs
                {
                    BaseKeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsArgs
                    {
                        CertSign = false,
                        ContentCommitment = false,
                        CrlSign = false,
                        DataEncipherment = false,
                        DecipherOnly = false,
                        DigitalSignature = false,
                        EncipherOnly = false,
                        KeyAgreement = false,
                        KeyEncipherment = false,
                    },
                    ExtendedKeyUsage = new GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsArgs
                    {
                        ClientAuth = false,
                        CodeSigning = false,
                        EmailProtection = false,
                        OcspSigning = false,
                        ServerAuth = false,
                        TimeStamping = false,
                    },
                    UnknownExtendedKeyUsages = new[]
                    {
                        new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                        {
                            ObjectIdPath = new[]
                            {
                                0,
                            },
                        },
                    },
                },
                NameConstraints = new GoogleNative.Privateca.V1.Inputs.NameConstraintsArgs
                {
                    Critical = false,
                    ExcludedDnsNames = new[]
                    {
                        "string",
                    },
                    ExcludedEmailAddresses = new[]
                    {
                        "string",
                    },
                    ExcludedIpRanges = new[]
                    {
                        "string",
                    },
                    ExcludedUris = new[]
                    {
                        "string",
                    },
                    PermittedDnsNames = new[]
                    {
                        "string",
                    },
                    PermittedEmailAddresses = new[]
                    {
                        "string",
                    },
                    PermittedIpRanges = new[]
                    {
                        "string",
                    },
                    PermittedUris = new[]
                    {
                        "string",
                    },
                },
                PolicyIds = new[]
                {
                    new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                    {
                        ObjectIdPath = new[]
                        {
                            0,
                        },
                    },
                },
            },
            PublicKey = new GoogleNative.Privateca.V1.Inputs.PublicKeyArgs
            {
                Format = GoogleNative.Privateca.V1.PublicKeyFormat.KeyFormatUnspecified,
                Key = "string",
            },
        },
        KeySpec = new GoogleNative.Privateca.V1.Inputs.KeyVersionSpecArgs
        {
            Algorithm = GoogleNative.Privateca.V1.KeyVersionSpecAlgorithm.SignHashAlgorithmUnspecified,
            CloudKmsKeyVersion = "string",
        },
        Lifetime = "string",
        Type = GoogleNative.Privateca.V1.CertificateAuthorityType.TypeUnspecified,
        GcsBucket = "string",
        Labels = 
        {
            { "string", "string" },
        },
        Location = "string",
        Project = "string",
        RequestId = "string",
        SubordinateConfig = new GoogleNative.Privateca.V1.Inputs.SubordinateConfigArgs
        {
            CertificateAuthority = "string",
            PemIssuerChain = new GoogleNative.Privateca.V1.Inputs.SubordinateConfigChainArgs
            {
                PemCertificates = new[]
                {
                    "string",
                },
            },
        },
    });
    
    example, err := privateca.NewCertificateAuthority(ctx, "certificateAuthorityResource", &privateca.CertificateAuthorityArgs{
    	CaPoolId:               pulumi.String("string"),
    	CertificateAuthorityId: pulumi.String("string"),
    	Config: &privateca.CertificateConfigArgs{
    		SubjectConfig: &privateca.SubjectConfigArgs{
    			Subject: &privateca.SubjectArgs{
    				CommonName:         pulumi.String("string"),
    				CountryCode:        pulumi.String("string"),
    				Locality:           pulumi.String("string"),
    				Organization:       pulumi.String("string"),
    				OrganizationalUnit: pulumi.String("string"),
    				PostalCode:         pulumi.String("string"),
    				Province:           pulumi.String("string"),
    				StreetAddress:      pulumi.String("string"),
    			},
    			SubjectAltName: &privateca.SubjectAltNamesArgs{
    				CustomSans: privateca.X509ExtensionArray{
    					&privateca.X509ExtensionArgs{
    						ObjectId: &privateca.ObjectIdArgs{
    							ObjectIdPath: pulumi.IntArray{
    								pulumi.Int(0),
    							},
    						},
    						Value:    pulumi.String("string"),
    						Critical: pulumi.Bool(false),
    					},
    				},
    				DnsNames: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				EmailAddresses: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				IpAddresses: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Uris: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    			},
    		},
    		X509Config: &privateca.X509ParametersArgs{
    			AdditionalExtensions: privateca.X509ExtensionArray{
    				&privateca.X509ExtensionArgs{
    					ObjectId: &privateca.ObjectIdArgs{
    						ObjectIdPath: pulumi.IntArray{
    							pulumi.Int(0),
    						},
    					},
    					Value:    pulumi.String("string"),
    					Critical: pulumi.Bool(false),
    				},
    			},
    			AiaOcspServers: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			CaOptions: &privateca.CaOptionsArgs{
    				IsCa:                pulumi.Bool(false),
    				MaxIssuerPathLength: pulumi.Int(0),
    			},
    			KeyUsage: &privateca.KeyUsageArgs{
    				BaseKeyUsage: &privateca.KeyUsageOptionsArgs{
    					CertSign:          pulumi.Bool(false),
    					ContentCommitment: pulumi.Bool(false),
    					CrlSign:           pulumi.Bool(false),
    					DataEncipherment:  pulumi.Bool(false),
    					DecipherOnly:      pulumi.Bool(false),
    					DigitalSignature:  pulumi.Bool(false),
    					EncipherOnly:      pulumi.Bool(false),
    					KeyAgreement:      pulumi.Bool(false),
    					KeyEncipherment:   pulumi.Bool(false),
    				},
    				ExtendedKeyUsage: &privateca.ExtendedKeyUsageOptionsArgs{
    					ClientAuth:      pulumi.Bool(false),
    					CodeSigning:     pulumi.Bool(false),
    					EmailProtection: pulumi.Bool(false),
    					OcspSigning:     pulumi.Bool(false),
    					ServerAuth:      pulumi.Bool(false),
    					TimeStamping:    pulumi.Bool(false),
    				},
    				UnknownExtendedKeyUsages: privateca.ObjectIdArray{
    					&privateca.ObjectIdArgs{
    						ObjectIdPath: pulumi.IntArray{
    							pulumi.Int(0),
    						},
    					},
    				},
    			},
    			NameConstraints: &privateca.NameConstraintsArgs{
    				Critical: pulumi.Bool(false),
    				ExcludedDnsNames: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				ExcludedEmailAddresses: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				ExcludedIpRanges: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				ExcludedUris: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				PermittedDnsNames: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				PermittedEmailAddresses: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				PermittedIpRanges: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				PermittedUris: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    			},
    			PolicyIds: privateca.ObjectIdArray{
    				&privateca.ObjectIdArgs{
    					ObjectIdPath: pulumi.IntArray{
    						pulumi.Int(0),
    					},
    				},
    			},
    		},
    		PublicKey: &privateca.PublicKeyArgs{
    			Format: privateca.PublicKeyFormatKeyFormatUnspecified,
    			Key:    pulumi.String("string"),
    		},
    	},
    	KeySpec: &privateca.KeyVersionSpecArgs{
    		Algorithm:          privateca.KeyVersionSpecAlgorithmSignHashAlgorithmUnspecified,
    		CloudKmsKeyVersion: pulumi.String("string"),
    	},
    	Lifetime:  pulumi.String("string"),
    	Type:      privateca.CertificateAuthorityTypeTypeUnspecified,
    	GcsBucket: pulumi.String("string"),
    	Labels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Location:  pulumi.String("string"),
    	Project:   pulumi.String("string"),
    	RequestId: pulumi.String("string"),
    	SubordinateConfig: &privateca.SubordinateConfigArgs{
    		CertificateAuthority: pulumi.String("string"),
    		PemIssuerChain: &privateca.SubordinateConfigChainArgs{
    			PemCertificates: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    })
    
    var certificateAuthorityResource = new CertificateAuthority("certificateAuthorityResource", CertificateAuthorityArgs.builder()
        .caPoolId("string")
        .certificateAuthorityId("string")
        .config(CertificateConfigArgs.builder()
            .subjectConfig(SubjectConfigArgs.builder()
                .subject(SubjectArgs.builder()
                    .commonName("string")
                    .countryCode("string")
                    .locality("string")
                    .organization("string")
                    .organizationalUnit("string")
                    .postalCode("string")
                    .province("string")
                    .streetAddress("string")
                    .build())
                .subjectAltName(SubjectAltNamesArgs.builder()
                    .customSans(X509ExtensionArgs.builder()
                        .objectId(ObjectIdArgs.builder()
                            .objectIdPath(0)
                            .build())
                        .value("string")
                        .critical(false)
                        .build())
                    .dnsNames("string")
                    .emailAddresses("string")
                    .ipAddresses("string")
                    .uris("string")
                    .build())
                .build())
            .x509Config(X509ParametersArgs.builder()
                .additionalExtensions(X509ExtensionArgs.builder()
                    .objectId(ObjectIdArgs.builder()
                        .objectIdPath(0)
                        .build())
                    .value("string")
                    .critical(false)
                    .build())
                .aiaOcspServers("string")
                .caOptions(CaOptionsArgs.builder()
                    .isCa(false)
                    .maxIssuerPathLength(0)
                    .build())
                .keyUsage(KeyUsageArgs.builder()
                    .baseKeyUsage(KeyUsageOptionsArgs.builder()
                        .certSign(false)
                        .contentCommitment(false)
                        .crlSign(false)
                        .dataEncipherment(false)
                        .decipherOnly(false)
                        .digitalSignature(false)
                        .encipherOnly(false)
                        .keyAgreement(false)
                        .keyEncipherment(false)
                        .build())
                    .extendedKeyUsage(ExtendedKeyUsageOptionsArgs.builder()
                        .clientAuth(false)
                        .codeSigning(false)
                        .emailProtection(false)
                        .ocspSigning(false)
                        .serverAuth(false)
                        .timeStamping(false)
                        .build())
                    .unknownExtendedKeyUsages(ObjectIdArgs.builder()
                        .objectIdPath(0)
                        .build())
                    .build())
                .nameConstraints(NameConstraintsArgs.builder()
                    .critical(false)
                    .excludedDnsNames("string")
                    .excludedEmailAddresses("string")
                    .excludedIpRanges("string")
                    .excludedUris("string")
                    .permittedDnsNames("string")
                    .permittedEmailAddresses("string")
                    .permittedIpRanges("string")
                    .permittedUris("string")
                    .build())
                .policyIds(ObjectIdArgs.builder()
                    .objectIdPath(0)
                    .build())
                .build())
            .publicKey(PublicKeyArgs.builder()
                .format("KEY_FORMAT_UNSPECIFIED")
                .key("string")
                .build())
            .build())
        .keySpec(KeyVersionSpecArgs.builder()
            .algorithm("SIGN_HASH_ALGORITHM_UNSPECIFIED")
            .cloudKmsKeyVersion("string")
            .build())
        .lifetime("string")
        .type("TYPE_UNSPECIFIED")
        .gcsBucket("string")
        .labels(Map.of("string", "string"))
        .location("string")
        .project("string")
        .requestId("string")
        .subordinateConfig(SubordinateConfigArgs.builder()
            .certificateAuthority("string")
            .pemIssuerChain(SubordinateConfigChainArgs.builder()
                .pemCertificates("string")
                .build())
            .build())
        .build());
    
    certificate_authority_resource = google_native.privateca.v1.CertificateAuthority("certificateAuthorityResource",
        ca_pool_id="string",
        certificate_authority_id="string",
        config={
            "subject_config": {
                "subject": {
                    "common_name": "string",
                    "country_code": "string",
                    "locality": "string",
                    "organization": "string",
                    "organizational_unit": "string",
                    "postal_code": "string",
                    "province": "string",
                    "street_address": "string",
                },
                "subject_alt_name": {
                    "custom_sans": [{
                        "object_id": {
                            "object_id_path": [0],
                        },
                        "value": "string",
                        "critical": False,
                    }],
                    "dns_names": ["string"],
                    "email_addresses": ["string"],
                    "ip_addresses": ["string"],
                    "uris": ["string"],
                },
            },
            "x509_config": {
                "additional_extensions": [{
                    "object_id": {
                        "object_id_path": [0],
                    },
                    "value": "string",
                    "critical": False,
                }],
                "aia_ocsp_servers": ["string"],
                "ca_options": {
                    "is_ca": False,
                    "max_issuer_path_length": 0,
                },
                "key_usage": {
                    "base_key_usage": {
                        "cert_sign": False,
                        "content_commitment": False,
                        "crl_sign": False,
                        "data_encipherment": False,
                        "decipher_only": False,
                        "digital_signature": False,
                        "encipher_only": False,
                        "key_agreement": False,
                        "key_encipherment": False,
                    },
                    "extended_key_usage": {
                        "client_auth": False,
                        "code_signing": False,
                        "email_protection": False,
                        "ocsp_signing": False,
                        "server_auth": False,
                        "time_stamping": False,
                    },
                    "unknown_extended_key_usages": [{
                        "object_id_path": [0],
                    }],
                },
                "name_constraints": {
                    "critical": False,
                    "excluded_dns_names": ["string"],
                    "excluded_email_addresses": ["string"],
                    "excluded_ip_ranges": ["string"],
                    "excluded_uris": ["string"],
                    "permitted_dns_names": ["string"],
                    "permitted_email_addresses": ["string"],
                    "permitted_ip_ranges": ["string"],
                    "permitted_uris": ["string"],
                },
                "policy_ids": [{
                    "object_id_path": [0],
                }],
            },
            "public_key": {
                "format": google_native.privateca.v1.PublicKeyFormat.KEY_FORMAT_UNSPECIFIED,
                "key": "string",
            },
        },
        key_spec={
            "algorithm": google_native.privateca.v1.KeyVersionSpecAlgorithm.SIGN_HASH_ALGORITHM_UNSPECIFIED,
            "cloud_kms_key_version": "string",
        },
        lifetime="string",
        type=google_native.privateca.v1.CertificateAuthorityType.TYPE_UNSPECIFIED,
        gcs_bucket="string",
        labels={
            "string": "string",
        },
        location="string",
        project="string",
        request_id="string",
        subordinate_config={
            "certificate_authority": "string",
            "pem_issuer_chain": {
                "pem_certificates": ["string"],
            },
        })
    
    const certificateAuthorityResource = new google_native.privateca.v1.CertificateAuthority("certificateAuthorityResource", {
        caPoolId: "string",
        certificateAuthorityId: "string",
        config: {
            subjectConfig: {
                subject: {
                    commonName: "string",
                    countryCode: "string",
                    locality: "string",
                    organization: "string",
                    organizationalUnit: "string",
                    postalCode: "string",
                    province: "string",
                    streetAddress: "string",
                },
                subjectAltName: {
                    customSans: [{
                        objectId: {
                            objectIdPath: [0],
                        },
                        value: "string",
                        critical: false,
                    }],
                    dnsNames: ["string"],
                    emailAddresses: ["string"],
                    ipAddresses: ["string"],
                    uris: ["string"],
                },
            },
            x509Config: {
                additionalExtensions: [{
                    objectId: {
                        objectIdPath: [0],
                    },
                    value: "string",
                    critical: false,
                }],
                aiaOcspServers: ["string"],
                caOptions: {
                    isCa: false,
                    maxIssuerPathLength: 0,
                },
                keyUsage: {
                    baseKeyUsage: {
                        certSign: false,
                        contentCommitment: false,
                        crlSign: false,
                        dataEncipherment: false,
                        decipherOnly: false,
                        digitalSignature: false,
                        encipherOnly: false,
                        keyAgreement: false,
                        keyEncipherment: false,
                    },
                    extendedKeyUsage: {
                        clientAuth: false,
                        codeSigning: false,
                        emailProtection: false,
                        ocspSigning: false,
                        serverAuth: false,
                        timeStamping: false,
                    },
                    unknownExtendedKeyUsages: [{
                        objectIdPath: [0],
                    }],
                },
                nameConstraints: {
                    critical: false,
                    excludedDnsNames: ["string"],
                    excludedEmailAddresses: ["string"],
                    excludedIpRanges: ["string"],
                    excludedUris: ["string"],
                    permittedDnsNames: ["string"],
                    permittedEmailAddresses: ["string"],
                    permittedIpRanges: ["string"],
                    permittedUris: ["string"],
                },
                policyIds: [{
                    objectIdPath: [0],
                }],
            },
            publicKey: {
                format: google_native.privateca.v1.PublicKeyFormat.KeyFormatUnspecified,
                key: "string",
            },
        },
        keySpec: {
            algorithm: google_native.privateca.v1.KeyVersionSpecAlgorithm.SignHashAlgorithmUnspecified,
            cloudKmsKeyVersion: "string",
        },
        lifetime: "string",
        type: google_native.privateca.v1.CertificateAuthorityType.TypeUnspecified,
        gcsBucket: "string",
        labels: {
            string: "string",
        },
        location: "string",
        project: "string",
        requestId: "string",
        subordinateConfig: {
            certificateAuthority: "string",
            pemIssuerChain: {
                pemCertificates: ["string"],
            },
        },
    });
    
    type: google-native:privateca/v1:CertificateAuthority
    properties:
        caPoolId: string
        certificateAuthorityId: string
        config:
            publicKey:
                format: KEY_FORMAT_UNSPECIFIED
                key: string
            subjectConfig:
                subject:
                    commonName: string
                    countryCode: string
                    locality: string
                    organization: string
                    organizationalUnit: string
                    postalCode: string
                    province: string
                    streetAddress: string
                subjectAltName:
                    customSans:
                        - critical: false
                          objectId:
                            objectIdPath:
                                - 0
                          value: string
                    dnsNames:
                        - string
                    emailAddresses:
                        - string
                    ipAddresses:
                        - string
                    uris:
                        - string
            x509Config:
                additionalExtensions:
                    - critical: false
                      objectId:
                        objectIdPath:
                            - 0
                      value: string
                aiaOcspServers:
                    - string
                caOptions:
                    isCa: false
                    maxIssuerPathLength: 0
                keyUsage:
                    baseKeyUsage:
                        certSign: false
                        contentCommitment: false
                        crlSign: false
                        dataEncipherment: false
                        decipherOnly: false
                        digitalSignature: false
                        encipherOnly: false
                        keyAgreement: false
                        keyEncipherment: false
                    extendedKeyUsage:
                        clientAuth: false
                        codeSigning: false
                        emailProtection: false
                        ocspSigning: false
                        serverAuth: false
                        timeStamping: false
                    unknownExtendedKeyUsages:
                        - objectIdPath:
                            - 0
                nameConstraints:
                    critical: false
                    excludedDnsNames:
                        - string
                    excludedEmailAddresses:
                        - string
                    excludedIpRanges:
                        - string
                    excludedUris:
                        - string
                    permittedDnsNames:
                        - string
                    permittedEmailAddresses:
                        - string
                    permittedIpRanges:
                        - string
                    permittedUris:
                        - string
                policyIds:
                    - objectIdPath:
                        - 0
        gcsBucket: string
        keySpec:
            algorithm: SIGN_HASH_ALGORITHM_UNSPECIFIED
            cloudKmsKeyVersion: string
        labels:
            string: string
        lifetime: string
        location: string
        project: string
        requestId: string
        subordinateConfig:
            certificateAuthority: string
            pemIssuerChain:
                pemCertificates:
                    - string
        type: TYPE_UNSPECIFIED
    

    CertificateAuthority Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The CertificateAuthority resource accepts the following input properties:

    CaPoolId string
    CertificateAuthorityId string
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    Config Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateConfig
    Immutable. The config used to create a self-signed X.509 certificate or CSR.
    KeySpec Pulumi.GoogleNative.Privateca.V1.Inputs.KeyVersionSpec
    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
    Lifetime string
    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
    Type Pulumi.GoogleNative.Privateca.V1.CertificateAuthorityType
    Immutable. The Type of this CertificateAuthority.
    GcsBucket string
    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
    Labels Dictionary<string, string>
    Optional. Labels with user-defined metadata.
    Location string
    Project string
    RequestId string
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    SubordinateConfig Pulumi.GoogleNative.Privateca.V1.Inputs.SubordinateConfig
    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
    CaPoolId string
    CertificateAuthorityId string
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    Config CertificateConfigArgs
    Immutable. The config used to create a self-signed X.509 certificate or CSR.
    KeySpec KeyVersionSpecArgs
    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
    Lifetime string
    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
    Type CertificateAuthorityType
    Immutable. The Type of this CertificateAuthority.
    GcsBucket string
    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
    Labels map[string]string
    Optional. Labels with user-defined metadata.
    Location string
    Project string
    RequestId string
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    SubordinateConfig SubordinateConfigArgs
    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
    caPoolId String
    certificateAuthorityId String
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    config CertificateConfig
    Immutable. The config used to create a self-signed X.509 certificate or CSR.
    keySpec KeyVersionSpec
    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
    lifetime String
    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
    type CertificateAuthorityType
    Immutable. The Type of this CertificateAuthority.
    gcsBucket String
    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
    labels Map<String,String>
    Optional. Labels with user-defined metadata.
    location String
    project String
    requestId String
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    subordinateConfig SubordinateConfig
    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
    caPoolId string
    certificateAuthorityId string
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    config CertificateConfig
    Immutable. The config used to create a self-signed X.509 certificate or CSR.
    keySpec KeyVersionSpec
    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
    lifetime string
    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
    type CertificateAuthorityType
    Immutable. The Type of this CertificateAuthority.
    gcsBucket string
    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
    labels {[key: string]: string}
    Optional. Labels with user-defined metadata.
    location string
    project string
    requestId string
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    subordinateConfig SubordinateConfig
    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
    ca_pool_id str
    certificate_authority_id str
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    config CertificateConfigArgs
    Immutable. The config used to create a self-signed X.509 certificate or CSR.
    key_spec KeyVersionSpecArgs
    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
    lifetime str
    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
    type CertificateAuthorityType
    Immutable. The Type of this CertificateAuthority.
    gcs_bucket str
    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
    labels Mapping[str, str]
    Optional. Labels with user-defined metadata.
    location str
    project str
    request_id str
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    subordinate_config SubordinateConfigArgs
    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
    caPoolId String
    certificateAuthorityId String
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    config Property Map
    Immutable. The config used to create a self-signed X.509 certificate or CSR.
    keySpec Property Map
    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
    lifetime String
    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
    type "TYPE_UNSPECIFIED" | "SELF_SIGNED" | "SUBORDINATE"
    Immutable. The Type of this CertificateAuthority.
    gcsBucket String
    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
    labels Map<String>
    Optional. Labels with user-defined metadata.
    location String
    project String
    requestId String
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    subordinateConfig Property Map
    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CertificateAuthority resource produces the following output properties:

    AccessUrls Pulumi.GoogleNative.Privateca.V1.Outputs.AccessUrlsResponse
    URLs for accessing content published by this CA, such as the CA certificate and CRLs.
    CaCertificateDescriptions List<Pulumi.GoogleNative.Privateca.V1.Outputs.CertificateDescriptionResponse>
    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
    CreateTime string
    The time at which this CertificateAuthority was created.
    DeleteTime string
    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
    ExpireTime string
    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    PemCaCertificates List<string>
    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
    State string
    The State for this CertificateAuthority.
    Tier string
    The CaPool.Tier of the CaPool that includes this CertificateAuthority.
    UpdateTime string
    The time at which this CertificateAuthority was last updated.
    AccessUrls AccessUrlsResponse
    URLs for accessing content published by this CA, such as the CA certificate and CRLs.
    CaCertificateDescriptions []CertificateDescriptionResponse
    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
    CreateTime string
    The time at which this CertificateAuthority was created.
    DeleteTime string
    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
    ExpireTime string
    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    PemCaCertificates []string
    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
    State string
    The State for this CertificateAuthority.
    Tier string
    The CaPool.Tier of the CaPool that includes this CertificateAuthority.
    UpdateTime string
    The time at which this CertificateAuthority was last updated.
    accessUrls AccessUrlsResponse
    URLs for accessing content published by this CA, such as the CA certificate and CRLs.
    caCertificateDescriptions List<CertificateDescriptionResponse>
    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
    createTime String
    The time at which this CertificateAuthority was created.
    deleteTime String
    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
    expireTime String
    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pemCaCertificates List<String>
    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
    state String
    The State for this CertificateAuthority.
    tier String
    The CaPool.Tier of the CaPool that includes this CertificateAuthority.
    updateTime String
    The time at which this CertificateAuthority was last updated.
    accessUrls AccessUrlsResponse
    URLs for accessing content published by this CA, such as the CA certificate and CRLs.
    caCertificateDescriptions CertificateDescriptionResponse[]
    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
    createTime string
    The time at which this CertificateAuthority was created.
    deleteTime string
    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
    expireTime string
    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pemCaCertificates string[]
    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
    state string
    The State for this CertificateAuthority.
    tier string
    The CaPool.Tier of the CaPool that includes this CertificateAuthority.
    updateTime string
    The time at which this CertificateAuthority was last updated.
    access_urls AccessUrlsResponse
    URLs for accessing content published by this CA, such as the CA certificate and CRLs.
    ca_certificate_descriptions Sequence[CertificateDescriptionResponse]
    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
    create_time str
    The time at which this CertificateAuthority was created.
    delete_time str
    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
    expire_time str
    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pem_ca_certificates Sequence[str]
    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
    state str
    The State for this CertificateAuthority.
    tier str
    The CaPool.Tier of the CaPool that includes this CertificateAuthority.
    update_time str
    The time at which this CertificateAuthority was last updated.
    accessUrls Property Map
    URLs for accessing content published by this CA, such as the CA certificate and CRLs.
    caCertificateDescriptions List<Property Map>
    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
    createTime String
    The time at which this CertificateAuthority was created.
    deleteTime String
    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
    expireTime String
    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pemCaCertificates List<String>
    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
    state String
    The State for this CertificateAuthority.
    tier String
    The CaPool.Tier of the CaPool that includes this CertificateAuthority.
    updateTime String
    The time at which this CertificateAuthority was last updated.

    Supporting Types

    AccessUrlsResponse, AccessUrlsResponseArgs

    CaCertificateAccessUrl string
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    CrlAccessUrls List<string>
    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
    CaCertificateAccessUrl string
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    CrlAccessUrls []string
    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
    caCertificateAccessUrl String
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    crlAccessUrls List<String>
    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
    caCertificateAccessUrl string
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    crlAccessUrls string[]
    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
    ca_certificate_access_url str
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    crl_access_urls Sequence[str]
    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
    caCertificateAccessUrl String
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    crlAccessUrls List<String>
    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

    CaOptions, CaOptionsArgs

    IsCa bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    MaxIssuerPathLength int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    IsCa bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    MaxIssuerPathLength int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa Boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength Integer
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength number
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    is_ca bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    max_issuer_path_length int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa Boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength Number
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    CaOptionsResponse, CaOptionsResponseArgs

    IsCa bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    MaxIssuerPathLength int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    IsCa bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    MaxIssuerPathLength int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa Boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength Integer
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength number
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    is_ca bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    max_issuer_path_length int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa Boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength Number
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    CertificateAuthorityType, CertificateAuthorityTypeArgs

    TypeUnspecified
    TYPE_UNSPECIFIEDNot specified.
    SelfSigned
    SELF_SIGNEDSelf-signed CA.
    Subordinate
    SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
    CertificateAuthorityTypeTypeUnspecified
    TYPE_UNSPECIFIEDNot specified.
    CertificateAuthorityTypeSelfSigned
    SELF_SIGNEDSelf-signed CA.
    CertificateAuthorityTypeSubordinate
    SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
    TypeUnspecified
    TYPE_UNSPECIFIEDNot specified.
    SelfSigned
    SELF_SIGNEDSelf-signed CA.
    Subordinate
    SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
    TypeUnspecified
    TYPE_UNSPECIFIEDNot specified.
    SelfSigned
    SELF_SIGNEDSelf-signed CA.
    Subordinate
    SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
    TYPE_UNSPECIFIED
    TYPE_UNSPECIFIEDNot specified.
    SELF_SIGNED
    SELF_SIGNEDSelf-signed CA.
    SUBORDINATE
    SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
    "TYPE_UNSPECIFIED"
    TYPE_UNSPECIFIEDNot specified.
    "SELF_SIGNED"
    SELF_SIGNEDSelf-signed CA.
    "SUBORDINATE"
    SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.

    CertificateConfig, CertificateConfigArgs

    SubjectConfig Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectConfig
    Specifies some of the values in a certificate that are related to the subject.
    X509Config Pulumi.GoogleNative.Privateca.V1.Inputs.X509Parameters
    Describes how some of the technical X.509 fields in a certificate should be populated.
    PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKey
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    SubjectConfig SubjectConfig
    Specifies some of the values in a certificate that are related to the subject.
    X509Config X509Parameters
    Describes how some of the technical X.509 fields in a certificate should be populated.
    PublicKey PublicKey
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    subjectConfig SubjectConfig
    Specifies some of the values in a certificate that are related to the subject.
    x509Config X509Parameters
    Describes how some of the technical X.509 fields in a certificate should be populated.
    publicKey PublicKey
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    subjectConfig SubjectConfig
    Specifies some of the values in a certificate that are related to the subject.
    x509Config X509Parameters
    Describes how some of the technical X.509 fields in a certificate should be populated.
    publicKey PublicKey
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    subject_config SubjectConfig
    Specifies some of the values in a certificate that are related to the subject.
    x509_config X509Parameters
    Describes how some of the technical X.509 fields in a certificate should be populated.
    public_key PublicKey
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    subjectConfig Property Map
    Specifies some of the values in a certificate that are related to the subject.
    x509Config Property Map
    Describes how some of the technical X.509 fields in a certificate should be populated.
    publicKey Property Map
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

    CertificateConfigResponse, CertificateConfigResponseArgs

    PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKeyResponse
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    SubjectConfig Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectConfigResponse
    Specifies some of the values in a certificate that are related to the subject.
    X509Config Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse
    Describes how some of the technical X.509 fields in a certificate should be populated.
    PublicKey PublicKeyResponse
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    SubjectConfig SubjectConfigResponse
    Specifies some of the values in a certificate that are related to the subject.
    X509Config X509ParametersResponse
    Describes how some of the technical X.509 fields in a certificate should be populated.
    publicKey PublicKeyResponse
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    subjectConfig SubjectConfigResponse
    Specifies some of the values in a certificate that are related to the subject.
    x509Config X509ParametersResponse
    Describes how some of the technical X.509 fields in a certificate should be populated.
    publicKey PublicKeyResponse
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    subjectConfig SubjectConfigResponse
    Specifies some of the values in a certificate that are related to the subject.
    x509Config X509ParametersResponse
    Describes how some of the technical X.509 fields in a certificate should be populated.
    public_key PublicKeyResponse
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    subject_config SubjectConfigResponse
    Specifies some of the values in a certificate that are related to the subject.
    x509_config X509ParametersResponse
    Describes how some of the technical X.509 fields in a certificate should be populated.
    publicKey Property Map
    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
    subjectConfig Property Map
    Specifies some of the values in a certificate that are related to the subject.
    x509Config Property Map
    Describes how some of the technical X.509 fields in a certificate should be populated.

    CertificateDescriptionResponse, CertificateDescriptionResponseArgs

    AiaIssuingCertificateUrls List<string>
    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
    AuthorityKeyId Pulumi.GoogleNative.Privateca.V1.Inputs.KeyIdResponse
    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
    CertFingerprint Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateFingerprintResponse
    The hash of the x.509 certificate.
    CrlDistributionPoints List<string>
    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
    PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKeyResponse
    The public key that corresponds to an issued certificate.
    SubjectDescription Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectDescriptionResponse
    Describes some of the values in a certificate that are related to the subject and lifetime.
    SubjectKeyId Pulumi.GoogleNative.Privateca.V1.Inputs.KeyIdResponse
    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
    X509Description Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse
    Describes some of the technical X.509 fields in a certificate.
    AiaIssuingCertificateUrls []string
    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
    AuthorityKeyId KeyIdResponse
    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
    CertFingerprint CertificateFingerprintResponse
    The hash of the x.509 certificate.
    CrlDistributionPoints []string
    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
    PublicKey PublicKeyResponse
    The public key that corresponds to an issued certificate.
    SubjectDescription SubjectDescriptionResponse
    Describes some of the values in a certificate that are related to the subject and lifetime.
    SubjectKeyId KeyIdResponse
    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
    X509Description X509ParametersResponse
    Describes some of the technical X.509 fields in a certificate.
    aiaIssuingCertificateUrls List<String>
    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
    authorityKeyId KeyIdResponse
    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
    certFingerprint CertificateFingerprintResponse
    The hash of the x.509 certificate.
    crlDistributionPoints List<String>
    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
    publicKey PublicKeyResponse
    The public key that corresponds to an issued certificate.
    subjectDescription SubjectDescriptionResponse
    Describes some of the values in a certificate that are related to the subject and lifetime.
    subjectKeyId KeyIdResponse
    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
    x509Description X509ParametersResponse
    Describes some of the technical X.509 fields in a certificate.
    aiaIssuingCertificateUrls string[]
    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
    authorityKeyId KeyIdResponse
    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
    certFingerprint CertificateFingerprintResponse
    The hash of the x.509 certificate.
    crlDistributionPoints string[]
    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
    publicKey PublicKeyResponse
    The public key that corresponds to an issued certificate.
    subjectDescription SubjectDescriptionResponse
    Describes some of the values in a certificate that are related to the subject and lifetime.
    subjectKeyId KeyIdResponse
    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
    x509Description X509ParametersResponse
    Describes some of the technical X.509 fields in a certificate.
    aia_issuing_certificate_urls Sequence[str]
    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
    authority_key_id KeyIdResponse
    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
    cert_fingerprint CertificateFingerprintResponse
    The hash of the x.509 certificate.
    crl_distribution_points Sequence[str]
    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
    public_key PublicKeyResponse
    The public key that corresponds to an issued certificate.
    subject_description SubjectDescriptionResponse
    Describes some of the values in a certificate that are related to the subject and lifetime.
    subject_key_id KeyIdResponse
    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
    x509_description X509ParametersResponse
    Describes some of the technical X.509 fields in a certificate.
    aiaIssuingCertificateUrls List<String>
    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
    authorityKeyId Property Map
    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
    certFingerprint Property Map
    The hash of the x.509 certificate.
    crlDistributionPoints List<String>
    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
    publicKey Property Map
    The public key that corresponds to an issued certificate.
    subjectDescription Property Map
    Describes some of the values in a certificate that are related to the subject and lifetime.
    subjectKeyId Property Map
    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
    x509Description Property Map
    Describes some of the technical X.509 fields in a certificate.

    CertificateFingerprintResponse, CertificateFingerprintResponseArgs

    Sha256Hash string
    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
    Sha256Hash string
    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
    sha256Hash String
    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
    sha256Hash string
    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
    sha256_hash str
    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
    sha256Hash String
    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

    ExtendedKeyUsageOptions, ExtendedKeyUsageOptionsArgs

    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    client_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    code_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    email_protection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocsp_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    server_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    time_stamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    ExtendedKeyUsageOptionsResponse, ExtendedKeyUsageOptionsResponseArgs

    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    client_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    code_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    email_protection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocsp_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    server_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    time_stamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    KeyIdResponse, KeyIdResponseArgs

    KeyId string
    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
    KeyId string
    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
    keyId String
    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
    keyId string
    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
    key_id str
    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
    keyId String
    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

    KeyUsage, KeyUsageArgs

    BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptions
    Describes high-level ways in which a key may be used.
    ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptions
    Detailed scenarios in which a key may be used.
    UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    BaseKeyUsage KeyUsageOptions
    Describes high-level ways in which a key may be used.
    ExtendedKeyUsage ExtendedKeyUsageOptions
    Detailed scenarios in which a key may be used.
    UnknownExtendedKeyUsages []ObjectId
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage KeyUsageOptions
    Describes high-level ways in which a key may be used.
    extendedKeyUsage ExtendedKeyUsageOptions
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages List<ObjectId>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage KeyUsageOptions
    Describes high-level ways in which a key may be used.
    extendedKeyUsage ExtendedKeyUsageOptions
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages ObjectId[]
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    base_key_usage KeyUsageOptions
    Describes high-level ways in which a key may be used.
    extended_key_usage ExtendedKeyUsageOptions
    Detailed scenarios in which a key may be used.
    unknown_extended_key_usages Sequence[ObjectId]
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage Property Map
    Describes high-level ways in which a key may be used.
    extendedKeyUsage Property Map
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages List<Property Map>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    KeyUsageOptions, KeyUsageOptionsArgs

    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.
    certSign boolean
    The key may be used to sign certificates.
    contentCommitment boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment boolean
    The key may be used to encipher data.
    decipherOnly boolean
    The key may be used to decipher only.
    digitalSignature boolean
    The key may be used for digital signatures.
    encipherOnly boolean
    The key may be used to encipher only.
    keyAgreement boolean
    The key may be used in a key agreement protocol.
    keyEncipherment boolean
    The key may be used to encipher other keys.
    cert_sign bool
    The key may be used to sign certificates.
    content_commitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crl_sign bool
    The key may be used sign certificate revocation lists.
    data_encipherment bool
    The key may be used to encipher data.
    decipher_only bool
    The key may be used to decipher only.
    digital_signature bool
    The key may be used for digital signatures.
    encipher_only bool
    The key may be used to encipher only.
    key_agreement bool
    The key may be used in a key agreement protocol.
    key_encipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.

    KeyUsageOptionsResponse, KeyUsageOptionsResponseArgs

    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.
    certSign boolean
    The key may be used to sign certificates.
    contentCommitment boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment boolean
    The key may be used to encipher data.
    decipherOnly boolean
    The key may be used to decipher only.
    digitalSignature boolean
    The key may be used for digital signatures.
    encipherOnly boolean
    The key may be used to encipher only.
    keyAgreement boolean
    The key may be used in a key agreement protocol.
    keyEncipherment boolean
    The key may be used to encipher other keys.
    cert_sign bool
    The key may be used to sign certificates.
    content_commitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crl_sign bool
    The key may be used sign certificate revocation lists.
    data_encipherment bool
    The key may be used to encipher data.
    decipher_only bool
    The key may be used to decipher only.
    digital_signature bool
    The key may be used for digital signatures.
    encipher_only bool
    The key may be used to encipher only.
    key_agreement bool
    The key may be used in a key agreement protocol.
    key_encipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.

    KeyUsageResponse, KeyUsageResponseArgs

    BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsResponse
    Describes high-level ways in which a key may be used.
    ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsResponse
    Detailed scenarios in which a key may be used.
    UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    BaseKeyUsage KeyUsageOptionsResponse
    Describes high-level ways in which a key may be used.
    ExtendedKeyUsage ExtendedKeyUsageOptionsResponse
    Detailed scenarios in which a key may be used.
    UnknownExtendedKeyUsages []ObjectIdResponse
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage KeyUsageOptionsResponse
    Describes high-level ways in which a key may be used.
    extendedKeyUsage ExtendedKeyUsageOptionsResponse
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages List<ObjectIdResponse>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage KeyUsageOptionsResponse
    Describes high-level ways in which a key may be used.
    extendedKeyUsage ExtendedKeyUsageOptionsResponse
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages ObjectIdResponse[]
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    base_key_usage KeyUsageOptionsResponse
    Describes high-level ways in which a key may be used.
    extended_key_usage ExtendedKeyUsageOptionsResponse
    Detailed scenarios in which a key may be used.
    unknown_extended_key_usages Sequence[ObjectIdResponse]
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage Property Map
    Describes high-level ways in which a key may be used.
    extendedKeyUsage Property Map
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages List<Property Map>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    KeyVersionSpec, KeyVersionSpecArgs

    Algorithm Pulumi.GoogleNative.Privateca.V1.KeyVersionSpecAlgorithm
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    CloudKmsKeyVersion string
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
    Algorithm KeyVersionSpecAlgorithm
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    CloudKmsKeyVersion string
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
    algorithm KeyVersionSpecAlgorithm
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    cloudKmsKeyVersion String
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
    algorithm KeyVersionSpecAlgorithm
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    cloudKmsKeyVersion string
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
    algorithm KeyVersionSpecAlgorithm
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    cloud_kms_key_version str
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
    algorithm "SIGN_HASH_ALGORITHM_UNSPECIFIED" | "RSA_PSS_2048_SHA256" | "RSA_PSS_3072_SHA256" | "RSA_PSS_4096_SHA256" | "RSA_PKCS1_2048_SHA256" | "RSA_PKCS1_3072_SHA256" | "RSA_PKCS1_4096_SHA256" | "EC_P256_SHA256" | "EC_P384_SHA384"
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    cloudKmsKeyVersion String
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

    KeyVersionSpecAlgorithm, KeyVersionSpecAlgorithmArgs

    SignHashAlgorithmUnspecified
    SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
    RsaPss2048Sha256
    RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RsaPss3072Sha256
    RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RsaPss4096Sha256
    RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RsaPkcs12048Sha256
    RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RsaPkcs13072Sha256
    RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RsaPkcs14096Sha256
    RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    EcP256Sha256
    EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EcP384Sha384
    EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    KeyVersionSpecAlgorithmSignHashAlgorithmUnspecified
    SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
    KeyVersionSpecAlgorithmRsaPss2048Sha256
    RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    KeyVersionSpecAlgorithmRsaPss3072Sha256
    RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    KeyVersionSpecAlgorithmRsaPss4096Sha256
    RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    KeyVersionSpecAlgorithmRsaPkcs12048Sha256
    RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    KeyVersionSpecAlgorithmRsaPkcs13072Sha256
    RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    KeyVersionSpecAlgorithmRsaPkcs14096Sha256
    RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    KeyVersionSpecAlgorithmEcP256Sha256
    EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    KeyVersionSpecAlgorithmEcP384Sha384
    EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    SignHashAlgorithmUnspecified
    SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
    RsaPss2048Sha256
    RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RsaPss3072Sha256
    RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RsaPss4096Sha256
    RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RsaPkcs12048Sha256
    RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RsaPkcs13072Sha256
    RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RsaPkcs14096Sha256
    RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    EcP256Sha256
    EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EcP384Sha384
    EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    SignHashAlgorithmUnspecified
    SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
    RsaPss2048Sha256
    RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RsaPss3072Sha256
    RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RsaPss4096Sha256
    RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RsaPkcs12048Sha256
    RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RsaPkcs13072Sha256
    RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RsaPkcs14096Sha256
    RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    EcP256Sha256
    EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EcP384Sha384
    EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    SIGN_HASH_ALGORITHM_UNSPECIFIED
    SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
    RSA_PSS2048_SHA256
    RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS3072_SHA256
    RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS4096_SHA256
    RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PKCS12048_SHA256
    RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS13072_SHA256
    RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS14096_SHA256
    RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    EC_P256_SHA256
    EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P384_SHA384
    EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    "SIGN_HASH_ALGORITHM_UNSPECIFIED"
    SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
    "RSA_PSS_2048_SHA256"
    RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    "RSA_PSS_3072_SHA256"
    RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    "RSA_PSS_4096_SHA256"
    RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    "RSA_PKCS1_2048_SHA256"
    RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    "RSA_PKCS1_3072_SHA256"
    RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    "RSA_PKCS1_4096_SHA256"
    RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    "EC_P256_SHA256"
    EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    "EC_P384_SHA384"
    EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384

    KeyVersionSpecResponse, KeyVersionSpecResponseArgs

    Algorithm string
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    CloudKmsKeyVersion string
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
    Algorithm string
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    CloudKmsKeyVersion string
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
    algorithm String
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    cloudKmsKeyVersion String
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
    algorithm string
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    cloudKmsKeyVersion string
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
    algorithm str
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    cloud_kms_key_version str
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
    algorithm String
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
    cloudKmsKeyVersion String
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

    NameConstraints, NameConstraintsArgs

    Critical bool
    Indicates whether or not the name constraints are marked critical.
    ExcludedDnsNames List<string>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    ExcludedEmailAddresses List<string>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    ExcludedIpRanges List<string>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    ExcludedUris List<string>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    PermittedDnsNames List<string>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    PermittedEmailAddresses List<string>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    PermittedIpRanges List<string>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    PermittedUris List<string>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    Critical bool
    Indicates whether or not the name constraints are marked critical.
    ExcludedDnsNames []string
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    ExcludedEmailAddresses []string
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    ExcludedIpRanges []string
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    ExcludedUris []string
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    PermittedDnsNames []string
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    PermittedEmailAddresses []string
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    PermittedIpRanges []string
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    PermittedUris []string
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical Boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames List<String>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses List<String>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges List<String>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris List<String>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames List<String>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses List<String>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges List<String>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris List<String>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames string[]
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses string[]
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges string[]
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris string[]
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames string[]
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses string[]
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges string[]
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris string[]
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical bool
    Indicates whether or not the name constraints are marked critical.
    excluded_dns_names Sequence[str]
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excluded_email_addresses Sequence[str]
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excluded_ip_ranges Sequence[str]
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excluded_uris Sequence[str]
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permitted_dns_names Sequence[str]
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permitted_email_addresses Sequence[str]
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permitted_ip_ranges Sequence[str]
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permitted_uris Sequence[str]
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical Boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames List<String>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses List<String>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges List<String>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris List<String>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames List<String>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses List<String>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges List<String>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris List<String>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    NameConstraintsResponse, NameConstraintsResponseArgs

    Critical bool
    Indicates whether or not the name constraints are marked critical.
    ExcludedDnsNames List<string>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    ExcludedEmailAddresses List<string>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    ExcludedIpRanges List<string>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    ExcludedUris List<string>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    PermittedDnsNames List<string>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    PermittedEmailAddresses List<string>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    PermittedIpRanges List<string>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    PermittedUris List<string>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    Critical bool
    Indicates whether or not the name constraints are marked critical.
    ExcludedDnsNames []string
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    ExcludedEmailAddresses []string
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    ExcludedIpRanges []string
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    ExcludedUris []string
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    PermittedDnsNames []string
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    PermittedEmailAddresses []string
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    PermittedIpRanges []string
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    PermittedUris []string
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical Boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames List<String>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses List<String>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges List<String>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris List<String>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames List<String>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses List<String>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges List<String>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris List<String>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames string[]
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses string[]
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges string[]
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris string[]
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames string[]
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses string[]
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges string[]
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris string[]
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical bool
    Indicates whether or not the name constraints are marked critical.
    excluded_dns_names Sequence[str]
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excluded_email_addresses Sequence[str]
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excluded_ip_ranges Sequence[str]
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excluded_uris Sequence[str]
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permitted_dns_names Sequence[str]
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permitted_email_addresses Sequence[str]
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permitted_ip_ranges Sequence[str]
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permitted_uris Sequence[str]
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical Boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames List<String>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses List<String>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges List<String>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris List<String>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames List<String>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses List<String>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges List<String>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris List<String>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    ObjectId, ObjectIdArgs

    ObjectIdPath List<int>
    The parts of an OID path. The most significant parts of the path come first.
    ObjectIdPath []int
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath List<Integer>
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath number[]
    The parts of an OID path. The most significant parts of the path come first.
    object_id_path Sequence[int]
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath List<Number>
    The parts of an OID path. The most significant parts of the path come first.

    ObjectIdResponse, ObjectIdResponseArgs

    ObjectIdPath List<int>
    The parts of an OID path. The most significant parts of the path come first.
    ObjectIdPath []int
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath List<Integer>
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath number[]
    The parts of an OID path. The most significant parts of the path come first.
    object_id_path Sequence[int]
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath List<Number>
    The parts of an OID path. The most significant parts of the path come first.

    PublicKey, PublicKeyArgs

    Format Pulumi.GoogleNative.Privateca.V1.PublicKeyFormat
    The format of the public key.
    Key string
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
    Format PublicKeyFormat
    The format of the public key.
    Key string
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
    format PublicKeyFormat
    The format of the public key.
    key String
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
    format PublicKeyFormat
    The format of the public key.
    key string
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
    format PublicKeyFormat
    The format of the public key.
    key str
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
    format "KEY_FORMAT_UNSPECIFIED" | "PEM"
    The format of the public key.
    key String
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

    PublicKeyFormat, PublicKeyFormatArgs

    KeyFormatUnspecified
    KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
    Pem
    PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
    PublicKeyFormatKeyFormatUnspecified
    KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
    PublicKeyFormatPem
    PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
    KeyFormatUnspecified
    KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
    Pem
    PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
    KeyFormatUnspecified
    KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
    Pem
    PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
    KEY_FORMAT_UNSPECIFIED
    KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
    PEM
    PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
    "KEY_FORMAT_UNSPECIFIED"
    KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
    "PEM"
    PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

    PublicKeyResponse, PublicKeyResponseArgs

    Format string
    The format of the public key.
    Key string
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
    Format string
    The format of the public key.
    Key string
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
    format String
    The format of the public key.
    key String
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
    format string
    The format of the public key.
    key string
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
    format str
    The format of the public key.
    key str
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
    format String
    The format of the public key.
    key String
    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

    Subject, SubjectArgs

    CommonName string
    The "common name" of the subject.
    CountryCode string
    The country code of the subject.
    Locality string
    The locality or city of the subject.
    Organization string
    The organization of the subject.
    OrganizationalUnit string
    The organizational_unit of the subject.
    PostalCode string
    The postal code of the subject.
    Province string
    The province, territory, or regional state of the subject.
    StreetAddress string
    The street address of the subject.
    CommonName string
    The "common name" of the subject.
    CountryCode string
    The country code of the subject.
    Locality string
    The locality or city of the subject.
    Organization string
    The organization of the subject.
    OrganizationalUnit string
    The organizational_unit of the subject.
    PostalCode string
    The postal code of the subject.
    Province string
    The province, territory, or regional state of the subject.
    StreetAddress string
    The street address of the subject.
    commonName String
    The "common name" of the subject.
    countryCode String
    The country code of the subject.
    locality String
    The locality or city of the subject.
    organization String
    The organization of the subject.
    organizationalUnit String
    The organizational_unit of the subject.
    postalCode String
    The postal code of the subject.
    province String
    The province, territory, or regional state of the subject.
    streetAddress String
    The street address of the subject.
    commonName string
    The "common name" of the subject.
    countryCode string
    The country code of the subject.
    locality string
    The locality or city of the subject.
    organization string
    The organization of the subject.
    organizationalUnit string
    The organizational_unit of the subject.
    postalCode string
    The postal code of the subject.
    province string
    The province, territory, or regional state of the subject.
    streetAddress string
    The street address of the subject.
    common_name str
    The "common name" of the subject.
    country_code str
    The country code of the subject.
    locality str
    The locality or city of the subject.
    organization str
    The organization of the subject.
    organizational_unit str
    The organizational_unit of the subject.
    postal_code str
    The postal code of the subject.
    province str
    The province, territory, or regional state of the subject.
    street_address str
    The street address of the subject.
    commonName String
    The "common name" of the subject.
    countryCode String
    The country code of the subject.
    locality String
    The locality or city of the subject.
    organization String
    The organization of the subject.
    organizationalUnit String
    The organizational_unit of the subject.
    postalCode String
    The postal code of the subject.
    province String
    The province, territory, or regional state of the subject.
    streetAddress String
    The street address of the subject.

    SubjectAltNames, SubjectAltNamesArgs

    CustomSans List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509Extension>
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    DnsNames List<string>
    Contains only valid, fully-qualified host names.
    EmailAddresses List<string>
    Contains only valid RFC 2822 E-mail addresses.
    IpAddresses List<string>
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    Uris List<string>
    Contains only valid RFC 3986 URIs.
    CustomSans []X509Extension
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    DnsNames []string
    Contains only valid, fully-qualified host names.
    EmailAddresses []string
    Contains only valid RFC 2822 E-mail addresses.
    IpAddresses []string
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    Uris []string
    Contains only valid RFC 3986 URIs.
    customSans List<X509Extension>
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    dnsNames List<String>
    Contains only valid, fully-qualified host names.
    emailAddresses List<String>
    Contains only valid RFC 2822 E-mail addresses.
    ipAddresses List<String>
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris List<String>
    Contains only valid RFC 3986 URIs.
    customSans X509Extension[]
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    dnsNames string[]
    Contains only valid, fully-qualified host names.
    emailAddresses string[]
    Contains only valid RFC 2822 E-mail addresses.
    ipAddresses string[]
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris string[]
    Contains only valid RFC 3986 URIs.
    custom_sans Sequence[X509Extension]
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    dns_names Sequence[str]
    Contains only valid, fully-qualified host names.
    email_addresses Sequence[str]
    Contains only valid RFC 2822 E-mail addresses.
    ip_addresses Sequence[str]
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris Sequence[str]
    Contains only valid RFC 3986 URIs.
    customSans List<Property Map>
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    dnsNames List<String>
    Contains only valid, fully-qualified host names.
    emailAddresses List<String>
    Contains only valid RFC 2822 E-mail addresses.
    ipAddresses List<String>
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris List<String>
    Contains only valid RFC 3986 URIs.

    SubjectAltNamesResponse, SubjectAltNamesResponseArgs

    CustomSans List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    DnsNames List<string>
    Contains only valid, fully-qualified host names.
    EmailAddresses List<string>
    Contains only valid RFC 2822 E-mail addresses.
    IpAddresses List<string>
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    Uris List<string>
    Contains only valid RFC 3986 URIs.
    CustomSans []X509ExtensionResponse
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    DnsNames []string
    Contains only valid, fully-qualified host names.
    EmailAddresses []string
    Contains only valid RFC 2822 E-mail addresses.
    IpAddresses []string
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    Uris []string
    Contains only valid RFC 3986 URIs.
    customSans List<X509ExtensionResponse>
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    dnsNames List<String>
    Contains only valid, fully-qualified host names.
    emailAddresses List<String>
    Contains only valid RFC 2822 E-mail addresses.
    ipAddresses List<String>
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris List<String>
    Contains only valid RFC 3986 URIs.
    customSans X509ExtensionResponse[]
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    dnsNames string[]
    Contains only valid, fully-qualified host names.
    emailAddresses string[]
    Contains only valid RFC 2822 E-mail addresses.
    ipAddresses string[]
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris string[]
    Contains only valid RFC 3986 URIs.
    custom_sans Sequence[X509ExtensionResponse]
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    dns_names Sequence[str]
    Contains only valid, fully-qualified host names.
    email_addresses Sequence[str]
    Contains only valid RFC 2822 E-mail addresses.
    ip_addresses Sequence[str]
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris Sequence[str]
    Contains only valid RFC 3986 URIs.
    customSans List<Property Map>
    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
    dnsNames List<String>
    Contains only valid, fully-qualified host names.
    emailAddresses List<String>
    Contains only valid RFC 2822 E-mail addresses.
    ipAddresses List<String>
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris List<String>
    Contains only valid RFC 3986 URIs.

    SubjectConfig, SubjectConfigArgs

    Subject Pulumi.GoogleNative.Privateca.V1.Inputs.Subject
    Optional. Contains distinguished name fields such as the common name, location and organization.
    SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNames
    Optional. The subject alternative name fields.
    Subject Subject
    Optional. Contains distinguished name fields such as the common name, location and organization.
    SubjectAltName SubjectAltNames
    Optional. The subject alternative name fields.
    subject Subject
    Optional. Contains distinguished name fields such as the common name, location and organization.
    subjectAltName SubjectAltNames
    Optional. The subject alternative name fields.
    subject Subject
    Optional. Contains distinguished name fields such as the common name, location and organization.
    subjectAltName SubjectAltNames
    Optional. The subject alternative name fields.
    subject Subject
    Optional. Contains distinguished name fields such as the common name, location and organization.
    subject_alt_name SubjectAltNames
    Optional. The subject alternative name fields.
    subject Property Map
    Optional. Contains distinguished name fields such as the common name, location and organization.
    subjectAltName Property Map
    Optional. The subject alternative name fields.

    SubjectConfigResponse, SubjectConfigResponseArgs

    Subject Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectResponse
    Optional. Contains distinguished name fields such as the common name, location and organization.
    SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNamesResponse
    Optional. The subject alternative name fields.
    Subject SubjectResponse
    Optional. Contains distinguished name fields such as the common name, location and organization.
    SubjectAltName SubjectAltNamesResponse
    Optional. The subject alternative name fields.
    subject SubjectResponse
    Optional. Contains distinguished name fields such as the common name, location and organization.
    subjectAltName SubjectAltNamesResponse
    Optional. The subject alternative name fields.
    subject SubjectResponse
    Optional. Contains distinguished name fields such as the common name, location and organization.
    subjectAltName SubjectAltNamesResponse
    Optional. The subject alternative name fields.
    subject SubjectResponse
    Optional. Contains distinguished name fields such as the common name, location and organization.
    subject_alt_name SubjectAltNamesResponse
    Optional. The subject alternative name fields.
    subject Property Map
    Optional. Contains distinguished name fields such as the common name, location and organization.
    subjectAltName Property Map
    Optional. The subject alternative name fields.

    SubjectDescriptionResponse, SubjectDescriptionResponseArgs

    HexSerialNumber string
    The serial number encoded in lowercase hexadecimal.
    Lifetime string
    For convenience, the actual lifetime of an issued certificate.
    NotAfterTime string
    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
    NotBeforeTime string
    The time at which the certificate becomes valid.
    Subject Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectResponse
    Contains distinguished name fields such as the common name, location and / organization.
    SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNamesResponse
    The subject alternative name fields.
    HexSerialNumber string
    The serial number encoded in lowercase hexadecimal.
    Lifetime string
    For convenience, the actual lifetime of an issued certificate.
    NotAfterTime string
    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
    NotBeforeTime string
    The time at which the certificate becomes valid.
    Subject SubjectResponse
    Contains distinguished name fields such as the common name, location and / organization.
    SubjectAltName SubjectAltNamesResponse
    The subject alternative name fields.
    hexSerialNumber String
    The serial number encoded in lowercase hexadecimal.
    lifetime String
    For convenience, the actual lifetime of an issued certificate.
    notAfterTime String
    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
    notBeforeTime String
    The time at which the certificate becomes valid.
    subject SubjectResponse
    Contains distinguished name fields such as the common name, location and / organization.
    subjectAltName SubjectAltNamesResponse
    The subject alternative name fields.
    hexSerialNumber string
    The serial number encoded in lowercase hexadecimal.
    lifetime string
    For convenience, the actual lifetime of an issued certificate.
    notAfterTime string
    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
    notBeforeTime string
    The time at which the certificate becomes valid.
    subject SubjectResponse
    Contains distinguished name fields such as the common name, location and / organization.
    subjectAltName SubjectAltNamesResponse
    The subject alternative name fields.
    hex_serial_number str
    The serial number encoded in lowercase hexadecimal.
    lifetime str
    For convenience, the actual lifetime of an issued certificate.
    not_after_time str
    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
    not_before_time str
    The time at which the certificate becomes valid.
    subject SubjectResponse
    Contains distinguished name fields such as the common name, location and / organization.
    subject_alt_name SubjectAltNamesResponse
    The subject alternative name fields.
    hexSerialNumber String
    The serial number encoded in lowercase hexadecimal.
    lifetime String
    For convenience, the actual lifetime of an issued certificate.
    notAfterTime String
    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
    notBeforeTime String
    The time at which the certificate becomes valid.
    subject Property Map
    Contains distinguished name fields such as the common name, location and / organization.
    subjectAltName Property Map
    The subject alternative name fields.

    SubjectResponse, SubjectResponseArgs

    CommonName string
    The "common name" of the subject.
    CountryCode string
    The country code of the subject.
    Locality string
    The locality or city of the subject.
    Organization string
    The organization of the subject.
    OrganizationalUnit string
    The organizational_unit of the subject.
    PostalCode string
    The postal code of the subject.
    Province string
    The province, territory, or regional state of the subject.
    StreetAddress string
    The street address of the subject.
    CommonName string
    The "common name" of the subject.
    CountryCode string
    The country code of the subject.
    Locality string
    The locality or city of the subject.
    Organization string
    The organization of the subject.
    OrganizationalUnit string
    The organizational_unit of the subject.
    PostalCode string
    The postal code of the subject.
    Province string
    The province, territory, or regional state of the subject.
    StreetAddress string
    The street address of the subject.
    commonName String
    The "common name" of the subject.
    countryCode String
    The country code of the subject.
    locality String
    The locality or city of the subject.
    organization String
    The organization of the subject.
    organizationalUnit String
    The organizational_unit of the subject.
    postalCode String
    The postal code of the subject.
    province String
    The province, territory, or regional state of the subject.
    streetAddress String
    The street address of the subject.
    commonName string
    The "common name" of the subject.
    countryCode string
    The country code of the subject.
    locality string
    The locality or city of the subject.
    organization string
    The organization of the subject.
    organizationalUnit string
    The organizational_unit of the subject.
    postalCode string
    The postal code of the subject.
    province string
    The province, territory, or regional state of the subject.
    streetAddress string
    The street address of the subject.
    common_name str
    The "common name" of the subject.
    country_code str
    The country code of the subject.
    locality str
    The locality or city of the subject.
    organization str
    The organization of the subject.
    organizational_unit str
    The organizational_unit of the subject.
    postal_code str
    The postal code of the subject.
    province str
    The province, territory, or regional state of the subject.
    street_address str
    The street address of the subject.
    commonName String
    The "common name" of the subject.
    countryCode String
    The country code of the subject.
    locality String
    The locality or city of the subject.
    organization String
    The organization of the subject.
    organizationalUnit String
    The organizational_unit of the subject.
    postalCode String
    The postal code of the subject.
    province String
    The province, territory, or regional state of the subject.
    streetAddress String
    The street address of the subject.

    SubordinateConfig, SubordinateConfigArgs

    CertificateAuthority string
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    PemIssuerChain Pulumi.GoogleNative.Privateca.V1.Inputs.SubordinateConfigChain
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    CertificateAuthority string
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    PemIssuerChain SubordinateConfigChain
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificateAuthority String
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pemIssuerChain SubordinateConfigChain
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificateAuthority string
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pemIssuerChain SubordinateConfigChain
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificate_authority str
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pem_issuer_chain SubordinateConfigChain
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificateAuthority String
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pemIssuerChain Property Map
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

    SubordinateConfigChain, SubordinateConfigChainArgs

    PemCertificates List<string>
    Expected to be in leaf-to-root order according to RFC 5246.
    PemCertificates []string
    Expected to be in leaf-to-root order according to RFC 5246.
    pemCertificates List<String>
    Expected to be in leaf-to-root order according to RFC 5246.
    pemCertificates string[]
    Expected to be in leaf-to-root order according to RFC 5246.
    pem_certificates Sequence[str]
    Expected to be in leaf-to-root order according to RFC 5246.
    pemCertificates List<String>
    Expected to be in leaf-to-root order according to RFC 5246.

    SubordinateConfigChainResponse, SubordinateConfigChainResponseArgs

    PemCertificates List<string>
    Expected to be in leaf-to-root order according to RFC 5246.
    PemCertificates []string
    Expected to be in leaf-to-root order according to RFC 5246.
    pemCertificates List<String>
    Expected to be in leaf-to-root order according to RFC 5246.
    pemCertificates string[]
    Expected to be in leaf-to-root order according to RFC 5246.
    pem_certificates Sequence[str]
    Expected to be in leaf-to-root order according to RFC 5246.
    pemCertificates List<String>
    Expected to be in leaf-to-root order according to RFC 5246.

    SubordinateConfigResponse, SubordinateConfigResponseArgs

    CertificateAuthority string
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    PemIssuerChain Pulumi.GoogleNative.Privateca.V1.Inputs.SubordinateConfigChainResponse
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    CertificateAuthority string
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    PemIssuerChain SubordinateConfigChainResponse
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificateAuthority String
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pemIssuerChain SubordinateConfigChainResponse
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificateAuthority string
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pemIssuerChain SubordinateConfigChainResponse
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificate_authority str
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pem_issuer_chain SubordinateConfigChainResponse
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificateAuthority String
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
    pemIssuerChain Property Map
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

    X509Extension, X509ExtensionArgs

    ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId
    The OID for this X.509 extension.
    Value string
    The value of this X.509 extension.
    Critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    ObjectId ObjectId
    The OID for this X.509 extension.
    Value string
    The value of this X.509 extension.
    Critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId ObjectId
    The OID for this X.509 extension.
    value String
    The value of this X.509 extension.
    critical Boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId ObjectId
    The OID for this X.509 extension.
    value string
    The value of this X.509 extension.
    critical boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    object_id ObjectId
    The OID for this X.509 extension.
    value str
    The value of this X.509 extension.
    critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId Property Map
    The OID for this X.509 extension.
    value String
    The value of this X.509 extension.
    critical Boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    X509ExtensionResponse, X509ExtensionResponseArgs

    Critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse
    The OID for this X.509 extension.
    Value string
    The value of this X.509 extension.
    Critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    ObjectId ObjectIdResponse
    The OID for this X.509 extension.
    Value string
    The value of this X.509 extension.
    critical Boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId ObjectIdResponse
    The OID for this X.509 extension.
    value String
    The value of this X.509 extension.
    critical boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId ObjectIdResponse
    The OID for this X.509 extension.
    value string
    The value of this X.509 extension.
    critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    object_id ObjectIdResponse
    The OID for this X.509 extension.
    value str
    The value of this X.509 extension.
    critical Boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId Property Map
    The OID for this X.509 extension.
    value String
    The value of this X.509 extension.

    X509Parameters, X509ParametersArgs

    AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509Extension>
    Optional. Describes custom X.509 extensions.
    AiaOcspServers List<string>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate.
    NameConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.NameConstraints
    Optional. Describes the X.509 name constraints extension.
    PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    AdditionalExtensions []X509Extension
    Optional. Describes custom X.509 extensions.
    AiaOcspServers []string
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions CaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    KeyUsage KeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate.
    NameConstraints NameConstraints
    Optional. Describes the X.509 name constraints extension.
    PolicyIds []ObjectId
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions List<X509Extension>
    Optional. Describes custom X.509 extensions.
    aiaOcspServers List<String>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions CaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage KeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints NameConstraints
    Optional. Describes the X.509 name constraints extension.
    policyIds List<ObjectId>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions X509Extension[]
    Optional. Describes custom X.509 extensions.
    aiaOcspServers string[]
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions CaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage KeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints NameConstraints
    Optional. Describes the X.509 name constraints extension.
    policyIds ObjectId[]
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additional_extensions Sequence[X509Extension]
    Optional. Describes custom X.509 extensions.
    aia_ocsp_servers Sequence[str]
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    ca_options CaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    key_usage KeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate.
    name_constraints NameConstraints
    Optional. Describes the X.509 name constraints extension.
    policy_ids Sequence[ObjectId]
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions List<Property Map>
    Optional. Describes custom X.509 extensions.
    aiaOcspServers List<String>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions Property Map
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage Property Map
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints Property Map
    Optional. Describes the X.509 name constraints extension.
    policyIds List<Property Map>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    X509ParametersResponse, X509ParametersResponseArgs

    AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>
    Optional. Describes custom X.509 extensions.
    AiaOcspServers List<string>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptionsResponse
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageResponse
    Optional. Indicates the intended use for keys that correspond to a certificate.
    NameConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.NameConstraintsResponse
    Optional. Describes the X.509 name constraints extension.
    PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    AdditionalExtensions []X509ExtensionResponse
    Optional. Describes custom X.509 extensions.
    AiaOcspServers []string
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions CaOptionsResponse
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    KeyUsage KeyUsageResponse
    Optional. Indicates the intended use for keys that correspond to a certificate.
    NameConstraints NameConstraintsResponse
    Optional. Describes the X.509 name constraints extension.
    PolicyIds []ObjectIdResponse
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions List<X509ExtensionResponse>
    Optional. Describes custom X.509 extensions.
    aiaOcspServers List<String>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions CaOptionsResponse
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage KeyUsageResponse
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints NameConstraintsResponse
    Optional. Describes the X.509 name constraints extension.
    policyIds List<ObjectIdResponse>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions X509ExtensionResponse[]
    Optional. Describes custom X.509 extensions.
    aiaOcspServers string[]
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions CaOptionsResponse
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage KeyUsageResponse
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints NameConstraintsResponse
    Optional. Describes the X.509 name constraints extension.
    policyIds ObjectIdResponse[]
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additional_extensions Sequence[X509ExtensionResponse]
    Optional. Describes custom X.509 extensions.
    aia_ocsp_servers Sequence[str]
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    ca_options CaOptionsResponse
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    key_usage KeyUsageResponse
    Optional. Indicates the intended use for keys that correspond to a certificate.
    name_constraints NameConstraintsResponse
    Optional. Describes the X.509 name constraints extension.
    policy_ids Sequence[ObjectIdResponse]
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions List<Property Map>
    Optional. Describes custom X.509 extensions.
    aiaOcspServers List<String>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions Property Map
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage Property Map
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints Property Map
    Optional. Describes the X.509 name constraints extension.
    policyIds List<Property Map>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi