Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.privateca/v1.CertificateTemplate
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Create a new CertificateTemplate in a given Project and Location. Auto-naming is currently not supported for this resource.
Create CertificateTemplate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CertificateTemplate(name: string, args: CertificateTemplateArgs, opts?: CustomResourceOptions);
@overload
def CertificateTemplate(resource_name: str,
args: CertificateTemplateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CertificateTemplate(resource_name: str,
opts: Optional[ResourceOptions] = None,
certificate_template_id: Optional[str] = None,
description: Optional[str] = None,
identity_constraints: Optional[CertificateIdentityConstraintsArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
maximum_lifetime: Optional[str] = None,
passthrough_extensions: Optional[CertificateExtensionConstraintsArgs] = None,
predefined_values: Optional[X509ParametersArgs] = None,
project: Optional[str] = None,
request_id: Optional[str] = None)
func NewCertificateTemplate(ctx *Context, name string, args CertificateTemplateArgs, opts ...ResourceOption) (*CertificateTemplate, error)
public CertificateTemplate(string name, CertificateTemplateArgs args, CustomResourceOptions? opts = null)
public CertificateTemplate(String name, CertificateTemplateArgs args)
public CertificateTemplate(String name, CertificateTemplateArgs args, CustomResourceOptions options)
type: google-native:privateca/v1:CertificateTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var certificateTemplateResource = new GoogleNative.Privateca.V1.CertificateTemplate("certificateTemplateResource", new()
{
CertificateTemplateId = "string",
Description = "string",
IdentityConstraints = new GoogleNative.Privateca.V1.Inputs.CertificateIdentityConstraintsArgs
{
AllowSubjectAltNamesPassthrough = false,
AllowSubjectPassthrough = false,
CelExpression = new GoogleNative.Privateca.V1.Inputs.ExprArgs
{
Description = "string",
Expression = "string",
Location = "string",
Title = "string",
},
},
Labels =
{
{ "string", "string" },
},
Location = "string",
MaximumLifetime = "string",
PassthroughExtensions = new GoogleNative.Privateca.V1.Inputs.CertificateExtensionConstraintsArgs
{
AdditionalExtensions = new[]
{
new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
{
ObjectIdPath = new[]
{
0,
},
},
},
KnownExtensions = new[]
{
GoogleNative.Privateca.V1.CertificateExtensionConstraintsKnownExtensionsItem.KnownCertificateExtensionUnspecified,
},
},
PredefinedValues = new GoogleNative.Privateca.V1.Inputs.X509ParametersArgs
{
AdditionalExtensions = new[]
{
new GoogleNative.Privateca.V1.Inputs.X509ExtensionArgs
{
ObjectId = new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
{
ObjectIdPath = new[]
{
0,
},
},
Value = "string",
Critical = false,
},
},
AiaOcspServers = new[]
{
"string",
},
CaOptions = new GoogleNative.Privateca.V1.Inputs.CaOptionsArgs
{
IsCa = false,
MaxIssuerPathLength = 0,
},
KeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageArgs
{
BaseKeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsArgs
{
CertSign = false,
ContentCommitment = false,
CrlSign = false,
DataEncipherment = false,
DecipherOnly = false,
DigitalSignature = false,
EncipherOnly = false,
KeyAgreement = false,
KeyEncipherment = false,
},
ExtendedKeyUsage = new GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsArgs
{
ClientAuth = false,
CodeSigning = false,
EmailProtection = false,
OcspSigning = false,
ServerAuth = false,
TimeStamping = false,
},
UnknownExtendedKeyUsages = new[]
{
new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
{
ObjectIdPath = new[]
{
0,
},
},
},
},
NameConstraints = new GoogleNative.Privateca.V1.Inputs.NameConstraintsArgs
{
Critical = false,
ExcludedDnsNames = new[]
{
"string",
},
ExcludedEmailAddresses = new[]
{
"string",
},
ExcludedIpRanges = new[]
{
"string",
},
ExcludedUris = new[]
{
"string",
},
PermittedDnsNames = new[]
{
"string",
},
PermittedEmailAddresses = new[]
{
"string",
},
PermittedIpRanges = new[]
{
"string",
},
PermittedUris = new[]
{
"string",
},
},
PolicyIds = new[]
{
new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
{
ObjectIdPath = new[]
{
0,
},
},
},
},
Project = "string",
RequestId = "string",
});
example, err := privateca.NewCertificateTemplate(ctx, "certificateTemplateResource", &privateca.CertificateTemplateArgs{
CertificateTemplateId: pulumi.String("string"),
Description: pulumi.String("string"),
IdentityConstraints: &privateca.CertificateIdentityConstraintsArgs{
AllowSubjectAltNamesPassthrough: pulumi.Bool(false),
AllowSubjectPassthrough: pulumi.Bool(false),
CelExpression: &privateca.ExprArgs{
Description: pulumi.String("string"),
Expression: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
},
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Location: pulumi.String("string"),
MaximumLifetime: pulumi.String("string"),
PassthroughExtensions: &privateca.CertificateExtensionConstraintsArgs{
AdditionalExtensions: privateca.ObjectIdArray{
&privateca.ObjectIdArgs{
ObjectIdPath: pulumi.IntArray{
pulumi.Int(0),
},
},
},
KnownExtensions: privateca.CertificateExtensionConstraintsKnownExtensionsItemArray{
privateca.CertificateExtensionConstraintsKnownExtensionsItemKnownCertificateExtensionUnspecified,
},
},
PredefinedValues: &privateca.X509ParametersArgs{
AdditionalExtensions: privateca.X509ExtensionArray{
&privateca.X509ExtensionArgs{
ObjectId: &privateca.ObjectIdArgs{
ObjectIdPath: pulumi.IntArray{
pulumi.Int(0),
},
},
Value: pulumi.String("string"),
Critical: pulumi.Bool(false),
},
},
AiaOcspServers: pulumi.StringArray{
pulumi.String("string"),
},
CaOptions: &privateca.CaOptionsArgs{
IsCa: pulumi.Bool(false),
MaxIssuerPathLength: pulumi.Int(0),
},
KeyUsage: &privateca.KeyUsageArgs{
BaseKeyUsage: &privateca.KeyUsageOptionsArgs{
CertSign: pulumi.Bool(false),
ContentCommitment: pulumi.Bool(false),
CrlSign: pulumi.Bool(false),
DataEncipherment: pulumi.Bool(false),
DecipherOnly: pulumi.Bool(false),
DigitalSignature: pulumi.Bool(false),
EncipherOnly: pulumi.Bool(false),
KeyAgreement: pulumi.Bool(false),
KeyEncipherment: pulumi.Bool(false),
},
ExtendedKeyUsage: &privateca.ExtendedKeyUsageOptionsArgs{
ClientAuth: pulumi.Bool(false),
CodeSigning: pulumi.Bool(false),
EmailProtection: pulumi.Bool(false),
OcspSigning: pulumi.Bool(false),
ServerAuth: pulumi.Bool(false),
TimeStamping: pulumi.Bool(false),
},
UnknownExtendedKeyUsages: privateca.ObjectIdArray{
&privateca.ObjectIdArgs{
ObjectIdPath: pulumi.IntArray{
pulumi.Int(0),
},
},
},
},
NameConstraints: &privateca.NameConstraintsArgs{
Critical: pulumi.Bool(false),
ExcludedDnsNames: pulumi.StringArray{
pulumi.String("string"),
},
ExcludedEmailAddresses: pulumi.StringArray{
pulumi.String("string"),
},
ExcludedIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
ExcludedUris: pulumi.StringArray{
pulumi.String("string"),
},
PermittedDnsNames: pulumi.StringArray{
pulumi.String("string"),
},
PermittedEmailAddresses: pulumi.StringArray{
pulumi.String("string"),
},
PermittedIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
PermittedUris: pulumi.StringArray{
pulumi.String("string"),
},
},
PolicyIds: privateca.ObjectIdArray{
&privateca.ObjectIdArgs{
ObjectIdPath: pulumi.IntArray{
pulumi.Int(0),
},
},
},
},
Project: pulumi.String("string"),
RequestId: pulumi.String("string"),
})
var certificateTemplateResource = new CertificateTemplate("certificateTemplateResource", CertificateTemplateArgs.builder()
.certificateTemplateId("string")
.description("string")
.identityConstraints(CertificateIdentityConstraintsArgs.builder()
.allowSubjectAltNamesPassthrough(false)
.allowSubjectPassthrough(false)
.celExpression(ExprArgs.builder()
.description("string")
.expression("string")
.location("string")
.title("string")
.build())
.build())
.labels(Map.of("string", "string"))
.location("string")
.maximumLifetime("string")
.passthroughExtensions(CertificateExtensionConstraintsArgs.builder()
.additionalExtensions(ObjectIdArgs.builder()
.objectIdPath(0)
.build())
.knownExtensions("KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED")
.build())
.predefinedValues(X509ParametersArgs.builder()
.additionalExtensions(X509ExtensionArgs.builder()
.objectId(ObjectIdArgs.builder()
.objectIdPath(0)
.build())
.value("string")
.critical(false)
.build())
.aiaOcspServers("string")
.caOptions(CaOptionsArgs.builder()
.isCa(false)
.maxIssuerPathLength(0)
.build())
.keyUsage(KeyUsageArgs.builder()
.baseKeyUsage(KeyUsageOptionsArgs.builder()
.certSign(false)
.contentCommitment(false)
.crlSign(false)
.dataEncipherment(false)
.decipherOnly(false)
.digitalSignature(false)
.encipherOnly(false)
.keyAgreement(false)
.keyEncipherment(false)
.build())
.extendedKeyUsage(ExtendedKeyUsageOptionsArgs.builder()
.clientAuth(false)
.codeSigning(false)
.emailProtection(false)
.ocspSigning(false)
.serverAuth(false)
.timeStamping(false)
.build())
.unknownExtendedKeyUsages(ObjectIdArgs.builder()
.objectIdPath(0)
.build())
.build())
.nameConstraints(NameConstraintsArgs.builder()
.critical(false)
.excludedDnsNames("string")
.excludedEmailAddresses("string")
.excludedIpRanges("string")
.excludedUris("string")
.permittedDnsNames("string")
.permittedEmailAddresses("string")
.permittedIpRanges("string")
.permittedUris("string")
.build())
.policyIds(ObjectIdArgs.builder()
.objectIdPath(0)
.build())
.build())
.project("string")
.requestId("string")
.build());
certificate_template_resource = google_native.privateca.v1.CertificateTemplate("certificateTemplateResource",
certificate_template_id="string",
description="string",
identity_constraints={
"allow_subject_alt_names_passthrough": False,
"allow_subject_passthrough": False,
"cel_expression": {
"description": "string",
"expression": "string",
"location": "string",
"title": "string",
},
},
labels={
"string": "string",
},
location="string",
maximum_lifetime="string",
passthrough_extensions={
"additional_extensions": [{
"object_id_path": [0],
}],
"known_extensions": [google_native.privateca.v1.CertificateExtensionConstraintsKnownExtensionsItem.KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED],
},
predefined_values={
"additional_extensions": [{
"object_id": {
"object_id_path": [0],
},
"value": "string",
"critical": False,
}],
"aia_ocsp_servers": ["string"],
"ca_options": {
"is_ca": False,
"max_issuer_path_length": 0,
},
"key_usage": {
"base_key_usage": {
"cert_sign": False,
"content_commitment": False,
"crl_sign": False,
"data_encipherment": False,
"decipher_only": False,
"digital_signature": False,
"encipher_only": False,
"key_agreement": False,
"key_encipherment": False,
},
"extended_key_usage": {
"client_auth": False,
"code_signing": False,
"email_protection": False,
"ocsp_signing": False,
"server_auth": False,
"time_stamping": False,
},
"unknown_extended_key_usages": [{
"object_id_path": [0],
}],
},
"name_constraints": {
"critical": False,
"excluded_dns_names": ["string"],
"excluded_email_addresses": ["string"],
"excluded_ip_ranges": ["string"],
"excluded_uris": ["string"],
"permitted_dns_names": ["string"],
"permitted_email_addresses": ["string"],
"permitted_ip_ranges": ["string"],
"permitted_uris": ["string"],
},
"policy_ids": [{
"object_id_path": [0],
}],
},
project="string",
request_id="string")
const certificateTemplateResource = new google_native.privateca.v1.CertificateTemplate("certificateTemplateResource", {
certificateTemplateId: "string",
description: "string",
identityConstraints: {
allowSubjectAltNamesPassthrough: false,
allowSubjectPassthrough: false,
celExpression: {
description: "string",
expression: "string",
location: "string",
title: "string",
},
},
labels: {
string: "string",
},
location: "string",
maximumLifetime: "string",
passthroughExtensions: {
additionalExtensions: [{
objectIdPath: [0],
}],
knownExtensions: [google_native.privateca.v1.CertificateExtensionConstraintsKnownExtensionsItem.KnownCertificateExtensionUnspecified],
},
predefinedValues: {
additionalExtensions: [{
objectId: {
objectIdPath: [0],
},
value: "string",
critical: false,
}],
aiaOcspServers: ["string"],
caOptions: {
isCa: false,
maxIssuerPathLength: 0,
},
keyUsage: {
baseKeyUsage: {
certSign: false,
contentCommitment: false,
crlSign: false,
dataEncipherment: false,
decipherOnly: false,
digitalSignature: false,
encipherOnly: false,
keyAgreement: false,
keyEncipherment: false,
},
extendedKeyUsage: {
clientAuth: false,
codeSigning: false,
emailProtection: false,
ocspSigning: false,
serverAuth: false,
timeStamping: false,
},
unknownExtendedKeyUsages: [{
objectIdPath: [0],
}],
},
nameConstraints: {
critical: false,
excludedDnsNames: ["string"],
excludedEmailAddresses: ["string"],
excludedIpRanges: ["string"],
excludedUris: ["string"],
permittedDnsNames: ["string"],
permittedEmailAddresses: ["string"],
permittedIpRanges: ["string"],
permittedUris: ["string"],
},
policyIds: [{
objectIdPath: [0],
}],
},
project: "string",
requestId: "string",
});
type: google-native:privateca/v1:CertificateTemplate
properties:
certificateTemplateId: string
description: string
identityConstraints:
allowSubjectAltNamesPassthrough: false
allowSubjectPassthrough: false
celExpression:
description: string
expression: string
location: string
title: string
labels:
string: string
location: string
maximumLifetime: string
passthroughExtensions:
additionalExtensions:
- objectIdPath:
- 0
knownExtensions:
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
predefinedValues:
additionalExtensions:
- critical: false
objectId:
objectIdPath:
- 0
value: string
aiaOcspServers:
- string
caOptions:
isCa: false
maxIssuerPathLength: 0
keyUsage:
baseKeyUsage:
certSign: false
contentCommitment: false
crlSign: false
dataEncipherment: false
decipherOnly: false
digitalSignature: false
encipherOnly: false
keyAgreement: false
keyEncipherment: false
extendedKeyUsage:
clientAuth: false
codeSigning: false
emailProtection: false
ocspSigning: false
serverAuth: false
timeStamping: false
unknownExtendedKeyUsages:
- objectIdPath:
- 0
nameConstraints:
critical: false
excludedDnsNames:
- string
excludedEmailAddresses:
- string
excludedIpRanges:
- string
excludedUris:
- string
permittedDnsNames:
- string
permittedEmailAddresses:
- string
permittedIpRanges:
- string
permittedUris:
- string
policyIds:
- objectIdPath:
- 0
project: string
requestId: string
CertificateTemplate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CertificateTemplate resource accepts the following input properties:
- Certificate
Template stringId - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- Description string
- Optional. A human-readable description of scenarios this template is intended for.
- Identity
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Certificate Identity Constraints - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- Labels Dictionary<string, string>
- Optional. Labels with user-defined metadata.
- Location string
- Maximum
Lifetime string - Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Passthrough
Extensions Pulumi.Google Native. Privateca. V1. Inputs. Certificate Extension Constraints - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- Predefined
Values Pulumi.Google Native. Privateca. V1. Inputs. X509Parameters - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- Project string
- Request
Id string - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- Certificate
Template stringId - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- Description string
- Optional. A human-readable description of scenarios this template is intended for.
- Identity
Constraints CertificateIdentity Constraints Args - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- Labels map[string]string
- Optional. Labels with user-defined metadata.
- Location string
- Maximum
Lifetime string - Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Passthrough
Extensions CertificateExtension Constraints Args - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- Predefined
Values X509ParametersArgs - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- Project string
- Request
Id string - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- certificate
Template StringId - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- description String
- Optional. A human-readable description of scenarios this template is intended for.
- identity
Constraints CertificateIdentity Constraints - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels Map<String,String>
- Optional. Labels with user-defined metadata.
- location String
- maximum
Lifetime String - Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions CertificateExtension Constraints - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined
Values X509Parameters - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project String
- request
Id String - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- certificate
Template stringId - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- description string
- Optional. A human-readable description of scenarios this template is intended for.
- identity
Constraints CertificateIdentity Constraints - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels {[key: string]: string}
- Optional. Labels with user-defined metadata.
- location string
- maximum
Lifetime string - Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions CertificateExtension Constraints - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined
Values X509Parameters - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project string
- request
Id string - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- certificate_
template_ strid - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- description str
- Optional. A human-readable description of scenarios this template is intended for.
- identity_
constraints CertificateIdentity Constraints Args - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels Mapping[str, str]
- Optional. Labels with user-defined metadata.
- location str
- maximum_
lifetime str - Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough_
extensions CertificateExtension Constraints Args - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined_
values X509ParametersArgs - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project str
- request_
id str - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- certificate
Template StringId - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- description String
- Optional. A human-readable description of scenarios this template is intended for.
- identity
Constraints Property Map - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels Map<String>
- Optional. Labels with user-defined metadata.
- location String
- maximum
Lifetime String - Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions Property Map - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined
Values Property Map - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project String
- request
Id String - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
Outputs
All input properties are implicitly available as output properties. Additionally, the CertificateTemplate resource produces the following output properties:
- Create
Time string - The time at which this CertificateTemplate was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - Update
Time string - The time at which this CertificateTemplate was updated.
- Create
Time string - The time at which this CertificateTemplate was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - Update
Time string - The time at which this CertificateTemplate was updated.
- create
Time String - The time at which this CertificateTemplate was created.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - update
Time String - The time at which this CertificateTemplate was updated.
- create
Time string - The time at which this CertificateTemplate was created.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - update
Time string - The time at which this CertificateTemplate was updated.
- create_
time str - The time at which this CertificateTemplate was created.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - update_
time str - The time at which this CertificateTemplate was updated.
- create
Time String - The time at which this CertificateTemplate was created.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
. - update
Time String - The time at which this CertificateTemplate was updated.
Supporting Types
CaOptions, CaOptionsArgs
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CaOptionsResponse, CaOptionsResponseArgs
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CertificateExtensionConstraints, CertificateExtensionConstraintsArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions List<Pulumi.Google Native. Privateca. V1. Certificate Extension Constraints Known Extensions Item> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- Additional
Extensions []ObjectId - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions []CertificateExtension Constraints Known Extensions Item - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<ObjectId> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<CertificateExtension Constraints Known Extensions Item> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions ObjectId[] - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions CertificateExtension Constraints Known Extensions Item[] - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional_
extensions Sequence[ObjectId] - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known_
extensions Sequence[CertificateExtension Constraints Known Extensions Item] - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<Property Map> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<"KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED" | "BASE_KEY_USAGE" | "EXTENDED_KEY_USAGE" | "CA_OPTIONS" | "POLICY_IDS" | "AIA_OCSP_SERVERS" | "NAME_CONSTRAINTS"> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
CertificateExtensionConstraintsKnownExtensionsItem, CertificateExtensionConstraintsKnownExtensionsItemArgs
- Known
Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- Base
Key Usage - BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Extended
Key Usage - EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Ca
Options - CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Policy
Ids - POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Aia
Ocsp Servers - AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Name
Constraints - NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- Certificate
Extension Constraints Known Extensions Item Known Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- Certificate
Extension Constraints Known Extensions Item Base Key Usage - BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Certificate
Extension Constraints Known Extensions Item Extended Key Usage - EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Certificate
Extension Constraints Known Extensions Item Ca Options - CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Certificate
Extension Constraints Known Extensions Item Policy Ids - POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Certificate
Extension Constraints Known Extensions Item Aia Ocsp Servers - AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Certificate
Extension Constraints Known Extensions Item Name Constraints - NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- Known
Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- Base
Key Usage - BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Extended
Key Usage - EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Ca
Options - CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Policy
Ids - POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Aia
Ocsp Servers - AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Name
Constraints - NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- Known
Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- Base
Key Usage - BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Extended
Key Usage - EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Ca
Options - CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Policy
Ids - POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Aia
Ocsp Servers - AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Name
Constraints - NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- BASE_KEY_USAGE
- BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- EXTENDED_KEY_USAGE
- EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- CA_OPTIONS
- CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- POLICY_IDS
- POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- AIA_OCSP_SERVERS
- AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- NAME_CONSTRAINTS
- NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED"
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- "BASE_KEY_USAGE"
- BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- "EXTENDED_KEY_USAGE"
- EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- "CA_OPTIONS"
- CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- "POLICY_IDS"
- POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- "AIA_OCSP_SERVERS"
- AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- "NAME_CONSTRAINTS"
- NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
CertificateExtensionConstraintsResponse, CertificateExtensionConstraintsResponseArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions List<string> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- Additional
Extensions []ObjectId Response - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions []string - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<ObjectId Response> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<String> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions ObjectId Response[] - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions string[] - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional_
extensions Sequence[ObjectId Response] - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known_
extensions Sequence[str] - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<Property Map> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<String> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
CertificateIdentityConstraints, CertificateIdentityConstraintsArgs
- Allow
Subject boolAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression Pulumi.Google Native. Privateca. V1. Inputs. Expr - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- Allow
Subject boolAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression Expr - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Expr - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject booleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject booleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Expr - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow_
subject_ boolalt_ names_ passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow_
subject_ boolpassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel_
expression Expr - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Property Map - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
CertificateIdentityConstraintsResponse, CertificateIdentityConstraintsResponseArgs
- Allow
Subject boolAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression Pulumi.Google Native. Privateca. V1. Inputs. Expr Response - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- Allow
Subject boolAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression ExprResponse - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression ExprResponse - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject booleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject booleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression ExprResponse - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow_
subject_ boolalt_ names_ passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow_
subject_ boolpassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel_
expression ExprResponse - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Property Map - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
Expr, ExprArgs
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ExprResponse, ExprResponseArgs
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ExtendedKeyUsageOptions, ExtendedKeyUsageOptionsArgs
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
ExtendedKeyUsageOptionsResponse, ExtendedKeyUsageOptionsResponseArgs
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
KeyUsage, KeyUsageArgs
- Base
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options - Describes high-level ways in which a key may be used.
- Extended
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options - Detailed scenarios in which a key may be used.
- Unknown
Extended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key KeyUsage Usage Options - Describes high-level ways in which a key may be used.
- Extended
Key ExtendedUsage Key Usage Options - Detailed scenarios in which a key may be used.
- Unknown
Extended []ObjectKey Usages Id - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options - Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options - Detailed scenarios in which a key may be used.
- unknown
Extended List<ObjectKey Usages Id> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options - Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options - Detailed scenarios in which a key may be used.
- unknown
Extended ObjectKey Usages Id[] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ Keyusage Usage Options - Describes high-level ways in which a key may be used.
- extended_
key_ Extendedusage Key Usage Options - Detailed scenarios in which a key may be used.
- unknown_
extended_ Sequence[Objectkey_ usages Id] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Property MapUsage - Describes high-level ways in which a key may be used.
- extended
Key Property MapUsage - Detailed scenarios in which a key may be used.
- unknown
Extended List<Property Map>Key Usages - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
KeyUsageOptions, KeyUsageOptionsArgs
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
- cert
Sign boolean - The key may be used to sign certificates.
- content
Commitment boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean - The key may be used sign certificate revocation lists.
- data
Encipherment boolean - The key may be used to encipher data.
- decipher
Only boolean - The key may be used to decipher only.
- digital
Signature boolean - The key may be used for digital signatures.
- encipher
Only boolean - The key may be used to encipher only.
- key
Agreement boolean - The key may be used in a key agreement protocol.
- key
Encipherment boolean - The key may be used to encipher other keys.
- cert_
sign bool - The key may be used to sign certificates.
- content_
commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool - The key may be used sign certificate revocation lists.
- data_
encipherment bool - The key may be used to encipher data.
- decipher_
only bool - The key may be used to decipher only.
- digital_
signature bool - The key may be used for digital signatures.
- encipher_
only bool - The key may be used to encipher only.
- key_
agreement bool - The key may be used in a key agreement protocol.
- key_
encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
KeyUsageOptionsResponse, KeyUsageOptionsResponseArgs
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
- cert
Sign boolean - The key may be used to sign certificates.
- content
Commitment boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean - The key may be used sign certificate revocation lists.
- data
Encipherment boolean - The key may be used to encipher data.
- decipher
Only boolean - The key may be used to decipher only.
- digital
Signature boolean - The key may be used for digital signatures.
- encipher
Only boolean - The key may be used to encipher only.
- key
Agreement boolean - The key may be used in a key agreement protocol.
- key
Encipherment boolean - The key may be used to encipher other keys.
- cert_
sign bool - The key may be used to sign certificates.
- content_
commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool - The key may be used sign certificate revocation lists.
- data_
encipherment bool - The key may be used to encipher data.
- decipher_
only bool - The key may be used to decipher only.
- digital_
signature bool - The key may be used for digital signatures.
- encipher_
only bool - The key may be used to encipher only.
- key_
agreement bool - The key may be used in a key agreement protocol.
- key_
encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
KeyUsageResponse, KeyUsageResponseArgs
- Base
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options Response - Describes high-level ways in which a key may be used.
- Extended
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options Response - Detailed scenarios in which a key may be used.
- Unknown
Extended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id Response> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key KeyUsage Usage Options Response - Describes high-level ways in which a key may be used.
- Extended
Key ExtendedUsage Key Usage Options Response - Detailed scenarios in which a key may be used.
- Unknown
Extended []ObjectKey Usages Id Response - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Response - Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Response - Detailed scenarios in which a key may be used.
- unknown
Extended List<ObjectKey Usages Id Response> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Response - Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Response - Detailed scenarios in which a key may be used.
- unknown
Extended ObjectKey Usages Id Response[] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ Keyusage Usage Options Response - Describes high-level ways in which a key may be used.
- extended_
key_ Extendedusage Key Usage Options Response - Detailed scenarios in which a key may be used.
- unknown_
extended_ Sequence[Objectkey_ usages Id Response] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Property MapUsage - Describes high-level ways in which a key may be used.
- extended
Key Property MapUsage - Detailed scenarios in which a key may be used.
- unknown
Extended List<Property Map>Key Usages - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
NameConstraints, NameConstraintsArgs
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns List<string>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email List<string>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip List<string>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris List<string> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns List<string>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email List<string>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip List<string>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris List<string> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns []stringNames - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email []stringAddresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip []stringRanges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris []string - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns []stringNames - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email []stringAddresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip []stringRanges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris []string - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns string[]Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email string[]Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip string[]Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris string[] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns string[]Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email string[]Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip string[]Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris string[] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical bool
- Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ Sequence[str]names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded_
email_ Sequence[str]addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded_
ip_ Sequence[str]ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris Sequence[str] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted_
dns_ Sequence[str]names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted_
email_ Sequence[str]addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted_
ip_ Sequence[str]ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris Sequence[str] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
NameConstraintsResponse, NameConstraintsResponseArgs
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns List<string>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email List<string>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip List<string>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris List<string> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns List<string>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email List<string>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip List<string>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris List<string> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns []stringNames - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email []stringAddresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip []stringRanges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris []string - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns []stringNames - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email []stringAddresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip []stringRanges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris []string - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns string[]Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email string[]Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip string[]Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris string[] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns string[]Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email string[]Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip string[]Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris string[] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical bool
- Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ Sequence[str]names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded_
email_ Sequence[str]addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded_
ip_ Sequence[str]ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris Sequence[str] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted_
dns_ Sequence[str]names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted_
email_ Sequence[str]addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted_
ip_ Sequence[str]ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris Sequence[str] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
ObjectId, ObjectIdArgs
- Object
Id List<int>Path - The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPath - The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Path - The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Path - The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]path - The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Path - The parts of an OID path. The most significant parts of the path come first.
ObjectIdResponse, ObjectIdResponseArgs
- Object
Id List<int>Path - The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPath - The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Path - The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Path - The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]path - The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Path - The parts of an OID path. The most significant parts of the path come first.
X509Extension, X509ExtensionArgs
- Object
Id Pulumi.Google Native. Privateca. V1. Inputs. Object Id - The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map - The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
X509ExtensionResponse, X509ExtensionResponseArgs
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response - The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id ObjectId Response - The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id ObjectId Response - The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
- critical boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id ObjectId Response - The OID for this X.509 extension.
- value string
- The value of this X.509 extension.
- critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
id ObjectId Response - The OID for this X.509 extension.
- value str
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map - The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
X509Parameters, X509ParametersArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension> - Optional. Describes custom X.509 extensions.
- Aia
Ocsp List<string>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options Pulumi.Google Native. Privateca. V1. Inputs. Ca Options - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints - Optional. Describes the X.509 name constraints extension.
- Policy
Ids List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []X509Extension - Optional. Describes custom X.509 extensions.
- Aia
Ocsp []stringServers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CaOptions - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage KeyUsage - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints NameConstraints - Optional. Describes the X.509 name constraints extension.
- Policy
Ids []ObjectId - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<X509Extension> - Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints - Optional. Describes the X.509 name constraints extension.
- policy
Ids List<ObjectId> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions X509Extension[] - Optional. Describes custom X.509 extensions.
- aia
Ocsp string[]Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints - Optional. Describes the X.509 name constraints extension.
- policy
Ids ObjectId[] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[X509Extension] - Optional. Describes custom X.509 extensions.
- aia_
ocsp_ Sequence[str]servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CaOptions - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage KeyUsage - Optional. Indicates the intended use for keys that correspond to a certificate.
- name_
constraints NameConstraints - Optional. Describes the X.509 name constraints extension.
- policy_
ids Sequence[ObjectId] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> - Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage Property Map - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints Property Map - Optional. Describes the X.509 name constraints extension.
- policy
Ids List<Property Map> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
X509ParametersResponse, X509ParametersResponseArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> - Optional. Describes custom X.509 extensions.
- Aia
Ocsp List<string>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options Pulumi.Google Native. Privateca. V1. Inputs. Ca Options Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints Response - Optional. Describes the X.509 name constraints extension.
- Policy
Ids List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []X509ExtensionResponse - Optional. Describes custom X.509 extensions.
- Aia
Ocsp []stringServers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- Policy
Ids []ObjectId Response - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<X509ExtensionResponse> - Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy
Ids List<ObjectId Response> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions X509ExtensionResponse[] - Optional. Describes custom X.509 extensions.
- aia
Ocsp string[]Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy
Ids ObjectId Response[] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[X509ExtensionResponse] - Optional. Describes custom X.509 extensions.
- aia_
ocsp_ Sequence[str]servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name_
constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy_
ids Sequence[ObjectId Response] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> - Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage Property Map - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints Property Map - Optional. Describes the X.509 name constraints extension.
- policy
Ids List<Property Map> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.