Google Cloud Classic v8.3.1 published on Wednesday, Sep 25, 2024 by Pulumi
gcp.certificateauthority.getAuthority
Explore with Pulumi AI
Get info about a Google CAS Certificate Authority.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const default = gcp.certificateauthority.getAuthority({
location: "us-west1",
pool: "pool-name",
certificateAuthorityId: "ca-id",
});
export const csr = _default.then(_default => _default.pemCsr);
import pulumi
import pulumi_gcp as gcp
default = gcp.certificateauthority.get_authority(location="us-west1",
pool="pool-name",
certificate_authority_id="ca-id")
pulumi.export("csr", default.pem_csr)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := certificateauthority.LookupAuthority(ctx, &certificateauthority.LookupAuthorityArgs{
Location: pulumi.StringRef("us-west1"),
Pool: pulumi.StringRef("pool-name"),
CertificateAuthorityId: pulumi.StringRef("ca-id"),
}, nil)
if err != nil {
return err
}
ctx.Export("csr", _default.PemCsr)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = Gcp.CertificateAuthority.GetAuthority.Invoke(new()
{
Location = "us-west1",
Pool = "pool-name",
CertificateAuthorityId = "ca-id",
});
return new Dictionary<string, object?>
{
["csr"] = @default.Apply(@default => @default.Apply(getAuthorityResult => getAuthorityResult.PemCsr)),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CertificateauthorityFunctions;
import com.pulumi.gcp.certificateauthority.inputs.GetAuthorityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var default = CertificateauthorityFunctions.getAuthority(GetAuthorityArgs.builder()
.location("us-west1")
.pool("pool-name")
.certificateAuthorityId("ca-id")
.build());
ctx.export("csr", default_.pemCsr());
}
}
variables:
default:
fn::invoke:
Function: gcp:certificateauthority:getAuthority
Arguments:
location: us-west1
pool: pool-name
certificateAuthorityId: ca-id
outputs:
csr: ${default.pemCsr}
Using getAuthority
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAuthority(args: GetAuthorityArgs, opts?: InvokeOptions): Promise<GetAuthorityResult>
function getAuthorityOutput(args: GetAuthorityOutputArgs, opts?: InvokeOptions): Output<GetAuthorityResult>
def get_authority(certificate_authority_id: Optional[str] = None,
location: Optional[str] = None,
pool: Optional[str] = None,
project: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAuthorityResult
def get_authority_output(certificate_authority_id: Optional[pulumi.Input[str]] = None,
location: Optional[pulumi.Input[str]] = None,
pool: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAuthorityResult]
func LookupAuthority(ctx *Context, args *LookupAuthorityArgs, opts ...InvokeOption) (*LookupAuthorityResult, error)
func LookupAuthorityOutput(ctx *Context, args *LookupAuthorityOutputArgs, opts ...InvokeOption) LookupAuthorityResultOutput
> Note: This function is named LookupAuthority
in the Go SDK.
public static class GetAuthority
{
public static Task<GetAuthorityResult> InvokeAsync(GetAuthorityArgs args, InvokeOptions? opts = null)
public static Output<GetAuthorityResult> Invoke(GetAuthorityInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAuthorityResult> getAuthority(GetAuthorityArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: gcp:certificateauthority/getAuthority:getAuthority
arguments:
# arguments dictionary
The following arguments are supported:
getAuthority Result
The following output properties are available:
- Access
Urls List<GetAuthority Access Url> - Configs
List<Get
Authority Config> - Create
Time string - Deletion
Protection bool - Desired
State string - Effective
Labels Dictionary<string, string> - Gcs
Bucket string - Id string
- The provider-assigned unique ID for this managed resource.
- Ignore
Active boolCertificates On Deletion - Key
Specs List<GetAuthority Key Spec> - Labels Dictionary<string, string>
- Lifetime string
- Name string
- Pem
Ca stringCertificate - Pem
Ca List<string>Certificates - Pem
Csr string - The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
- Pulumi
Labels Dictionary<string, string> - Skip
Grace boolPeriod - State string
- Subordinate
Configs List<GetAuthority Subordinate Config> - Type string
- Update
Time string - string
- Location string
- Pool string
- Project string
- Access
Urls []GetAuthority Access Url - Configs
[]Get
Authority Config - Create
Time string - Deletion
Protection bool - Desired
State string - Effective
Labels map[string]string - Gcs
Bucket string - Id string
- The provider-assigned unique ID for this managed resource.
- Ignore
Active boolCertificates On Deletion - Key
Specs []GetAuthority Key Spec - Labels map[string]string
- Lifetime string
- Name string
- Pem
Ca stringCertificate - Pem
Ca []stringCertificates - Pem
Csr string - The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
- Pulumi
Labels map[string]string - Skip
Grace boolPeriod - State string
- Subordinate
Configs []GetAuthority Subordinate Config - Type string
- Update
Time string - string
- Location string
- Pool string
- Project string
- access
Urls List<GetAuthority Access Url> - configs
List<Get
Authority Config> - create
Time String - deletion
Protection Boolean - desired
State String - effective
Labels Map<String,String> - gcs
Bucket String - id String
- The provider-assigned unique ID for this managed resource.
- ignore
Active BooleanCertificates On Deletion - key
Specs List<GetAuthority Key Spec> - labels Map<String,String>
- lifetime String
- name String
- pem
Ca StringCertificate - pem
Ca List<String>Certificates - pem
Csr String - The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
- pulumi
Labels Map<String,String> - skip
Grace BooleanPeriod - state String
- subordinate
Configs List<GetAuthority Subordinate Config> - type String
- update
Time String - String
- location String
- pool String
- project String
- access
Urls GetAuthority Access Url[] - configs
Get
Authority Config[] - create
Time string - deletion
Protection boolean - desired
State string - effective
Labels {[key: string]: string} - gcs
Bucket string - id string
- The provider-assigned unique ID for this managed resource.
- ignore
Active booleanCertificates On Deletion - key
Specs GetAuthority Key Spec[] - labels {[key: string]: string}
- lifetime string
- name string
- pem
Ca stringCertificate - pem
Ca string[]Certificates - pem
Csr string - The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
- pulumi
Labels {[key: string]: string} - skip
Grace booleanPeriod - state string
- subordinate
Configs GetAuthority Subordinate Config[] - type string
- update
Time string - string
- location string
- pool string
- project string
- access_
urls Sequence[GetAuthority Access Url] - configs
Sequence[Get
Authority Config] - create_
time str - deletion_
protection bool - desired_
state str - effective_
labels Mapping[str, str] - gcs_
bucket str - id str
- The provider-assigned unique ID for this managed resource.
- ignore_
active_ boolcertificates_ on_ deletion - key_
specs Sequence[GetAuthority Key Spec] - labels Mapping[str, str]
- lifetime str
- name str
- pem_
ca_ strcertificate - pem_
ca_ Sequence[str]certificates - pem_
csr str - The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
- pulumi_
labels Mapping[str, str] - skip_
grace_ boolperiod - state str
- subordinate_
configs Sequence[GetAuthority Subordinate Config] - type str
- update_
time str - str
- location str
- pool str
- project str
- access
Urls List<Property Map> - configs List<Property Map>
- create
Time String - deletion
Protection Boolean - desired
State String - effective
Labels Map<String> - gcs
Bucket String - id String
- The provider-assigned unique ID for this managed resource.
- ignore
Active BooleanCertificates On Deletion - key
Specs List<Property Map> - labels Map<String>
- lifetime String
- name String
- pem
Ca StringCertificate - pem
Ca List<String>Certificates - pem
Csr String - The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
- pulumi
Labels Map<String> - skip
Grace BooleanPeriod - state String
- subordinate
Configs List<Property Map> - type String
- update
Time String - String
- location String
- pool String
- project String
Supporting Types
GetAuthorityAccessUrl
- Ca
Certificate stringAccess Url - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- Crl
Access List<string>Urls - The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- Ca
Certificate stringAccess Url - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- Crl
Access []stringUrls - The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca
Certificate StringAccess Url - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl
Access List<String>Urls - The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca
Certificate stringAccess Url - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl
Access string[]Urls - The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca_
certificate_ straccess_ url - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl_
access_ Sequence[str]urls - The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca
Certificate StringAccess Url - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl
Access List<String>Urls - The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
GetAuthorityConfig
- Subject
Configs List<GetAuthority Config Subject Config> - Specifies some of the values in a certificate that are related to the subject.
- Subject
Key List<GetIds Authority Config Subject Key Id> - When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
- X509Configs
List<Get
Authority Config X509Config> - Describes how some of the technical X.509 fields in a certificate should be populated.
- Subject
Configs []GetAuthority Config Subject Config - Specifies some of the values in a certificate that are related to the subject.
- Subject
Key []GetIds Authority Config Subject Key Id - When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
- X509Configs
[]Get
Authority Config X509Config - Describes how some of the technical X.509 fields in a certificate should be populated.
- subject
Configs List<GetAuthority Config Subject Config> - Specifies some of the values in a certificate that are related to the subject.
- subject
Key List<GetIds Authority Config Subject Key Id> - When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
- x509Configs
List<Get
Authority Config X509Config> - Describes how some of the technical X.509 fields in a certificate should be populated.
- subject
Configs GetAuthority Config Subject Config[] - Specifies some of the values in a certificate that are related to the subject.
- subject
Key GetIds Authority Config Subject Key Id[] - When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
- x509Configs
Get
Authority Config X509Config[] - Describes how some of the technical X.509 fields in a certificate should be populated.
- subject_
configs Sequence[GetAuthority Config Subject Config] - Specifies some of the values in a certificate that are related to the subject.
- subject_
key_ Sequence[Getids Authority Config Subject Key Id] - When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
- x509_
configs Sequence[GetAuthority Config X509Config] - Describes how some of the technical X.509 fields in a certificate should be populated.
- subject
Configs List<Property Map> - Specifies some of the values in a certificate that are related to the subject.
- subject
Key List<Property Map>Ids - When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
- x509Configs List<Property Map>
- Describes how some of the technical X.509 fields in a certificate should be populated.
GetAuthorityConfigSubjectConfig
- Subject
Alt List<GetNames Authority Config Subject Config Subject Alt Name> - The subject alternative name fields.
- Subjects
List<Get
Authority Config Subject Config Subject> - Contains distinguished name fields such as the location and organization.
- Subject
Alt []GetNames Authority Config Subject Config Subject Alt Name - The subject alternative name fields.
- Subjects
[]Get
Authority Config Subject Config Subject - Contains distinguished name fields such as the location and organization.
- subject
Alt List<GetNames Authority Config Subject Config Subject Alt Name> - The subject alternative name fields.
- subjects
List<Get
Authority Config Subject Config Subject> - Contains distinguished name fields such as the location and organization.
- subject
Alt GetNames Authority Config Subject Config Subject Alt Name[] - The subject alternative name fields.
- subjects
Get
Authority Config Subject Config Subject[] - Contains distinguished name fields such as the location and organization.
- subject_
alt_ Sequence[Getnames Authority Config Subject Config Subject Alt Name] - The subject alternative name fields.
- subjects
Sequence[Get
Authority Config Subject Config Subject] - Contains distinguished name fields such as the location and organization.
- subject
Alt List<Property Map>Names - The subject alternative name fields.
- subjects List<Property Map>
- Contains distinguished name fields such as the location and organization.
GetAuthorityConfigSubjectConfigSubject
- Common
Name string - The common name of the distinguished name.
- Country
Code string - The country code of the subject.
- Locality string
- The locality or city of the subject.
- Organization string
- The organization of the subject.
- Organizational
Unit string - The organizational unit of the subject.
- Postal
Code string - The postal code of the subject.
- Province string
- The province, territory, or regional state of the subject.
- Street
Address string - The street address of the subject.
- Common
Name string - The common name of the distinguished name.
- Country
Code string - The country code of the subject.
- Locality string
- The locality or city of the subject.
- Organization string
- The organization of the subject.
- Organizational
Unit string - The organizational unit of the subject.
- Postal
Code string - The postal code of the subject.
- Province string
- The province, territory, or regional state of the subject.
- Street
Address string - The street address of the subject.
- common
Name String - The common name of the distinguished name.
- country
Code String - The country code of the subject.
- locality String
- The locality or city of the subject.
- organization String
- The organization of the subject.
- organizational
Unit String - The organizational unit of the subject.
- postal
Code String - The postal code of the subject.
- province String
- The province, territory, or regional state of the subject.
- street
Address String - The street address of the subject.
- common
Name string - The common name of the distinguished name.
- country
Code string - The country code of the subject.
- locality string
- The locality or city of the subject.
- organization string
- The organization of the subject.
- organizational
Unit string - The organizational unit of the subject.
- postal
Code string - The postal code of the subject.
- province string
- The province, territory, or regional state of the subject.
- street
Address string - The street address of the subject.
- common_
name str - The common name of the distinguished name.
- country_
code str - The country code of the subject.
- locality str
- The locality or city of the subject.
- organization str
- The organization of the subject.
- organizational_
unit str - The organizational unit of the subject.
- postal_
code str - The postal code of the subject.
- province str
- The province, territory, or regional state of the subject.
- street_
address str - The street address of the subject.
- common
Name String - The common name of the distinguished name.
- country
Code String - The country code of the subject.
- locality String
- The locality or city of the subject.
- organization String
- The organization of the subject.
- organizational
Unit String - The organizational unit of the subject.
- postal
Code String - The postal code of the subject.
- province String
- The province, territory, or regional state of the subject.
- street
Address String - The street address of the subject.
GetAuthorityConfigSubjectConfigSubjectAltName
- Dns
Names List<string> - Contains only valid, fully-qualified host names.
- Email
Addresses List<string> - Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses List<string> - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris List<string>
- Contains only valid RFC 3986 URIs.
- Dns
Names []string - Contains only valid, fully-qualified host names.
- Email
Addresses []string - Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses []string - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris []string
- Contains only valid RFC 3986 URIs.
- dns
Names List<String> - Contains only valid, fully-qualified host names.
- email
Addresses List<String> - Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
- Contains only valid RFC 3986 URIs.
- dns
Names string[] - Contains only valid, fully-qualified host names.
- email
Addresses string[] - Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses string[] - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris string[]
- Contains only valid RFC 3986 URIs.
- dns_
names Sequence[str] - Contains only valid, fully-qualified host names.
- email_
addresses Sequence[str] - Contains only valid RFC 2822 E-mail addresses.
- ip_
addresses Sequence[str] - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris Sequence[str]
- Contains only valid RFC 3986 URIs.
- dns
Names List<String> - Contains only valid, fully-qualified host names.
- email
Addresses List<String> - Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
- Contains only valid RFC 3986 URIs.
GetAuthorityConfigSubjectKeyId
- Key
Id string - The value of the KeyId in lowercase hexidecimal.
- Key
Id string - The value of the KeyId in lowercase hexidecimal.
- key
Id String - The value of the KeyId in lowercase hexidecimal.
- key
Id string - The value of the KeyId in lowercase hexidecimal.
- key_
id str - The value of the KeyId in lowercase hexidecimal.
- key
Id String - The value of the KeyId in lowercase hexidecimal.
GetAuthorityConfigX509Config
- Additional
Extensions List<GetAuthority Config X509Config Additional Extension> - Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
- Aia
Ocsp List<string>Servers - Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options List<GetAuthority Config X509Config Ca Option> - Describes values that are relevant in a CA certificate.
- Key
Usages List<GetAuthority Config X509Config Key Usage> - Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints List<GetAuthority Config X509Config Name Constraint> - Describes the X.509 name constraints extension.
- Policy
Ids List<GetAuthority Config X509Config Policy Id> - Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []GetAuthority Config X509Config Additional Extension - Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
- Aia
Ocsp []stringServers - Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options []GetAuthority Config X509Config Ca Option - Describes values that are relevant in a CA certificate.
- Key
Usages []GetAuthority Config X509Config Key Usage - Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints []GetAuthority Config X509Config Name Constraint - Describes the X.509 name constraints extension.
- Policy
Ids []GetAuthority Config X509Config Policy Id - Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<GetAuthority Config X509Config Additional Extension> - Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
- aia
Ocsp List<String>Servers - Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options List<GetAuthority Config X509Config Ca Option> - Describes values that are relevant in a CA certificate.
- key
Usages List<GetAuthority Config X509Config Key Usage> - Indicates the intended use for keys that correspond to a certificate.
- name
Constraints List<GetAuthority Config X509Config Name Constraint> - Describes the X.509 name constraints extension.
- policy
Ids List<GetAuthority Config X509Config Policy Id> - Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions GetAuthority Config X509Config Additional Extension[] - Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
- aia
Ocsp string[]Servers - Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options GetAuthority Config X509Config Ca Option[] - Describes values that are relevant in a CA certificate.
- key
Usages GetAuthority Config X509Config Key Usage[] - Indicates the intended use for keys that correspond to a certificate.
- name
Constraints GetAuthority Config X509Config Name Constraint[] - Describes the X.509 name constraints extension.
- policy
Ids GetAuthority Config X509Config Policy Id[] - Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[GetAuthority Config X509Config Additional Extension] - Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
- aia_
ocsp_ Sequence[str]servers - Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options Sequence[GetAuthority Config X509Config Ca Option] - Describes values that are relevant in a CA certificate.
- key_
usages Sequence[GetAuthority Config X509Config Key Usage] - Indicates the intended use for keys that correspond to a certificate.
- name_
constraints Sequence[GetAuthority Config X509Config Name Constraint] - Describes the X.509 name constraints extension.
- policy_
ids Sequence[GetAuthority Config X509Config Policy Id] - Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> - Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
- aia
Ocsp List<String>Servers - Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options List<Property Map> - Describes values that are relevant in a CA certificate.
- key
Usages List<Property Map> - Indicates the intended use for keys that correspond to a certificate.
- name
Constraints List<Property Map> - Describes the X.509 name constraints extension.
- policy
Ids List<Property Map> - Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
GetAuthorityConfigX509ConfigAdditionalExtension
- Critical bool
- Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Ids List<GetAuthority Config X509Config Additional Extension Object Id> - Describes values that are relevant in a CA certificate.
- Value string
- The value of this X.509 extension. A base64-encoded string.
- Critical bool
- Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Ids []GetAuthority Config X509Config Additional Extension Object Id - Describes values that are relevant in a CA certificate.
- Value string
- The value of this X.509 extension. A base64-encoded string.
- critical Boolean
- Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Ids List<GetAuthority Config X509Config Additional Extension Object Id> - Describes values that are relevant in a CA certificate.
- value String
- The value of this X.509 extension. A base64-encoded string.
- critical boolean
- Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Ids GetAuthority Config X509Config Additional Extension Object Id[] - Describes values that are relevant in a CA certificate.
- value string
- The value of this X.509 extension. A base64-encoded string.
- critical bool
- Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
ids Sequence[GetAuthority Config X509Config Additional Extension Object Id] - Describes values that are relevant in a CA certificate.
- value str
- The value of this X.509 extension. A base64-encoded string.
- critical Boolean
- Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Ids List<Property Map> - Describes values that are relevant in a CA certificate.
- value String
- The value of this X.509 extension. A base64-encoded string.
GetAuthorityConfigX509ConfigAdditionalExtensionObjectId
- Object
Id List<int>Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
GetAuthorityConfigX509ConfigCaOption
- Is
Ca bool - When true, the "CA" in Basic Constraints extension will be set to true.
- Max
Issuer intPath Length - Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
- Non
Ca bool - When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
- Zero
Max boolIssuer Path Length - When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
- Is
Ca bool - When true, the "CA" in Basic Constraints extension will be set to true.
- Max
Issuer intPath Length - Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
- Non
Ca bool - When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
- Zero
Max boolIssuer Path Length - When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - When true, the "CA" in Basic Constraints extension will be set to true.
- max
Issuer IntegerPath Length - Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
- non
Ca Boolean - When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
- zero
Max BooleanIssuer Path Length - When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
- is
Ca boolean - When true, the "CA" in Basic Constraints extension will be set to true.
- max
Issuer numberPath Length - Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
- non
Ca boolean - When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
- zero
Max booleanIssuer Path Length - When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
- is_
ca bool - When true, the "CA" in Basic Constraints extension will be set to true.
- max_
issuer_ intpath_ length - Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
- non_
ca bool - When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
- zero_
max_ boolissuer_ path_ length - When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - When true, the "CA" in Basic Constraints extension will be set to true.
- max
Issuer NumberPath Length - Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
- non
Ca Boolean - When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
- zero
Max BooleanIssuer Path Length - When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
GetAuthorityConfigX509ConfigKeyUsage
- Base
Key List<GetUsages Authority Config X509Config Key Usage Base Key Usage> - Describes high-level ways in which a key may be used.
- Extended
Key List<GetUsages Authority Config X509Config Key Usage Extended Key Usage> - Describes high-level ways in which a key may be used.
- Unknown
Extended List<GetKey Usages Authority Config X509Config Key Usage Unknown Extended Key Usage> - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Base
Key []GetUsages Authority Config X509Config Key Usage Base Key Usage - Describes high-level ways in which a key may be used.
- Extended
Key []GetUsages Authority Config X509Config Key Usage Extended Key Usage - Describes high-level ways in which a key may be used.
- Unknown
Extended []GetKey Usages Authority Config X509Config Key Usage Unknown Extended Key Usage - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- base
Key List<GetUsages Authority Config X509Config Key Usage Base Key Usage> - Describes high-level ways in which a key may be used.
- extended
Key List<GetUsages Authority Config X509Config Key Usage Extended Key Usage> - Describes high-level ways in which a key may be used.
- unknown
Extended List<GetKey Usages Authority Config X509Config Key Usage Unknown Extended Key Usage> - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- base
Key GetUsages Authority Config X509Config Key Usage Base Key Usage[] - Describes high-level ways in which a key may be used.
- extended
Key GetUsages Authority Config X509Config Key Usage Extended Key Usage[] - Describes high-level ways in which a key may be used.
- unknown
Extended GetKey Usages Authority Config X509Config Key Usage Unknown Extended Key Usage[] - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- base_
key_ Sequence[Getusages Authority Config X509Config Key Usage Base Key Usage] - Describes high-level ways in which a key may be used.
- extended_
key_ Sequence[Getusages Authority Config X509Config Key Usage Extended Key Usage] - Describes high-level ways in which a key may be used.
- unknown_
extended_ Sequence[Getkey_ usages Authority Config X509Config Key Usage Unknown Extended Key Usage] - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- base
Key List<Property Map>Usages - Describes high-level ways in which a key may be used.
- extended
Key List<Property Map>Usages - Describes high-level ways in which a key may be used.
- unknown
Extended List<Property Map>Key Usages - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
- cert
Sign boolean - The key may be used to sign certificates.
- content
Commitment boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean - The key may be used sign certificate revocation lists.
- data
Encipherment boolean - The key may be used to encipher data.
- decipher
Only boolean - The key may be used to decipher only.
- digital
Signature boolean - The key may be used for digital signatures.
- encipher
Only boolean - The key may be used to encipher only.
- key
Agreement boolean - The key may be used in a key agreement protocol.
- key
Encipherment boolean - The key may be used to encipher other keys.
- cert_
sign bool - The key may be used to sign certificates.
- content_
commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool - The key may be used sign certificate revocation lists.
- data_
encipherment bool - The key may be used to encipher data.
- decipher_
only bool - The key may be used to decipher only.
- digital_
signature bool - The key may be used for digital signatures.
- encipher_
only bool - The key may be used to encipher only.
- key_
agreement bool - The key may be used in a key agreement protocol.
- key_
encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage
- Object
Id List<int>Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
GetAuthorityConfigX509ConfigNameConstraint
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns List<string>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- Excluded
Email List<string>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- Excluded
Ip List<string>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris List<string> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- Permitted
Dns List<string>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- Permitted
Email List<string>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- Permitted
Ip List<string>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris List<string> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns []stringNames - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- Excluded
Email []stringAddresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- Excluded
Ip []stringRanges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris []string - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- Permitted
Dns []stringNames - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- Permitted
Email []stringAddresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- Permitted
Ip []stringRanges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris []string - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- critical boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns string[]Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- excluded
Email string[]Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- excluded
Ip string[]Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris string[] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- permitted
Dns string[]Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- permitted
Email string[]Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- permitted
Ip string[]Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris string[] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- critical bool
- Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ Sequence[str]names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- excluded_
email_ Sequence[str]addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- excluded_
ip_ Sequence[str]ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris Sequence[str] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- permitted_
dns_ Sequence[str]names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- permitted_
email_ Sequence[str]addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- permitted_
ip_ Sequence[str]ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris Sequence[str] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
- permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
- permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
- permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
GetAuthorityConfigX509ConfigPolicyId
- Object
Id List<int>Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
GetAuthorityKeySpec
- Algorithm string
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
- Cloud
Kms stringKey Version - The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
- Algorithm string
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
- Cloud
Kms stringKey Version - The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
- algorithm String
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
- cloud
Kms StringKey Version - The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
- algorithm string
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
- cloud
Kms stringKey Version - The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
- algorithm str
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
- cloud_
kms_ strkey_ version - The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
- algorithm String
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
- cloud
Kms StringKey Version - The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
GetAuthoritySubordinateConfig
- string
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
- Pem
Issuer List<GetChains Authority Subordinate Config Pem Issuer Chain> - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- string
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
- Pem
Issuer []GetChains Authority Subordinate Config Pem Issuer Chain - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- String
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
- pem
Issuer List<GetChains Authority Subordinate Config Pem Issuer Chain> - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- string
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
- pem
Issuer GetChains Authority Subordinate Config Pem Issuer Chain[] - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- str
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
- pem_
issuer_ Sequence[Getchains Authority Subordinate Config Pem Issuer Chain] - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- String
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
- pem
Issuer List<Property Map>Chains - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
GetAuthoritySubordinateConfigPemIssuerChain
- Pem
Certificates List<string> - Expected to be in leaf-to-root order according to RFC 5246.
- Pem
Certificates []string - Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates List<String> - Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates string[] - Expected to be in leaf-to-root order according to RFC 5246.
- pem_
certificates Sequence[str] - Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates List<String> - Expected to be in leaf-to-root order according to RFC 5246.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.