Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.privateca/v1.CaPool
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Create a CaPool. Auto-naming is currently not supported for this resource.
Create CaPool Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CaPool(name: string, args: CaPoolArgs, opts?: CustomResourceOptions);
@overload
def CaPool(resource_name: str,
args: CaPoolArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CaPool(resource_name: str,
opts: Optional[ResourceOptions] = None,
ca_pool_id: Optional[str] = None,
tier: Optional[CaPoolTier] = None,
issuance_policy: Optional[IssuancePolicyArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
project: Optional[str] = None,
publishing_options: Optional[PublishingOptionsArgs] = None,
request_id: Optional[str] = None)
func NewCaPool(ctx *Context, name string, args CaPoolArgs, opts ...ResourceOption) (*CaPool, error)
public CaPool(string name, CaPoolArgs args, CustomResourceOptions? opts = null)
public CaPool(String name, CaPoolArgs args)
public CaPool(String name, CaPoolArgs args, CustomResourceOptions options)
type: google-native:privateca/v1:CaPool
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CaPoolArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CaPoolArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CaPoolArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CaPoolArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CaPoolArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var caPoolResource = new GoogleNative.Privateca.V1.CaPool("caPoolResource", new()
{
CaPoolId = "string",
Tier = GoogleNative.Privateca.V1.CaPoolTier.TierUnspecified,
IssuancePolicy = new GoogleNative.Privateca.V1.Inputs.IssuancePolicyArgs
{
AllowedIssuanceModes = new GoogleNative.Privateca.V1.Inputs.IssuanceModesArgs
{
AllowConfigBasedIssuance = false,
AllowCsrBasedIssuance = false,
},
AllowedKeyTypes = new[]
{
new GoogleNative.Privateca.V1.Inputs.AllowedKeyTypeArgs
{
EllipticCurve = new GoogleNative.Privateca.V1.Inputs.EcKeyTypeArgs
{
SignatureAlgorithm = GoogleNative.Privateca.V1.EcKeyTypeSignatureAlgorithm.EcSignatureAlgorithmUnspecified,
},
Rsa = new GoogleNative.Privateca.V1.Inputs.RsaKeyTypeArgs
{
MaxModulusSize = "string",
MinModulusSize = "string",
},
},
},
BaselineValues = new GoogleNative.Privateca.V1.Inputs.X509ParametersArgs
{
AdditionalExtensions = new[]
{
new GoogleNative.Privateca.V1.Inputs.X509ExtensionArgs
{
ObjectId = new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
{
ObjectIdPath = new[]
{
0,
},
},
Value = "string",
Critical = false,
},
},
AiaOcspServers = new[]
{
"string",
},
CaOptions = new GoogleNative.Privateca.V1.Inputs.CaOptionsArgs
{
IsCa = false,
MaxIssuerPathLength = 0,
},
KeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageArgs
{
BaseKeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsArgs
{
CertSign = false,
ContentCommitment = false,
CrlSign = false,
DataEncipherment = false,
DecipherOnly = false,
DigitalSignature = false,
EncipherOnly = false,
KeyAgreement = false,
KeyEncipherment = false,
},
ExtendedKeyUsage = new GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsArgs
{
ClientAuth = false,
CodeSigning = false,
EmailProtection = false,
OcspSigning = false,
ServerAuth = false,
TimeStamping = false,
},
UnknownExtendedKeyUsages = new[]
{
new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
{
ObjectIdPath = new[]
{
0,
},
},
},
},
NameConstraints = new GoogleNative.Privateca.V1.Inputs.NameConstraintsArgs
{
Critical = false,
ExcludedDnsNames = new[]
{
"string",
},
ExcludedEmailAddresses = new[]
{
"string",
},
ExcludedIpRanges = new[]
{
"string",
},
ExcludedUris = new[]
{
"string",
},
PermittedDnsNames = new[]
{
"string",
},
PermittedEmailAddresses = new[]
{
"string",
},
PermittedIpRanges = new[]
{
"string",
},
PermittedUris = new[]
{
"string",
},
},
PolicyIds = new[]
{
new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
{
ObjectIdPath = new[]
{
0,
},
},
},
},
IdentityConstraints = new GoogleNative.Privateca.V1.Inputs.CertificateIdentityConstraintsArgs
{
AllowSubjectAltNamesPassthrough = false,
AllowSubjectPassthrough = false,
CelExpression = new GoogleNative.Privateca.V1.Inputs.ExprArgs
{
Description = "string",
Expression = "string",
Location = "string",
Title = "string",
},
},
MaximumLifetime = "string",
PassthroughExtensions = new GoogleNative.Privateca.V1.Inputs.CertificateExtensionConstraintsArgs
{
AdditionalExtensions = new[]
{
new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
{
ObjectIdPath = new[]
{
0,
},
},
},
KnownExtensions = new[]
{
GoogleNative.Privateca.V1.CertificateExtensionConstraintsKnownExtensionsItem.KnownCertificateExtensionUnspecified,
},
},
},
Labels =
{
{ "string", "string" },
},
Location = "string",
Project = "string",
PublishingOptions = new GoogleNative.Privateca.V1.Inputs.PublishingOptionsArgs
{
EncodingFormat = GoogleNative.Privateca.V1.PublishingOptionsEncodingFormat.EncodingFormatUnspecified,
PublishCaCert = false,
PublishCrl = false,
},
RequestId = "string",
});
example, err := privateca.NewCaPool(ctx, "caPoolResource", &privateca.CaPoolArgs{
CaPoolId: pulumi.String("string"),
Tier: privateca.CaPoolTierTierUnspecified,
IssuancePolicy: &privateca.IssuancePolicyArgs{
AllowedIssuanceModes: &privateca.IssuanceModesArgs{
AllowConfigBasedIssuance: pulumi.Bool(false),
AllowCsrBasedIssuance: pulumi.Bool(false),
},
AllowedKeyTypes: privateca.AllowedKeyTypeArray{
&privateca.AllowedKeyTypeArgs{
EllipticCurve: &privateca.EcKeyTypeArgs{
SignatureAlgorithm: privateca.EcKeyTypeSignatureAlgorithmEcSignatureAlgorithmUnspecified,
},
Rsa: &privateca.RsaKeyTypeArgs{
MaxModulusSize: pulumi.String("string"),
MinModulusSize: pulumi.String("string"),
},
},
},
BaselineValues: &privateca.X509ParametersArgs{
AdditionalExtensions: privateca.X509ExtensionArray{
&privateca.X509ExtensionArgs{
ObjectId: &privateca.ObjectIdArgs{
ObjectIdPath: pulumi.IntArray{
pulumi.Int(0),
},
},
Value: pulumi.String("string"),
Critical: pulumi.Bool(false),
},
},
AiaOcspServers: pulumi.StringArray{
pulumi.String("string"),
},
CaOptions: &privateca.CaOptionsArgs{
IsCa: pulumi.Bool(false),
MaxIssuerPathLength: pulumi.Int(0),
},
KeyUsage: &privateca.KeyUsageArgs{
BaseKeyUsage: &privateca.KeyUsageOptionsArgs{
CertSign: pulumi.Bool(false),
ContentCommitment: pulumi.Bool(false),
CrlSign: pulumi.Bool(false),
DataEncipherment: pulumi.Bool(false),
DecipherOnly: pulumi.Bool(false),
DigitalSignature: pulumi.Bool(false),
EncipherOnly: pulumi.Bool(false),
KeyAgreement: pulumi.Bool(false),
KeyEncipherment: pulumi.Bool(false),
},
ExtendedKeyUsage: &privateca.ExtendedKeyUsageOptionsArgs{
ClientAuth: pulumi.Bool(false),
CodeSigning: pulumi.Bool(false),
EmailProtection: pulumi.Bool(false),
OcspSigning: pulumi.Bool(false),
ServerAuth: pulumi.Bool(false),
TimeStamping: pulumi.Bool(false),
},
UnknownExtendedKeyUsages: privateca.ObjectIdArray{
&privateca.ObjectIdArgs{
ObjectIdPath: pulumi.IntArray{
pulumi.Int(0),
},
},
},
},
NameConstraints: &privateca.NameConstraintsArgs{
Critical: pulumi.Bool(false),
ExcludedDnsNames: pulumi.StringArray{
pulumi.String("string"),
},
ExcludedEmailAddresses: pulumi.StringArray{
pulumi.String("string"),
},
ExcludedIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
ExcludedUris: pulumi.StringArray{
pulumi.String("string"),
},
PermittedDnsNames: pulumi.StringArray{
pulumi.String("string"),
},
PermittedEmailAddresses: pulumi.StringArray{
pulumi.String("string"),
},
PermittedIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
PermittedUris: pulumi.StringArray{
pulumi.String("string"),
},
},
PolicyIds: privateca.ObjectIdArray{
&privateca.ObjectIdArgs{
ObjectIdPath: pulumi.IntArray{
pulumi.Int(0),
},
},
},
},
IdentityConstraints: &privateca.CertificateIdentityConstraintsArgs{
AllowSubjectAltNamesPassthrough: pulumi.Bool(false),
AllowSubjectPassthrough: pulumi.Bool(false),
CelExpression: &privateca.ExprArgs{
Description: pulumi.String("string"),
Expression: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
},
MaximumLifetime: pulumi.String("string"),
PassthroughExtensions: &privateca.CertificateExtensionConstraintsArgs{
AdditionalExtensions: privateca.ObjectIdArray{
&privateca.ObjectIdArgs{
ObjectIdPath: pulumi.IntArray{
pulumi.Int(0),
},
},
},
KnownExtensions: privateca.CertificateExtensionConstraintsKnownExtensionsItemArray{
privateca.CertificateExtensionConstraintsKnownExtensionsItemKnownCertificateExtensionUnspecified,
},
},
},
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Location: pulumi.String("string"),
Project: pulumi.String("string"),
PublishingOptions: &privateca.PublishingOptionsArgs{
EncodingFormat: privateca.PublishingOptionsEncodingFormatEncodingFormatUnspecified,
PublishCaCert: pulumi.Bool(false),
PublishCrl: pulumi.Bool(false),
},
RequestId: pulumi.String("string"),
})
var caPoolResource = new CaPool("caPoolResource", CaPoolArgs.builder()
.caPoolId("string")
.tier("TIER_UNSPECIFIED")
.issuancePolicy(IssuancePolicyArgs.builder()
.allowedIssuanceModes(IssuanceModesArgs.builder()
.allowConfigBasedIssuance(false)
.allowCsrBasedIssuance(false)
.build())
.allowedKeyTypes(AllowedKeyTypeArgs.builder()
.ellipticCurve(EcKeyTypeArgs.builder()
.signatureAlgorithm("EC_SIGNATURE_ALGORITHM_UNSPECIFIED")
.build())
.rsa(RsaKeyTypeArgs.builder()
.maxModulusSize("string")
.minModulusSize("string")
.build())
.build())
.baselineValues(X509ParametersArgs.builder()
.additionalExtensions(X509ExtensionArgs.builder()
.objectId(ObjectIdArgs.builder()
.objectIdPath(0)
.build())
.value("string")
.critical(false)
.build())
.aiaOcspServers("string")
.caOptions(CaOptionsArgs.builder()
.isCa(false)
.maxIssuerPathLength(0)
.build())
.keyUsage(KeyUsageArgs.builder()
.baseKeyUsage(KeyUsageOptionsArgs.builder()
.certSign(false)
.contentCommitment(false)
.crlSign(false)
.dataEncipherment(false)
.decipherOnly(false)
.digitalSignature(false)
.encipherOnly(false)
.keyAgreement(false)
.keyEncipherment(false)
.build())
.extendedKeyUsage(ExtendedKeyUsageOptionsArgs.builder()
.clientAuth(false)
.codeSigning(false)
.emailProtection(false)
.ocspSigning(false)
.serverAuth(false)
.timeStamping(false)
.build())
.unknownExtendedKeyUsages(ObjectIdArgs.builder()
.objectIdPath(0)
.build())
.build())
.nameConstraints(NameConstraintsArgs.builder()
.critical(false)
.excludedDnsNames("string")
.excludedEmailAddresses("string")
.excludedIpRanges("string")
.excludedUris("string")
.permittedDnsNames("string")
.permittedEmailAddresses("string")
.permittedIpRanges("string")
.permittedUris("string")
.build())
.policyIds(ObjectIdArgs.builder()
.objectIdPath(0)
.build())
.build())
.identityConstraints(CertificateIdentityConstraintsArgs.builder()
.allowSubjectAltNamesPassthrough(false)
.allowSubjectPassthrough(false)
.celExpression(ExprArgs.builder()
.description("string")
.expression("string")
.location("string")
.title("string")
.build())
.build())
.maximumLifetime("string")
.passthroughExtensions(CertificateExtensionConstraintsArgs.builder()
.additionalExtensions(ObjectIdArgs.builder()
.objectIdPath(0)
.build())
.knownExtensions("KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED")
.build())
.build())
.labels(Map.of("string", "string"))
.location("string")
.project("string")
.publishingOptions(PublishingOptionsArgs.builder()
.encodingFormat("ENCODING_FORMAT_UNSPECIFIED")
.publishCaCert(false)
.publishCrl(false)
.build())
.requestId("string")
.build());
ca_pool_resource = google_native.privateca.v1.CaPool("caPoolResource",
ca_pool_id="string",
tier=google_native.privateca.v1.CaPoolTier.TIER_UNSPECIFIED,
issuance_policy=google_native.privateca.v1.IssuancePolicyArgs(
allowed_issuance_modes=google_native.privateca.v1.IssuanceModesArgs(
allow_config_based_issuance=False,
allow_csr_based_issuance=False,
),
allowed_key_types=[google_native.privateca.v1.AllowedKeyTypeArgs(
elliptic_curve=google_native.privateca.v1.EcKeyTypeArgs(
signature_algorithm=google_native.privateca.v1.EcKeyTypeSignatureAlgorithm.EC_SIGNATURE_ALGORITHM_UNSPECIFIED,
),
rsa=google_native.privateca.v1.RsaKeyTypeArgs(
max_modulus_size="string",
min_modulus_size="string",
),
)],
baseline_values=google_native.privateca.v1.X509ParametersArgs(
additional_extensions=[google_native.privateca.v1.X509ExtensionArgs(
object_id=google_native.privateca.v1.ObjectIdArgs(
object_id_path=[0],
),
value="string",
critical=False,
)],
aia_ocsp_servers=["string"],
ca_options=google_native.privateca.v1.CaOptionsArgs(
is_ca=False,
max_issuer_path_length=0,
),
key_usage=google_native.privateca.v1.KeyUsageArgs(
base_key_usage=google_native.privateca.v1.KeyUsageOptionsArgs(
cert_sign=False,
content_commitment=False,
crl_sign=False,
data_encipherment=False,
decipher_only=False,
digital_signature=False,
encipher_only=False,
key_agreement=False,
key_encipherment=False,
),
extended_key_usage=google_native.privateca.v1.ExtendedKeyUsageOptionsArgs(
client_auth=False,
code_signing=False,
email_protection=False,
ocsp_signing=False,
server_auth=False,
time_stamping=False,
),
unknown_extended_key_usages=[google_native.privateca.v1.ObjectIdArgs(
object_id_path=[0],
)],
),
name_constraints=google_native.privateca.v1.NameConstraintsArgs(
critical=False,
excluded_dns_names=["string"],
excluded_email_addresses=["string"],
excluded_ip_ranges=["string"],
excluded_uris=["string"],
permitted_dns_names=["string"],
permitted_email_addresses=["string"],
permitted_ip_ranges=["string"],
permitted_uris=["string"],
),
policy_ids=[google_native.privateca.v1.ObjectIdArgs(
object_id_path=[0],
)],
),
identity_constraints=google_native.privateca.v1.CertificateIdentityConstraintsArgs(
allow_subject_alt_names_passthrough=False,
allow_subject_passthrough=False,
cel_expression=google_native.privateca.v1.ExprArgs(
description="string",
expression="string",
location="string",
title="string",
),
),
maximum_lifetime="string",
passthrough_extensions=google_native.privateca.v1.CertificateExtensionConstraintsArgs(
additional_extensions=[google_native.privateca.v1.ObjectIdArgs(
object_id_path=[0],
)],
known_extensions=[google_native.privateca.v1.CertificateExtensionConstraintsKnownExtensionsItem.KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED],
),
),
labels={
"string": "string",
},
location="string",
project="string",
publishing_options=google_native.privateca.v1.PublishingOptionsArgs(
encoding_format=google_native.privateca.v1.PublishingOptionsEncodingFormat.ENCODING_FORMAT_UNSPECIFIED,
publish_ca_cert=False,
publish_crl=False,
),
request_id="string")
const caPoolResource = new google_native.privateca.v1.CaPool("caPoolResource", {
caPoolId: "string",
tier: google_native.privateca.v1.CaPoolTier.TierUnspecified,
issuancePolicy: {
allowedIssuanceModes: {
allowConfigBasedIssuance: false,
allowCsrBasedIssuance: false,
},
allowedKeyTypes: [{
ellipticCurve: {
signatureAlgorithm: google_native.privateca.v1.EcKeyTypeSignatureAlgorithm.EcSignatureAlgorithmUnspecified,
},
rsa: {
maxModulusSize: "string",
minModulusSize: "string",
},
}],
baselineValues: {
additionalExtensions: [{
objectId: {
objectIdPath: [0],
},
value: "string",
critical: false,
}],
aiaOcspServers: ["string"],
caOptions: {
isCa: false,
maxIssuerPathLength: 0,
},
keyUsage: {
baseKeyUsage: {
certSign: false,
contentCommitment: false,
crlSign: false,
dataEncipherment: false,
decipherOnly: false,
digitalSignature: false,
encipherOnly: false,
keyAgreement: false,
keyEncipherment: false,
},
extendedKeyUsage: {
clientAuth: false,
codeSigning: false,
emailProtection: false,
ocspSigning: false,
serverAuth: false,
timeStamping: false,
},
unknownExtendedKeyUsages: [{
objectIdPath: [0],
}],
},
nameConstraints: {
critical: false,
excludedDnsNames: ["string"],
excludedEmailAddresses: ["string"],
excludedIpRanges: ["string"],
excludedUris: ["string"],
permittedDnsNames: ["string"],
permittedEmailAddresses: ["string"],
permittedIpRanges: ["string"],
permittedUris: ["string"],
},
policyIds: [{
objectIdPath: [0],
}],
},
identityConstraints: {
allowSubjectAltNamesPassthrough: false,
allowSubjectPassthrough: false,
celExpression: {
description: "string",
expression: "string",
location: "string",
title: "string",
},
},
maximumLifetime: "string",
passthroughExtensions: {
additionalExtensions: [{
objectIdPath: [0],
}],
knownExtensions: [google_native.privateca.v1.CertificateExtensionConstraintsKnownExtensionsItem.KnownCertificateExtensionUnspecified],
},
},
labels: {
string: "string",
},
location: "string",
project: "string",
publishingOptions: {
encodingFormat: google_native.privateca.v1.PublishingOptionsEncodingFormat.EncodingFormatUnspecified,
publishCaCert: false,
publishCrl: false,
},
requestId: "string",
});
type: google-native:privateca/v1:CaPool
properties:
caPoolId: string
issuancePolicy:
allowedIssuanceModes:
allowConfigBasedIssuance: false
allowCsrBasedIssuance: false
allowedKeyTypes:
- ellipticCurve:
signatureAlgorithm: EC_SIGNATURE_ALGORITHM_UNSPECIFIED
rsa:
maxModulusSize: string
minModulusSize: string
baselineValues:
additionalExtensions:
- critical: false
objectId:
objectIdPath:
- 0
value: string
aiaOcspServers:
- string
caOptions:
isCa: false
maxIssuerPathLength: 0
keyUsage:
baseKeyUsage:
certSign: false
contentCommitment: false
crlSign: false
dataEncipherment: false
decipherOnly: false
digitalSignature: false
encipherOnly: false
keyAgreement: false
keyEncipherment: false
extendedKeyUsage:
clientAuth: false
codeSigning: false
emailProtection: false
ocspSigning: false
serverAuth: false
timeStamping: false
unknownExtendedKeyUsages:
- objectIdPath:
- 0
nameConstraints:
critical: false
excludedDnsNames:
- string
excludedEmailAddresses:
- string
excludedIpRanges:
- string
excludedUris:
- string
permittedDnsNames:
- string
permittedEmailAddresses:
- string
permittedIpRanges:
- string
permittedUris:
- string
policyIds:
- objectIdPath:
- 0
identityConstraints:
allowSubjectAltNamesPassthrough: false
allowSubjectPassthrough: false
celExpression:
description: string
expression: string
location: string
title: string
maximumLifetime: string
passthroughExtensions:
additionalExtensions:
- objectIdPath:
- 0
knownExtensions:
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
labels:
string: string
location: string
project: string
publishingOptions:
encodingFormat: ENCODING_FORMAT_UNSPECIFIED
publishCaCert: false
publishCrl: false
requestId: string
tier: TIER_UNSPECIFIED
CaPool Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CaPool resource accepts the following input properties:
- Ca
Pool stringId - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- Tier
Pulumi.
Google Native. Privateca. V1. Ca Pool Tier - Immutable. The Tier of this CaPool.
- Issuance
Policy Pulumi.Google Native. Privateca. V1. Inputs. Issuance Policy - Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- Labels Dictionary<string, string>
- Optional. Labels with user-defined metadata.
- Location string
- Project string
- Publishing
Options Pulumi.Google Native. Privateca. V1. Inputs. Publishing Options - Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- Request
Id string - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- Ca
Pool stringId - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- Tier
Ca
Pool Tier - Immutable. The Tier of this CaPool.
- Issuance
Policy IssuancePolicy Args - Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- Labels map[string]string
- Optional. Labels with user-defined metadata.
- Location string
- Project string
- Publishing
Options PublishingOptions Args - Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- Request
Id string - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- ca
Pool StringId - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- tier
Ca
Pool Tier - Immutable. The Tier of this CaPool.
- issuance
Policy IssuancePolicy - Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- labels Map<String,String>
- Optional. Labels with user-defined metadata.
- location String
- project String
- publishing
Options PublishingOptions - Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- request
Id String - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- ca
Pool stringId - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- tier
Ca
Pool Tier - Immutable. The Tier of this CaPool.
- issuance
Policy IssuancePolicy - Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- labels {[key: string]: string}
- Optional. Labels with user-defined metadata.
- location string
- project string
- publishing
Options PublishingOptions - Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- request
Id string - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- ca_
pool_ strid - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- tier
Ca
Pool Tier - Immutable. The Tier of this CaPool.
- issuance_
policy IssuancePolicy Args - Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- labels Mapping[str, str]
- Optional. Labels with user-defined metadata.
- location str
- project str
- publishing_
options PublishingOptions Args - Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- request_
id str - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- ca
Pool StringId - Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- tier "TIER_UNSPECIFIED" | "ENTERPRISE" | "DEVOPS"
- Immutable. The Tier of this CaPool.
- issuance
Policy Property Map - Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- labels Map<String>
- Optional. Labels with user-defined metadata.
- location String
- project String
- publishing
Options Property Map - Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- request
Id String - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
Outputs
All input properties are implicitly available as output properties. Additionally, the CaPool resource produces the following output properties:
Supporting Types
AllowedKeyType, AllowedKeyTypeArgs
- Elliptic
Curve Pulumi.Google Native. Privateca. V1. Inputs. Ec Key Type - Represents an allowed Elliptic Curve key type.
- Rsa
Pulumi.
Google Native. Privateca. V1. Inputs. Rsa Key Type - Represents an allowed RSA key type.
- Elliptic
Curve EcKey Type - Represents an allowed Elliptic Curve key type.
- Rsa
Rsa
Key Type - Represents an allowed RSA key type.
- elliptic
Curve EcKey Type - Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type - Represents an allowed RSA key type.
- elliptic
Curve EcKey Type - Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type - Represents an allowed RSA key type.
- elliptic_
curve EcKey Type - Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type - Represents an allowed RSA key type.
- elliptic
Curve Property Map - Represents an allowed Elliptic Curve key type.
- rsa Property Map
- Represents an allowed RSA key type.
AllowedKeyTypeResponse, AllowedKeyTypeResponseArgs
- Elliptic
Curve Pulumi.Google Native. Privateca. V1. Inputs. Ec Key Type Response - Represents an allowed Elliptic Curve key type.
- Rsa
Pulumi.
Google Native. Privateca. V1. Inputs. Rsa Key Type Response - Represents an allowed RSA key type.
- Elliptic
Curve EcKey Type Response - Represents an allowed Elliptic Curve key type.
- Rsa
Rsa
Key Type Response - Represents an allowed RSA key type.
- elliptic
Curve EcKey Type Response - Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type Response - Represents an allowed RSA key type.
- elliptic
Curve EcKey Type Response - Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type Response - Represents an allowed RSA key type.
- elliptic_
curve EcKey Type Response - Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type Response - Represents an allowed RSA key type.
- elliptic
Curve Property Map - Represents an allowed Elliptic Curve key type.
- rsa Property Map
- Represents an allowed RSA key type.
CaOptions, CaOptionsArgs
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CaOptionsResponse, CaOptionsResponseArgs
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CaPoolTier, CaPoolTierArgs
- Tier
Unspecified - TIER_UNSPECIFIEDNot specified.
- Enterprise
- ENTERPRISEEnterprise tier.
- Devops
- DEVOPSDevOps tier.
- Ca
Pool Tier Tier Unspecified - TIER_UNSPECIFIEDNot specified.
- Ca
Pool Tier Enterprise - ENTERPRISEEnterprise tier.
- Ca
Pool Tier Devops - DEVOPSDevOps tier.
- Tier
Unspecified - TIER_UNSPECIFIEDNot specified.
- Enterprise
- ENTERPRISEEnterprise tier.
- Devops
- DEVOPSDevOps tier.
- Tier
Unspecified - TIER_UNSPECIFIEDNot specified.
- Enterprise
- ENTERPRISEEnterprise tier.
- Devops
- DEVOPSDevOps tier.
- TIER_UNSPECIFIED
- TIER_UNSPECIFIEDNot specified.
- ENTERPRISE
- ENTERPRISEEnterprise tier.
- DEVOPS
- DEVOPSDevOps tier.
- "TIER_UNSPECIFIED"
- TIER_UNSPECIFIEDNot specified.
- "ENTERPRISE"
- ENTERPRISEEnterprise tier.
- "DEVOPS"
- DEVOPSDevOps tier.
CertificateExtensionConstraints, CertificateExtensionConstraintsArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions List<Pulumi.Google Native. Privateca. V1. Certificate Extension Constraints Known Extensions Item> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- Additional
Extensions []ObjectId - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions []CertificateExtension Constraints Known Extensions Item - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<ObjectId> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<CertificateExtension Constraints Known Extensions Item> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions ObjectId[] - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions CertificateExtension Constraints Known Extensions Item[] - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional_
extensions Sequence[ObjectId] - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known_
extensions Sequence[CertificateExtension Constraints Known Extensions Item] - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<Property Map> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<"KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED" | "BASE_KEY_USAGE" | "EXTENDED_KEY_USAGE" | "CA_OPTIONS" | "POLICY_IDS" | "AIA_OCSP_SERVERS" | "NAME_CONSTRAINTS"> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
CertificateExtensionConstraintsKnownExtensionsItem, CertificateExtensionConstraintsKnownExtensionsItemArgs
- Known
Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- Base
Key Usage - BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Extended
Key Usage - EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Ca
Options - CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Policy
Ids - POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Aia
Ocsp Servers - AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Name
Constraints - NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- Certificate
Extension Constraints Known Extensions Item Known Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- Certificate
Extension Constraints Known Extensions Item Base Key Usage - BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Certificate
Extension Constraints Known Extensions Item Extended Key Usage - EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Certificate
Extension Constraints Known Extensions Item Ca Options - CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Certificate
Extension Constraints Known Extensions Item Policy Ids - POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Certificate
Extension Constraints Known Extensions Item Aia Ocsp Servers - AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Certificate
Extension Constraints Known Extensions Item Name Constraints - NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- Known
Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- Base
Key Usage - BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Extended
Key Usage - EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Ca
Options - CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Policy
Ids - POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Aia
Ocsp Servers - AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Name
Constraints - NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- Known
Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- Base
Key Usage - BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Extended
Key Usage - EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Ca
Options - CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Policy
Ids - POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Aia
Ocsp Servers - AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Name
Constraints - NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- BASE_KEY_USAGE
- BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- EXTENDED_KEY_USAGE
- EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- CA_OPTIONS
- CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- POLICY_IDS
- POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- AIA_OCSP_SERVERS
- AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- NAME_CONSTRAINTS
- NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED"
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
- "BASE_KEY_USAGE"
- BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- "EXTENDED_KEY_USAGE"
- EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- "CA_OPTIONS"
- CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- "POLICY_IDS"
- POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- "AIA_OCSP_SERVERS"
- AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- "NAME_CONSTRAINTS"
- NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
CertificateExtensionConstraintsResponse, CertificateExtensionConstraintsResponseArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions List<string> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- Additional
Extensions []ObjectId Response - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions []string - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<ObjectId Response> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<String> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions ObjectId Response[] - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions string[] - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional_
extensions Sequence[ObjectId Response] - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known_
extensions Sequence[str] - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<Property Map> - Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<String> - Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
CertificateIdentityConstraints, CertificateIdentityConstraintsArgs
- Allow
Subject boolAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression Pulumi.Google Native. Privateca. V1. Inputs. Expr - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- Allow
Subject boolAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression Expr - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Expr - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject booleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject booleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Expr - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow_
subject_ boolalt_ names_ passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow_
subject_ boolpassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel_
expression Expr - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Property Map - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
CertificateIdentityConstraintsResponse, CertificateIdentityConstraintsResponseArgs
- Allow
Subject boolAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression Pulumi.Google Native. Privateca. V1. Inputs. Expr Response - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- Allow
Subject boolAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression ExprResponse - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression ExprResponse - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject booleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject booleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression ExprResponse - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow_
subject_ boolalt_ names_ passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow_
subject_ boolpassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel_
expression ExprResponse - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough - If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough - If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Property Map - Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
EcKeyType, EcKeyTypeArgs
- Signature
Algorithm Pulumi.Google Native. Privateca. V1. Ec Key Type Signature Algorithm - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- Signature
Algorithm EcKey Type Signature Algorithm - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm EcKey Type Signature Algorithm - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm EcKey Type Signature Algorithm - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature_
algorithm EcKey Type Signature Algorithm - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm "EC_SIGNATURE_ALGORITHM_UNSPECIFIED" | "ECDSA_P256" | "ECDSA_P384" | "EDDSA_25519" - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
EcKeyTypeResponse, EcKeyTypeResponseArgs
- Signature
Algorithm string - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- Signature
Algorithm string - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm String - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm string - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature_
algorithm str - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm String - Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
EcKeyTypeSignatureAlgorithm, EcKeyTypeSignatureAlgorithmArgs
- Ec
Signature Algorithm Unspecified - EC_SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified. Signifies that any signature algorithm may be used.
- Ecdsa
P256 - ECDSA_P256Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- Ecdsa
P384 - ECDSA_P384Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- Eddsa25519
- EDDSA_25519Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
- Ec
Key Type Signature Algorithm Ec Signature Algorithm Unspecified - EC_SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified. Signifies that any signature algorithm may be used.
- Ec
Key Type Signature Algorithm Ecdsa P256 - ECDSA_P256Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- Ec
Key Type Signature Algorithm Ecdsa P384 - ECDSA_P384Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- Ec
Key Type Signature Algorithm Eddsa25519 - EDDSA_25519Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
- Ec
Signature Algorithm Unspecified - EC_SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified. Signifies that any signature algorithm may be used.
- Ecdsa
P256 - ECDSA_P256Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- Ecdsa
P384 - ECDSA_P384Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- Eddsa25519
- EDDSA_25519Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
- Ec
Signature Algorithm Unspecified - EC_SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified. Signifies that any signature algorithm may be used.
- Ecdsa
P256 - ECDSA_P256Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- Ecdsa
P384 - ECDSA_P384Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- Eddsa25519
- EDDSA_25519Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
- EC_SIGNATURE_ALGORITHM_UNSPECIFIED
- EC_SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified. Signifies that any signature algorithm may be used.
- ECDSA_P256
- ECDSA_P256Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- ECDSA_P384
- ECDSA_P384Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- EDDSA25519
- EDDSA_25519Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
- "EC_SIGNATURE_ALGORITHM_UNSPECIFIED"
- EC_SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified. Signifies that any signature algorithm may be used.
- "ECDSA_P256"
- ECDSA_P256Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- "ECDSA_P384"
- ECDSA_P384Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- "EDDSA_25519"
- EDDSA_25519Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
Expr, ExprArgs
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ExprResponse, ExprResponseArgs
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ExtendedKeyUsageOptions, ExtendedKeyUsageOptionsArgs
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
ExtendedKeyUsageOptionsResponse, ExtendedKeyUsageOptionsResponseArgs
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
IssuanceModes, IssuanceModesArgs
- Allow
Config boolBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- Allow
Csr boolBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
- Allow
Config boolBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- Allow
Csr boolBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config BooleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr BooleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config booleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr booleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow_
config_ boolbased_ issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow_
csr_ boolbased_ issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config BooleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr BooleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
IssuanceModesResponse, IssuanceModesResponseArgs
- Allow
Config boolBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- Allow
Csr boolBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
- Allow
Config boolBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- Allow
Csr boolBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config BooleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr BooleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config booleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr booleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow_
config_ boolbased_ issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow_
csr_ boolbased_ issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config BooleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr BooleanBased Issuance - Optional. When true, allows callers to create Certificates by specifying a CSR.
IssuancePolicy, IssuancePolicyArgs
- Allowed
Issuance Pulumi.Modes Google Native. Privateca. V1. Inputs. Issuance Modes - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- Allowed
Key List<Pulumi.Types Google Native. Privateca. V1. Inputs. Allowed Key Type> - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- Baseline
Values Pulumi.Google Native. Privateca. V1. Inputs. X509Parameters - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- Identity
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Certificate Identity Constraints - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- Maximum
Lifetime string - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Passthrough
Extensions Pulumi.Google Native. Privateca. V1. Inputs. Certificate Extension Constraints - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- Allowed
Issuance IssuanceModes Modes - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- Allowed
Key []AllowedTypes Key Type - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- Baseline
Values X509Parameters - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- Identity
Constraints CertificateIdentity Constraints - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- Maximum
Lifetime string - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Passthrough
Extensions CertificateExtension Constraints - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance IssuanceModes Modes - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key List<AllowedTypes Key Type> - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values X509Parameters - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints CertificateIdentity Constraints - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime String - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions CertificateExtension Constraints - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance IssuanceModes Modes - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key AllowedTypes Key Type[] - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values X509Parameters - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints CertificateIdentity Constraints - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime string - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions CertificateExtension Constraints - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed_
issuance_ Issuancemodes Modes - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed_
key_ Sequence[Allowedtypes Key Type] - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline_
values X509Parameters - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity_
constraints CertificateIdentity Constraints - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum_
lifetime str - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough_
extensions CertificateExtension Constraints - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance Property MapModes - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key List<Property Map>Types - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values Property Map - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints Property Map - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime String - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions Property Map - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
IssuancePolicyResponse, IssuancePolicyResponseArgs
- Allowed
Issuance Pulumi.Modes Google Native. Privateca. V1. Inputs. Issuance Modes Response - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- Allowed
Key List<Pulumi.Types Google Native. Privateca. V1. Inputs. Allowed Key Type Response> - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- Baseline
Values Pulumi.Google Native. Privateca. V1. Inputs. X509Parameters Response - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- Identity
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Certificate Identity Constraints Response - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- Maximum
Lifetime string - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Passthrough
Extensions Pulumi.Google Native. Privateca. V1. Inputs. Certificate Extension Constraints Response - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- Allowed
Issuance IssuanceModes Modes Response - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- Allowed
Key []AllowedTypes Key Type Response - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- Baseline
Values X509ParametersResponse - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- Identity
Constraints CertificateIdentity Constraints Response - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- Maximum
Lifetime string - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Passthrough
Extensions CertificateExtension Constraints Response - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance IssuanceModes Modes Response - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key List<AllowedTypes Key Type Response> - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values X509ParametersResponse - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints CertificateIdentity Constraints Response - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime String - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions CertificateExtension Constraints Response - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance IssuanceModes Modes Response - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key AllowedTypes Key Type Response[] - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values X509ParametersResponse - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints CertificateIdentity Constraints Response - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime string - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions CertificateExtension Constraints Response - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed_
issuance_ Issuancemodes Modes Response - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed_
key_ Sequence[Allowedtypes Key Type Response] - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline_
values X509ParametersResponse - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity_
constraints CertificateIdentity Constraints Response - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum_
lifetime str - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough_
extensions CertificateExtension Constraints Response - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance Property MapModes - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key List<Property Map>Types - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values Property Map - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints Property Map - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime String - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions Property Map - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
KeyUsage, KeyUsageArgs
- Base
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options - Describes high-level ways in which a key may be used.
- Extended
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options - Detailed scenarios in which a key may be used.
- Unknown
Extended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key KeyUsage Usage Options - Describes high-level ways in which a key may be used.
- Extended
Key ExtendedUsage Key Usage Options - Detailed scenarios in which a key may be used.
- Unknown
Extended []ObjectKey Usages Id - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options - Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options - Detailed scenarios in which a key may be used.
- unknown
Extended List<ObjectKey Usages Id> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options - Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options - Detailed scenarios in which a key may be used.
- unknown
Extended ObjectKey Usages Id[] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ Keyusage Usage Options - Describes high-level ways in which a key may be used.
- extended_
key_ Extendedusage Key Usage Options - Detailed scenarios in which a key may be used.
- unknown_
extended_ Sequence[Objectkey_ usages Id] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Property MapUsage - Describes high-level ways in which a key may be used.
- extended
Key Property MapUsage - Detailed scenarios in which a key may be used.
- unknown
Extended List<Property Map>Key Usages - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
KeyUsageOptions, KeyUsageOptionsArgs
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
- cert
Sign boolean - The key may be used to sign certificates.
- content
Commitment boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean - The key may be used sign certificate revocation lists.
- data
Encipherment boolean - The key may be used to encipher data.
- decipher
Only boolean - The key may be used to decipher only.
- digital
Signature boolean - The key may be used for digital signatures.
- encipher
Only boolean - The key may be used to encipher only.
- key
Agreement boolean - The key may be used in a key agreement protocol.
- key
Encipherment boolean - The key may be used to encipher other keys.
- cert_
sign bool - The key may be used to sign certificates.
- content_
commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool - The key may be used sign certificate revocation lists.
- data_
encipherment bool - The key may be used to encipher data.
- decipher_
only bool - The key may be used to decipher only.
- digital_
signature bool - The key may be used for digital signatures.
- encipher_
only bool - The key may be used to encipher only.
- key_
agreement bool - The key may be used in a key agreement protocol.
- key_
encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
KeyUsageOptionsResponse, KeyUsageOptionsResponseArgs
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
- cert
Sign boolean - The key may be used to sign certificates.
- content
Commitment boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean - The key may be used sign certificate revocation lists.
- data
Encipherment boolean - The key may be used to encipher data.
- decipher
Only boolean - The key may be used to decipher only.
- digital
Signature boolean - The key may be used for digital signatures.
- encipher
Only boolean - The key may be used to encipher only.
- key
Agreement boolean - The key may be used in a key agreement protocol.
- key
Encipherment boolean - The key may be used to encipher other keys.
- cert_
sign bool - The key may be used to sign certificates.
- content_
commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool - The key may be used sign certificate revocation lists.
- data_
encipherment bool - The key may be used to encipher data.
- decipher_
only bool - The key may be used to decipher only.
- digital_
signature bool - The key may be used for digital signatures.
- encipher_
only bool - The key may be used to encipher only.
- key_
agreement bool - The key may be used in a key agreement protocol.
- key_
encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
KeyUsageResponse, KeyUsageResponseArgs
- Base
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options Response - Describes high-level ways in which a key may be used.
- Extended
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options Response - Detailed scenarios in which a key may be used.
- Unknown
Extended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id Response> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key KeyUsage Usage Options Response - Describes high-level ways in which a key may be used.
- Extended
Key ExtendedUsage Key Usage Options Response - Detailed scenarios in which a key may be used.
- Unknown
Extended []ObjectKey Usages Id Response - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Response - Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Response - Detailed scenarios in which a key may be used.
- unknown
Extended List<ObjectKey Usages Id Response> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Response - Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Response - Detailed scenarios in which a key may be used.
- unknown
Extended ObjectKey Usages Id Response[] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ Keyusage Usage Options Response - Describes high-level ways in which a key may be used.
- extended_
key_ Extendedusage Key Usage Options Response - Detailed scenarios in which a key may be used.
- unknown_
extended_ Sequence[Objectkey_ usages Id Response] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Property MapUsage - Describes high-level ways in which a key may be used.
- extended
Key Property MapUsage - Detailed scenarios in which a key may be used.
- unknown
Extended List<Property Map>Key Usages - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
NameConstraints, NameConstraintsArgs
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns List<string>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email List<string>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip List<string>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris List<string> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns List<string>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email List<string>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip List<string>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris List<string> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns []stringNames - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email []stringAddresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip []stringRanges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris []string - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns []stringNames - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email []stringAddresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip []stringRanges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris []string - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns string[]Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email string[]Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip string[]Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris string[] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns string[]Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email string[]Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip string[]Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris string[] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical bool
- Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ Sequence[str]names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded_
email_ Sequence[str]addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded_
ip_ Sequence[str]ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris Sequence[str] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted_
dns_ Sequence[str]names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted_
email_ Sequence[str]addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted_
ip_ Sequence[str]ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris Sequence[str] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
NameConstraintsResponse, NameConstraintsResponseArgs
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns List<string>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email List<string>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip List<string>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris List<string> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns List<string>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email List<string>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip List<string>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris List<string> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns []stringNames - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email []stringAddresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip []stringRanges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris []string - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns []stringNames - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email []stringAddresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip []stringRanges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris []string - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns string[]Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email string[]Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip string[]Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris string[] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns string[]Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email string[]Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip string[]Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris string[] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical bool
- Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ Sequence[str]names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded_
email_ Sequence[str]addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded_
ip_ Sequence[str]ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris Sequence[str] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted_
dns_ Sequence[str]names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted_
email_ Sequence[str]addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted_
ip_ Sequence[str]ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris Sequence[str] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
ObjectId, ObjectIdArgs
- Object
Id List<int>Path - The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPath - The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Path - The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Path - The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]path - The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Path - The parts of an OID path. The most significant parts of the path come first.
ObjectIdResponse, ObjectIdResponseArgs
- Object
Id List<int>Path - The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPath - The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Path - The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Path - The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]path - The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Path - The parts of an OID path. The most significant parts of the path come first.
PublishingOptions, PublishingOptionsArgs
- Encoding
Format Pulumi.Google Native. Privateca. V1. Publishing Options Encoding Format - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- Publish
Ca boolCert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- Publish
Crl bool - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- Encoding
Format PublishingOptions Encoding Format - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- Publish
Ca boolCert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- Publish
Crl bool - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format PublishingOptions Encoding Format - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca BooleanCert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl Boolean - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format PublishingOptions Encoding Format - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca booleanCert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl boolean - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding_
format PublishingOptions Encoding Format - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish_
ca_ boolcert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish_
crl bool - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format "ENCODING_FORMAT_UNSPECIFIED" | "PEM" | "DER" - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca BooleanCert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl Boolean - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
PublishingOptionsEncodingFormat, PublishingOptionsEncodingFormatArgs
- Encoding
Format Unspecified - ENCODING_FORMAT_UNSPECIFIEDNot specified. By default, PEM format will be used.
- Pem
- PEMThe CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- Der
- DERThe CertificateAuthority's CA certificate and CRLs will be published in DER format.
- Publishing
Options Encoding Format Encoding Format Unspecified - ENCODING_FORMAT_UNSPECIFIEDNot specified. By default, PEM format will be used.
- Publishing
Options Encoding Format Pem - PEMThe CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- Publishing
Options Encoding Format Der - DERThe CertificateAuthority's CA certificate and CRLs will be published in DER format.
- Encoding
Format Unspecified - ENCODING_FORMAT_UNSPECIFIEDNot specified. By default, PEM format will be used.
- Pem
- PEMThe CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- Der
- DERThe CertificateAuthority's CA certificate and CRLs will be published in DER format.
- Encoding
Format Unspecified - ENCODING_FORMAT_UNSPECIFIEDNot specified. By default, PEM format will be used.
- Pem
- PEMThe CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- Der
- DERThe CertificateAuthority's CA certificate and CRLs will be published in DER format.
- ENCODING_FORMAT_UNSPECIFIED
- ENCODING_FORMAT_UNSPECIFIEDNot specified. By default, PEM format will be used.
- PEM
- PEMThe CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- DER
- DERThe CertificateAuthority's CA certificate and CRLs will be published in DER format.
- "ENCODING_FORMAT_UNSPECIFIED"
- ENCODING_FORMAT_UNSPECIFIEDNot specified. By default, PEM format will be used.
- "PEM"
- PEMThe CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- "DER"
- DERThe CertificateAuthority's CA certificate and CRLs will be published in DER format.
PublishingOptionsResponse, PublishingOptionsResponseArgs
- Encoding
Format string - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- Publish
Ca boolCert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- Publish
Crl bool - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- Encoding
Format string - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- Publish
Ca boolCert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- Publish
Crl bool - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format String - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca BooleanCert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl Boolean - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format string - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca booleanCert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl boolean - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding_
format str - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish_
ca_ boolcert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish_
crl bool - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format String - Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca BooleanCert - Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl Boolean - Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
RsaKeyType, RsaKeyTypeArgs
- Max
Modulus stringSize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- Min
Modulus stringSize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- Max
Modulus stringSize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- Min
Modulus stringSize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus StringSize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus StringSize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus stringSize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus stringSize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max_
modulus_ strsize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min_
modulus_ strsize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus StringSize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus StringSize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
RsaKeyTypeResponse, RsaKeyTypeResponseArgs
- Max
Modulus stringSize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- Min
Modulus stringSize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- Max
Modulus stringSize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- Min
Modulus stringSize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus StringSize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus StringSize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus stringSize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus stringSize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max_
modulus_ strsize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min_
modulus_ strsize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus StringSize - Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus StringSize - Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
X509Extension, X509ExtensionArgs
- Object
Id Pulumi.Google Native. Privateca. V1. Inputs. Object Id - The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map - The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
X509ExtensionResponse, X509ExtensionResponseArgs
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response - The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id ObjectId Response - The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id ObjectId Response - The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
- critical boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id ObjectId Response - The OID for this X.509 extension.
- value string
- The value of this X.509 extension.
- critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
id ObjectId Response - The OID for this X.509 extension.
- value str
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map - The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
X509Parameters, X509ParametersArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension> - Optional. Describes custom X.509 extensions.
- Aia
Ocsp List<string>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options Pulumi.Google Native. Privateca. V1. Inputs. Ca Options - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints - Optional. Describes the X.509 name constraints extension.
- Policy
Ids List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []X509Extension - Optional. Describes custom X.509 extensions.
- Aia
Ocsp []stringServers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CaOptions - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage KeyUsage - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints NameConstraints - Optional. Describes the X.509 name constraints extension.
- Policy
Ids []ObjectId - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<X509Extension> - Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints - Optional. Describes the X.509 name constraints extension.
- policy
Ids List<ObjectId> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions X509Extension[] - Optional. Describes custom X.509 extensions.
- aia
Ocsp string[]Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints - Optional. Describes the X.509 name constraints extension.
- policy
Ids ObjectId[] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[X509Extension] - Optional. Describes custom X.509 extensions.
- aia_
ocsp_ Sequence[str]servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CaOptions - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage KeyUsage - Optional. Indicates the intended use for keys that correspond to a certificate.
- name_
constraints NameConstraints - Optional. Describes the X.509 name constraints extension.
- policy_
ids Sequence[ObjectId] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> - Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage Property Map - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints Property Map - Optional. Describes the X.509 name constraints extension.
- policy
Ids List<Property Map> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
X509ParametersResponse, X509ParametersResponseArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> - Optional. Describes custom X.509 extensions.
- Aia
Ocsp List<string>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options Pulumi.Google Native. Privateca. V1. Inputs. Ca Options Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints Response - Optional. Describes the X.509 name constraints extension.
- Policy
Ids List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []X509ExtensionResponse - Optional. Describes custom X.509 extensions.
- Aia
Ocsp []stringServers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- Policy
Ids []ObjectId Response - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<X509ExtensionResponse> - Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy
Ids List<ObjectId Response> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions X509ExtensionResponse[] - Optional. Describes custom X.509 extensions.
- aia
Ocsp string[]Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy
Ids ObjectId Response[] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[X509ExtensionResponse] - Optional. Describes custom X.509 extensions.
- aia_
ocsp_ Sequence[str]servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name_
constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy_
ids Sequence[ObjectId Response] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> - Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage Property Map - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints Property Map - Optional. Describes the X.509 name constraints extension.
- policy
Ids List<Property Map> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.