google-native.privateca/v1.getCaPool

func LookupCaPool(ctx *Context, args *LookupCaPoolArgs, opts ...InvokeOption) (*LookupCaPoolResult, error)
func LookupCaPoolOutput(ctx *Context, args *LookupCaPoolOutputArgs, opts ...InvokeOption) LookupCaPoolResultOutput

> Note: This function is named LookupCaPool in the Go SDK.

CaPoolId string

Location string

Project string

CaPoolId string

Location string

Project string

caPoolId String

location String

project String

caPoolId string

location string

project string

ca_pool_id str

location str

project str

caPoolId String

location String

project String

IssuancePolicy Pulumi.GoogleNative.Privateca.V1.Outputs.IssuancePolicyResponse

Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.

Labels Dictionary<string, string>

Optional. Labels with user-defined metadata.

Name string

The resource name for this CaPool in the format projects/*/locations/*/caPools/*.

PublishingOptions Pulumi.GoogleNative.Privateca.V1.Outputs.PublishingOptionsResponse

Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.

Tier string

Immutable. The Tier of this CaPool.

IssuancePolicy IssuancePolicyResponse

Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.

Labels map[string]string

Optional. Labels with user-defined metadata.

Name string

The resource name for this CaPool in the format projects/*/locations/*/caPools/*.

PublishingOptions PublishingOptionsResponse

Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.

Tier string

Immutable. The Tier of this CaPool.

issuancePolicy IssuancePolicyResponse

Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.

labels Map<String,String>

Optional. Labels with user-defined metadata.

name String

The resource name for this CaPool in the format projects/*/locations/*/caPools/*.

publishingOptions PublishingOptionsResponse

Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.

tier String

Immutable. The Tier of this CaPool.

issuancePolicy IssuancePolicyResponse

Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.

labels {[key: string]: string}

Optional. Labels with user-defined metadata.

name string

The resource name for this CaPool in the format projects/*/locations/*/caPools/*.

publishingOptions PublishingOptionsResponse

Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.

tier string

Immutable. The Tier of this CaPool.

issuance_policy IssuancePolicyResponse

Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.

labels Mapping[str, str]

Optional. Labels with user-defined metadata.

name str

The resource name for this CaPool in the format projects/*/locations/*/caPools/*.

publishing_options PublishingOptionsResponse

Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.

tier str

Immutable. The Tier of this CaPool.

issuancePolicy Property Map

Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.

labels Map<String>

Optional. Labels with user-defined metadata.

name String

The resource name for this CaPool in the format projects/*/locations/*/caPools/*.

publishingOptions Property Map

Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.

tier String

Immutable. The Tier of this CaPool.

EllipticCurve Pulumi.GoogleNative.Privateca.V1.Inputs.EcKeyTypeResponse

Represents an allowed Elliptic Curve key type.

Rsa Pulumi.GoogleNative.Privateca.V1.Inputs.RsaKeyTypeResponse

Represents an allowed RSA key type.

EllipticCurve EcKeyTypeResponse

Represents an allowed Elliptic Curve key type.

Rsa RsaKeyTypeResponse

Represents an allowed RSA key type.

ellipticCurve EcKeyTypeResponse

Represents an allowed Elliptic Curve key type.

rsa RsaKeyTypeResponse

Represents an allowed RSA key type.

ellipticCurve EcKeyTypeResponse

Represents an allowed Elliptic Curve key type.

rsa RsaKeyTypeResponse

Represents an allowed RSA key type.

elliptic_curve EcKeyTypeResponse

Represents an allowed Elliptic Curve key type.

rsa RsaKeyTypeResponse

Represents an allowed RSA key type.

ellipticCurve Property Map

Represents an allowed Elliptic Curve key type.

rsa Property Map

Represents an allowed RSA key type.

IsCa bool

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

MaxIssuerPathLength int

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

IsCa bool

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

MaxIssuerPathLength int

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

maxIssuerPathLength Integer

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa boolean

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

maxIssuerPathLength number

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

is_ca bool

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

max_issuer_path_length int

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

maxIssuerPathLength Number

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>

Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

KnownExtensions List<string>

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

AdditionalExtensions []ObjectIdResponse

Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

KnownExtensions []string

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions List<ObjectIdResponse>

Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

knownExtensions List<String>

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions ObjectIdResponse[]

Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

knownExtensions string[]

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additional_extensions Sequence[ObjectIdResponse]

Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

known_extensions Sequence[str]

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions List<Property Map>

Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

knownExtensions List<String>

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

AllowSubjectAltNamesPassthrough bool

If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

AllowSubjectPassthrough bool

If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

CelExpression Pulumi.GoogleNative.Privateca.V1.Inputs.ExprResponse

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

AllowSubjectAltNamesPassthrough bool

If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

AllowSubjectPassthrough bool

If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

CelExpression ExprResponse

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough Boolean

If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

allowSubjectPassthrough Boolean

If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

celExpression ExprResponse

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough boolean

If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

allowSubjectPassthrough boolean

If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

celExpression ExprResponse

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allow_subject_alt_names_passthrough bool

If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

allow_subject_passthrough bool

If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

cel_expression ExprResponse

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough Boolean

If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

allowSubjectPassthrough Boolean

If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

celExpression Property Map

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

SignatureAlgorithm string

Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.

SignatureAlgorithm string

Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.

signatureAlgorithm String

Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.

signatureAlgorithm string

Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.

signature_algorithm str

Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.

signatureAlgorithm String

Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression string

Textual representation of an expression in Common Expression Language syntax.

location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression str

Textual representation of an expression in Common Expression Language syntax.

location str

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title str

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

ClientAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

CodeSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

EmailProtection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

OcspSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

ServerAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

TimeStamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

CodeSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

EmailProtection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

OcspSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

ServerAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

TimeStamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

code_signing bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

email_protection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocsp_signing bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

server_auth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

time_stamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

AllowConfigBasedIssuance bool

Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.

AllowCsrBasedIssuance bool

Optional. When true, allows callers to create Certificates by specifying a CSR.

AllowConfigBasedIssuance bool

Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.

AllowCsrBasedIssuance bool

Optional. When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance Boolean

Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.

allowCsrBasedIssuance Boolean

Optional. When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance boolean

Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.

allowCsrBasedIssuance boolean

Optional. When true, allows callers to create Certificates by specifying a CSR.

allow_config_based_issuance bool

Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.

allow_csr_based_issuance bool

Optional. When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance Boolean

Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.

allowCsrBasedIssuance Boolean

Optional. When true, allows callers to create Certificates by specifying a CSR.

AllowedIssuanceModes Pulumi.GoogleNative.Privateca.V1.Inputs.IssuanceModesResponse

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

AllowedKeyTypes List<Pulumi.GoogleNative.Privateca.V1.Inputs.AllowedKeyTypeResponse>

Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

BaselineValues Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

IdentityConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateIdentityConstraintsResponse

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

MaximumLifetime string

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

PassthroughExtensions Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateExtensionConstraintsResponse

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

AllowedIssuanceModes IssuanceModesResponse

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

AllowedKeyTypes []AllowedKeyTypeResponse

Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

BaselineValues X509ParametersResponse

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

IdentityConstraints CertificateIdentityConstraintsResponse

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

MaximumLifetime string

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

PassthroughExtensions CertificateExtensionConstraintsResponse

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

allowedIssuanceModes IssuanceModesResponse

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

allowedKeyTypes List<AllowedKeyTypeResponse>

Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

baselineValues X509ParametersResponse

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

identityConstraints CertificateIdentityConstraintsResponse

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

maximumLifetime String

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

passthroughExtensions CertificateExtensionConstraintsResponse

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

allowedIssuanceModes IssuanceModesResponse

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

allowedKeyTypes AllowedKeyTypeResponse[]

Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

baselineValues X509ParametersResponse

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

identityConstraints CertificateIdentityConstraintsResponse

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

maximumLifetime string

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

passthroughExtensions CertificateExtensionConstraintsResponse

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

allowed_issuance_modes IssuanceModesResponse

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

allowed_key_types Sequence[AllowedKeyTypeResponse]

Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

baseline_values X509ParametersResponse

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

identity_constraints CertificateIdentityConstraintsResponse

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

maximum_lifetime str

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

passthrough_extensions CertificateExtensionConstraintsResponse

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

allowedIssuanceModes Property Map

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

allowedKeyTypes List<Property Map>

Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

baselineValues Property Map

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

identityConstraints Property Map

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

maximumLifetime String

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

passthroughExtensions Property Map

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

CertSign bool

The key may be used to sign certificates.

ContentCommitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

CrlSign bool

The key may be used sign certificate revocation lists.

DataEncipherment bool

The key may be used to encipher data.

DecipherOnly bool

The key may be used to decipher only.

DigitalSignature bool

The key may be used for digital signatures.

EncipherOnly bool

The key may be used to encipher only.

KeyAgreement bool

The key may be used in a key agreement protocol.

KeyEncipherment bool

The key may be used to encipher other keys.

CertSign bool

The key may be used to sign certificates.

ContentCommitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

CrlSign bool

The key may be used sign certificate revocation lists.

DataEncipherment bool

The key may be used to encipher data.

DecipherOnly bool

The key may be used to decipher only.

DigitalSignature bool

The key may be used for digital signatures.

EncipherOnly bool

The key may be used to encipher only.

KeyAgreement bool

The key may be used in a key agreement protocol.

KeyEncipherment bool

The key may be used to encipher other keys.

certSign Boolean

The key may be used to sign certificates.

contentCommitment Boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign Boolean

The key may be used sign certificate revocation lists.

dataEncipherment Boolean

The key may be used to encipher data.

decipherOnly Boolean

The key may be used to decipher only.

digitalSignature Boolean

The key may be used for digital signatures.

encipherOnly Boolean

The key may be used to encipher only.

keyAgreement Boolean

The key may be used in a key agreement protocol.

keyEncipherment Boolean

The key may be used to encipher other keys.

certSign boolean

The key may be used to sign certificates.

contentCommitment boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign boolean

The key may be used sign certificate revocation lists.

dataEncipherment boolean

The key may be used to encipher data.

decipherOnly boolean

The key may be used to decipher only.

digitalSignature boolean

The key may be used for digital signatures.

encipherOnly boolean

The key may be used to encipher only.

keyAgreement boolean

The key may be used in a key agreement protocol.

keyEncipherment boolean

The key may be used to encipher other keys.

cert_sign bool

The key may be used to sign certificates.

content_commitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crl_sign bool

The key may be used sign certificate revocation lists.

data_encipherment bool

The key may be used to encipher data.

decipher_only bool

The key may be used to decipher only.

digital_signature bool

The key may be used for digital signatures.

encipher_only bool

The key may be used to encipher only.

key_agreement bool

The key may be used in a key agreement protocol.

key_encipherment bool

The key may be used to encipher other keys.

certSign Boolean

The key may be used to sign certificates.

contentCommitment Boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign Boolean

The key may be used sign certificate revocation lists.

dataEncipherment Boolean

The key may be used to encipher data.

decipherOnly Boolean

The key may be used to decipher only.

digitalSignature Boolean

The key may be used for digital signatures.

encipherOnly Boolean

The key may be used to encipher only.

keyAgreement Boolean

The key may be used in a key agreement protocol.

keyEncipherment Boolean

The key may be used to encipher other keys.

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsResponse

Describes high-level ways in which a key may be used.

ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsResponse

Detailed scenarios in which a key may be used.

UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

BaseKeyUsage KeyUsageOptionsResponse

Describes high-level ways in which a key may be used.

ExtendedKeyUsage ExtendedKeyUsageOptionsResponse

Detailed scenarios in which a key may be used.

UnknownExtendedKeyUsages []ObjectIdResponse

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptionsResponse

Describes high-level ways in which a key may be used.

extendedKeyUsage ExtendedKeyUsageOptionsResponse

Detailed scenarios in which a key may be used.

unknownExtendedKeyUsages List<ObjectIdResponse>

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptionsResponse

Describes high-level ways in which a key may be used.

extendedKeyUsage ExtendedKeyUsageOptionsResponse

Detailed scenarios in which a key may be used.

unknownExtendedKeyUsages ObjectIdResponse[]

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

base_key_usage KeyUsageOptionsResponse

Describes high-level ways in which a key may be used.

extended_key_usage ExtendedKeyUsageOptionsResponse

Detailed scenarios in which a key may be used.

unknown_extended_key_usages Sequence[ObjectIdResponse]

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage Property Map

Describes high-level ways in which a key may be used.

extendedKeyUsage Property Map

Detailed scenarios in which a key may be used.

unknownExtendedKeyUsages List<Property Map>

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

Critical bool

Indicates whether or not the name constraints are marked critical.

ExcludedDnsNames List<string>

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

ExcludedEmailAddresses List<string>

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

ExcludedIpRanges List<string>

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

ExcludedUris List<string>

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

PermittedDnsNames List<string>

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

PermittedEmailAddresses List<string>

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

PermittedIpRanges List<string>

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

PermittedUris List<string>

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

Critical bool

Indicates whether or not the name constraints are marked critical.

ExcludedDnsNames []string

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

ExcludedEmailAddresses []string

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

ExcludedIpRanges []string

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

ExcludedUris []string

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

PermittedDnsNames []string

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

PermittedEmailAddresses []string

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

PermittedIpRanges []string

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

PermittedUris []string

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical Boolean

Indicates whether or not the name constraints are marked critical.

excludedDnsNames List<String>

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

excludedEmailAddresses List<String>

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

excludedIpRanges List<String>

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

excludedUris List<String>

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

permittedDnsNames List<String>

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

permittedEmailAddresses List<String>

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

permittedIpRanges List<String>

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

permittedUris List<String>

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical boolean

Indicates whether or not the name constraints are marked critical.

excludedDnsNames string[]

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

excludedEmailAddresses string[]

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

excludedIpRanges string[]

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

excludedUris string[]

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

permittedDnsNames string[]

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

permittedEmailAddresses string[]

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

permittedIpRanges string[]

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

permittedUris string[]

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical bool

Indicates whether or not the name constraints are marked critical.

excluded_dns_names Sequence[str]

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

excluded_email_addresses Sequence[str]

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

excluded_ip_ranges Sequence[str]

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

excluded_uris Sequence[str]

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

permitted_dns_names Sequence[str]

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

permitted_email_addresses Sequence[str]

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

permitted_ip_ranges Sequence[str]

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

permitted_uris Sequence[str]

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical Boolean

Indicates whether or not the name constraints are marked critical.

excludedDnsNames List<String>

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

excludedEmailAddresses List<String>

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

excludedIpRanges List<String>

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

excludedUris List<String>

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

permittedDnsNames List<String>

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

permittedEmailAddresses List<String>

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

permittedIpRanges List<String>

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

permittedUris List<String>

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

ObjectIdPath List<int>

The parts of an OID path. The most significant parts of the path come first.

ObjectIdPath []int

The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Integer>

The parts of an OID path. The most significant parts of the path come first.

objectIdPath number[]

The parts of an OID path. The most significant parts of the path come first.

object_id_path Sequence[int]

The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Number>

The parts of an OID path. The most significant parts of the path come first.

EncodingFormat string

Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.

PublishCaCert bool

Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.

PublishCrl bool

Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

EncodingFormat string

Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.

PublishCaCert bool

Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.

PublishCrl bool

Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

encodingFormat String

Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.

publishCaCert Boolean

Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.

publishCrl Boolean

Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

encodingFormat string

Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.

publishCaCert boolean

Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.

publishCrl boolean

Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

encoding_format str

Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.

publish_ca_cert bool

Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.

publish_crl bool

Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

encodingFormat String

Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.

publishCaCert Boolean

Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.

publishCrl Boolean

Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

MaxModulusSize string

Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.

MinModulusSize string

Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.

MaxModulusSize string

Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.

MinModulusSize string

Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.

maxModulusSize String

Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.

minModulusSize String

Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.

maxModulusSize string

Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.

minModulusSize string

Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.

max_modulus_size str

Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.

min_modulus_size str

Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.

maxModulusSize String

Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.

minModulusSize String

Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.

Critical bool

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse

The OID for this X.509 extension.

Value string

The value of this X.509 extension.

Critical bool

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

ObjectId ObjectIdResponse

The OID for this X.509 extension.

Value string

The value of this X.509 extension.

critical Boolean

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId ObjectIdResponse

The OID for this X.509 extension.

value String

The value of this X.509 extension.

critical boolean

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId ObjectIdResponse

The OID for this X.509 extension.

value string

The value of this X.509 extension.

critical bool

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

object_id ObjectIdResponse

The OID for this X.509 extension.

value str

The value of this X.509 extension.

critical Boolean

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId Property Map

The OID for this X.509 extension.

value String

The value of this X.509 extension.

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>

Optional. Describes custom X.509 extensions.

AiaOcspServers List<string>

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptionsResponse

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageResponse

Optional. Indicates the intended use for keys that correspond to a certificate.

NameConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.NameConstraintsResponse

Optional. Describes the X.509 name constraints extension.

PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []X509ExtensionResponse

Optional. Describes custom X.509 extensions.

AiaOcspServers []string

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

CaOptions CaOptionsResponse

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

KeyUsage KeyUsageResponse

Optional. Indicates the intended use for keys that correspond to a certificate.

NameConstraints NameConstraintsResponse

Optional. Describes the X.509 name constraints extension.

PolicyIds []ObjectIdResponse

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<X509ExtensionResponse>

Optional. Describes custom X.509 extensions.

aiaOcspServers List<String>

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions CaOptionsResponse

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

keyUsage KeyUsageResponse

Optional. Indicates the intended use for keys that correspond to a certificate.

nameConstraints NameConstraintsResponse

Optional. Describes the X.509 name constraints extension.

policyIds List<ObjectIdResponse>

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions X509ExtensionResponse[]

Optional. Describes custom X.509 extensions.

aiaOcspServers string[]

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions CaOptionsResponse

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

keyUsage KeyUsageResponse

Optional. Indicates the intended use for keys that correspond to a certificate.

nameConstraints NameConstraintsResponse

Optional. Describes the X.509 name constraints extension.

policyIds ObjectIdResponse[]

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[X509ExtensionResponse]

Optional. Describes custom X.509 extensions.

aia_ocsp_servers Sequence[str]

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

ca_options CaOptionsResponse

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

key_usage KeyUsageResponse

Optional. Indicates the intended use for keys that correspond to a certificate.

name_constraints NameConstraintsResponse

Optional. Describes the X.509 name constraints extension.

policy_ids Sequence[ObjectIdResponse]

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>

Optional. Describes custom X.509 extensions.

aiaOcspServers List<String>

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions Property Map

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

keyUsage Property Map

Optional. Indicates the intended use for keys that correspond to a certificate.

nameConstraints Property Map

Optional. Describes the X.509 name constraints extension.

policyIds List<Property Map>

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.