Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
google-native.privateca/v1.getCertificate
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
Returns a Certificate.
Using getCertificate
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCertificate(args: GetCertificateArgs, opts?: InvokeOptions): Promise<GetCertificateResult>
function getCertificateOutput(args: GetCertificateOutputArgs, opts?: InvokeOptions): Output<GetCertificateResult>
def get_certificate(ca_pool_id: Optional[str] = None,
certificate_id: Optional[str] = None,
location: Optional[str] = None,
project: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetCertificateResult
def get_certificate_output(ca_pool_id: Optional[pulumi.Input[str]] = None,
certificate_id: Optional[pulumi.Input[str]] = None,
location: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCertificateResult]
func LookupCertificate(ctx *Context, args *LookupCertificateArgs, opts ...InvokeOption) (*LookupCertificateResult, error)
func LookupCertificateOutput(ctx *Context, args *LookupCertificateOutputArgs, opts ...InvokeOption) LookupCertificateResultOutput
> Note: This function is named LookupCertificate
in the Go SDK.
public static class GetCertificate
{
public static Task<GetCertificateResult> InvokeAsync(GetCertificateArgs args, InvokeOptions? opts = null)
public static Output<GetCertificateResult> Invoke(GetCertificateInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetCertificateResult> getCertificate(GetCertificateArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: google-native:privateca/v1:getCertificate
arguments:
# arguments dictionary
The following arguments are supported:
- Ca
Pool stringId - Certificate
Id string - Location string
- Project string
- Ca
Pool stringId - Certificate
Id string - Location string
- Project string
- ca
Pool StringId - certificate
Id String - location String
- project String
- ca
Pool stringId - certificate
Id string - location string
- project string
- ca_
pool_ strid - certificate_
id str - location str
- project str
- ca
Pool StringId - certificate
Id String - location String
- project String
getCertificate Result
The following output properties are available:
- Certificate
Description Pulumi.Google Native. Privateca. V1. Outputs. Certificate Description Response - A structured description of the issued X.509 certificate.
- Certificate
Template string - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - Config
Pulumi.
Google Native. Privateca. V1. Outputs. Certificate Config Response - Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
- Create
Time string - The time at which this Certificate was created.
- string
- The resource name of the issuing CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - Labels Dictionary<string, string>
- Optional. Labels with user-defined metadata.
- Lifetime string
- Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
- Name string
- The resource name for this Certificate in the format
projects/*/locations/*/caPools/*/certificates/*
. - Pem
Certificate string - The pem-encoded, signed X.509 certificate.
- Pem
Certificate List<string>Chain - The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- Pem
Csr string - Immutable. A pem-encoded X.509 certificate signing request (CSR).
- Revocation
Details Pulumi.Google Native. Privateca. V1. Outputs. Revocation Details Response - Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- Subject
Mode string - Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the
DEFAULT
subject mode will be used. - Update
Time string - The time at which this Certificate was updated.
- Certificate
Description CertificateDescription Response - A structured description of the issued X.509 certificate.
- Certificate
Template string - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - Config
Certificate
Config Response - Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
- Create
Time string - The time at which this Certificate was created.
- string
- The resource name of the issuing CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - Labels map[string]string
- Optional. Labels with user-defined metadata.
- Lifetime string
- Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
- Name string
- The resource name for this Certificate in the format
projects/*/locations/*/caPools/*/certificates/*
. - Pem
Certificate string - The pem-encoded, signed X.509 certificate.
- Pem
Certificate []stringChain - The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- Pem
Csr string - Immutable. A pem-encoded X.509 certificate signing request (CSR).
- Revocation
Details RevocationDetails Response - Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- Subject
Mode string - Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the
DEFAULT
subject mode will be used. - Update
Time string - The time at which this Certificate was updated.
- certificate
Description CertificateDescription Response - A structured description of the issued X.509 certificate.
- certificate
Template String - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - config
Certificate
Config Response - Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
- create
Time String - The time at which this Certificate was created.
- String
- The resource name of the issuing CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - labels Map<String,String>
- Optional. Labels with user-defined metadata.
- lifetime String
- Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
- name String
- The resource name for this Certificate in the format
projects/*/locations/*/caPools/*/certificates/*
. - pem
Certificate String - The pem-encoded, signed X.509 certificate.
- pem
Certificate List<String>Chain - The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem
Csr String - Immutable. A pem-encoded X.509 certificate signing request (CSR).
- revocation
Details RevocationDetails Response - Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- subject
Mode String - Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the
DEFAULT
subject mode will be used. - update
Time String - The time at which this Certificate was updated.
- certificate
Description CertificateDescription Response - A structured description of the issued X.509 certificate.
- certificate
Template string - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - config
Certificate
Config Response - Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
- create
Time string - The time at which this Certificate was created.
- string
- The resource name of the issuing CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - labels {[key: string]: string}
- Optional. Labels with user-defined metadata.
- lifetime string
- Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
- name string
- The resource name for this Certificate in the format
projects/*/locations/*/caPools/*/certificates/*
. - pem
Certificate string - The pem-encoded, signed X.509 certificate.
- pem
Certificate string[]Chain - The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem
Csr string - Immutable. A pem-encoded X.509 certificate signing request (CSR).
- revocation
Details RevocationDetails Response - Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- subject
Mode string - Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the
DEFAULT
subject mode will be used. - update
Time string - The time at which this Certificate was updated.
- certificate_
description CertificateDescription Response - A structured description of the issued X.509 certificate.
- certificate_
template str - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - config
Certificate
Config Response - Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
- create_
time str - The time at which this Certificate was created.
- str
- The resource name of the issuing CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - labels Mapping[str, str]
- Optional. Labels with user-defined metadata.
- lifetime str
- Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
- name str
- The resource name for this Certificate in the format
projects/*/locations/*/caPools/*/certificates/*
. - pem_
certificate str - The pem-encoded, signed X.509 certificate.
- pem_
certificate_ Sequence[str]chain - The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem_
csr str - Immutable. A pem-encoded X.509 certificate signing request (CSR).
- revocation_
details RevocationDetails Response - Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- subject_
mode str - Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the
DEFAULT
subject mode will be used. - update_
time str - The time at which this Certificate was updated.
- certificate
Description Property Map - A structured description of the issued X.509 certificate.
- certificate
Template String - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - config Property Map
- Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
- create
Time String - The time at which this Certificate was created.
- String
- The resource name of the issuing CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - labels Map<String>
- Optional. Labels with user-defined metadata.
- lifetime String
- Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
- name String
- The resource name for this Certificate in the format
projects/*/locations/*/caPools/*/certificates/*
. - pem
Certificate String - The pem-encoded, signed X.509 certificate.
- pem
Certificate List<String>Chain - The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem
Csr String - Immutable. A pem-encoded X.509 certificate signing request (CSR).
- revocation
Details Property Map - Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- subject
Mode String - Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the
DEFAULT
subject mode will be used. - update
Time String - The time at which this Certificate was updated.
Supporting Types
CaOptionsResponse
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CertificateConfigResponse
- Public
Key Pulumi.Google Native. Privateca. V1. Inputs. Public Key Response - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- Subject
Config Pulumi.Google Native. Privateca. V1. Inputs. Subject Config Response - Specifies some of the values in a certificate that are related to the subject.
- X509Config
Pulumi.
Google Native. Privateca. V1. Inputs. X509Parameters Response - Describes how some of the technical X.509 fields in a certificate should be populated.
- Public
Key PublicKey Response - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- Subject
Config SubjectConfig Response - Specifies some of the values in a certificate that are related to the subject.
- X509Config
X509Parameters
Response - Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key PublicKey Response - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config SubjectConfig Response - Specifies some of the values in a certificate that are related to the subject.
- x509Config
X509Parameters
Response - Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key PublicKey Response - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config SubjectConfig Response - Specifies some of the values in a certificate that are related to the subject.
- x509Config
X509Parameters
Response - Describes how some of the technical X.509 fields in a certificate should be populated.
- public_
key PublicKey Response - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject_
config SubjectConfig Response - Specifies some of the values in a certificate that are related to the subject.
- x509_
config X509ParametersResponse - Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key Property Map - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config Property Map - Specifies some of the values in a certificate that are related to the subject.
- x509Config Property Map
- Describes how some of the technical X.509 fields in a certificate should be populated.
CertificateDescriptionResponse
- Aia
Issuing List<string>Certificate Urls - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Pulumi.
Google Native. Privateca. V1. Inputs. Key Id Response - Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- Cert
Fingerprint Pulumi.Google Native. Privateca. V1. Inputs. Certificate Fingerprint Response - The hash of the x.509 certificate.
- Crl
Distribution List<string>Points - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- Public
Key Pulumi.Google Native. Privateca. V1. Inputs. Public Key Response - The public key that corresponds to an issued certificate.
- Subject
Description Pulumi.Google Native. Privateca. V1. Inputs. Subject Description Response - Describes some of the values in a certificate that are related to the subject and lifetime.
- Subject
Key Pulumi.Id Google Native. Privateca. V1. Inputs. Key Id Response - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- X509Description
Pulumi.
Google Native. Privateca. V1. Inputs. X509Parameters Response - Describes some of the technical X.509 fields in a certificate.
- Aia
Issuing []stringCertificate Urls - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Key
Id Response - Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- Cert
Fingerprint CertificateFingerprint Response - The hash of the x.509 certificate.
- Crl
Distribution []stringPoints - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- Public
Key PublicKey Response - The public key that corresponds to an issued certificate.
- Subject
Description SubjectDescription Response - Describes some of the values in a certificate that are related to the subject and lifetime.
- Subject
Key KeyId Id Response - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- X509Description
X509Parameters
Response - Describes some of the technical X.509 fields in a certificate.
- aia
Issuing List<String>Certificate Urls - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Key
Id Response - Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert
Fingerprint CertificateFingerprint Response - The hash of the x.509 certificate.
- crl
Distribution List<String>Points - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public
Key PublicKey Response - The public key that corresponds to an issued certificate.
- subject
Description SubjectDescription Response - Describes some of the values in a certificate that are related to the subject and lifetime.
- subject
Key KeyId Id Response - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description
X509Parameters
Response - Describes some of the technical X.509 fields in a certificate.
- aia
Issuing string[]Certificate Urls - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Key
Id Response - Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert
Fingerprint CertificateFingerprint Response - The hash of the x.509 certificate.
- crl
Distribution string[]Points - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public
Key PublicKey Response - The public key that corresponds to an issued certificate.
- subject
Description SubjectDescription Response - Describes some of the values in a certificate that are related to the subject and lifetime.
- subject
Key KeyId Id Response - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description
X509Parameters
Response - Describes some of the technical X.509 fields in a certificate.
- aia_
issuing_ Sequence[str]certificate_ urls - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Key
Id Response - Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert_
fingerprint CertificateFingerprint Response - The hash of the x.509 certificate.
- crl_
distribution_ Sequence[str]points - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public_
key PublicKey Response - The public key that corresponds to an issued certificate.
- subject_
description SubjectDescription Response - Describes some of the values in a certificate that are related to the subject and lifetime.
- subject_
key_ Keyid Id Response - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509_
description X509ParametersResponse - Describes some of the technical X.509 fields in a certificate.
- aia
Issuing List<String>Certificate Urls - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Property Map
- Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert
Fingerprint Property Map - The hash of the x.509 certificate.
- crl
Distribution List<String>Points - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public
Key Property Map - The public key that corresponds to an issued certificate.
- subject
Description Property Map - Describes some of the values in a certificate that are related to the subject and lifetime.
- subject
Key Property MapId - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description Property Map
- Describes some of the technical X.509 fields in a certificate.
CertificateFingerprintResponse
- Sha256Hash string
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- Sha256Hash string
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash String
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash string
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256_
hash str - The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash String
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
ExtendedKeyUsageOptionsResponse
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
KeyIdResponse
- Key
Id string - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- Key
Id string - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key
Id String - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key
Id string - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key_
id str - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key
Id String - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
KeyUsageOptionsResponse
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- Cert
Sign bool - The key may be used to sign certificates.
- Content
Commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool - The key may be used sign certificate revocation lists.
- Data
Encipherment bool - The key may be used to encipher data.
- Decipher
Only bool - The key may be used to decipher only.
- Digital
Signature bool - The key may be used for digital signatures.
- Encipher
Only bool - The key may be used to encipher only.
- Key
Agreement bool - The key may be used in a key agreement protocol.
- Key
Encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
- cert
Sign boolean - The key may be used to sign certificates.
- content
Commitment boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean - The key may be used sign certificate revocation lists.
- data
Encipherment boolean - The key may be used to encipher data.
- decipher
Only boolean - The key may be used to decipher only.
- digital
Signature boolean - The key may be used for digital signatures.
- encipher
Only boolean - The key may be used to encipher only.
- key
Agreement boolean - The key may be used in a key agreement protocol.
- key
Encipherment boolean - The key may be used to encipher other keys.
- cert_
sign bool - The key may be used to sign certificates.
- content_
commitment bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool - The key may be used sign certificate revocation lists.
- data_
encipherment bool - The key may be used to encipher data.
- decipher_
only bool - The key may be used to decipher only.
- digital_
signature bool - The key may be used for digital signatures.
- encipher_
only bool - The key may be used to encipher only.
- key_
agreement bool - The key may be used in a key agreement protocol.
- key_
encipherment bool - The key may be used to encipher other keys.
- cert
Sign Boolean - The key may be used to sign certificates.
- content
Commitment Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment Boolean - The key may be used to encipher data.
- decipher
Only Boolean - The key may be used to decipher only.
- digital
Signature Boolean - The key may be used for digital signatures.
- encipher
Only Boolean - The key may be used to encipher only.
- key
Agreement Boolean - The key may be used in a key agreement protocol.
- key
Encipherment Boolean - The key may be used to encipher other keys.
KeyUsageResponse
- Base
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options Response - Describes high-level ways in which a key may be used.
- Extended
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options Response - Detailed scenarios in which a key may be used.
- Unknown
Extended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id Response> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key KeyUsage Usage Options Response - Describes high-level ways in which a key may be used.
- Extended
Key ExtendedUsage Key Usage Options Response - Detailed scenarios in which a key may be used.
- Unknown
Extended []ObjectKey Usages Id Response - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Response - Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Response - Detailed scenarios in which a key may be used.
- unknown
Extended List<ObjectKey Usages Id Response> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Response - Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Response - Detailed scenarios in which a key may be used.
- unknown
Extended ObjectKey Usages Id Response[] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ Keyusage Usage Options Response - Describes high-level ways in which a key may be used.
- extended_
key_ Extendedusage Key Usage Options Response - Detailed scenarios in which a key may be used.
- unknown_
extended_ Sequence[Objectkey_ usages Id Response] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Property MapUsage - Describes high-level ways in which a key may be used.
- extended
Key Property MapUsage - Detailed scenarios in which a key may be used.
- unknown
Extended List<Property Map>Key Usages - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
NameConstraintsResponse
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns List<string>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email List<string>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip List<string>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris List<string> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns List<string>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email List<string>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip List<string>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris List<string> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- Excluded
Dns []stringNames - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email []stringAddresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip []stringRanges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris []string - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns []stringNames - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email []stringAddresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip []stringRanges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris []string - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns string[]Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email string[]Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip string[]Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris string[] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns string[]Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email string[]Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip string[]Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris string[] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical bool
- Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ Sequence[str]names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded_
email_ Sequence[str]addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded_
ip_ Sequence[str]ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris Sequence[str] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted_
dns_ Sequence[str]names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted_
email_ Sequence[str]addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted_
ip_ Sequence[str]ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris Sequence[str] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email List<String>Addresses - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip List<String>Ranges - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns List<String>Names - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email List<String>Addresses - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip List<String>Ranges - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
ObjectIdResponse
- Object
Id List<int>Path - The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPath - The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Path - The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Path - The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]path - The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Path - The parts of an OID path. The most significant parts of the path come first.
PublicKeyResponse
RevocationDetailsResponse
- Revocation
State string - Indicates why a Certificate was revoked.
- Revocation
Time string - The time at which this Certificate was revoked.
- Revocation
State string - Indicates why a Certificate was revoked.
- Revocation
Time string - The time at which this Certificate was revoked.
- revocation
State String - Indicates why a Certificate was revoked.
- revocation
Time String - The time at which this Certificate was revoked.
- revocation
State string - Indicates why a Certificate was revoked.
- revocation
Time string - The time at which this Certificate was revoked.
- revocation_
state str - Indicates why a Certificate was revoked.
- revocation_
time str - The time at which this Certificate was revoked.
- revocation
State String - Indicates why a Certificate was revoked.
- revocation
Time String - The time at which this Certificate was revoked.
SubjectAltNamesResponse
- Custom
Sans List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - Dns
Names List<string> - Contains only valid, fully-qualified host names.
- Email
Addresses List<string> - Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses List<string> - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris List<string>
- Contains only valid RFC 3986 URIs.
- Custom
Sans []X509ExtensionResponse - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - Dns
Names []string - Contains only valid, fully-qualified host names.
- Email
Addresses []string - Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses []string - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris []string
- Contains only valid RFC 3986 URIs.
- custom
Sans List<X509ExtensionResponse> - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - dns
Names List<String> - Contains only valid, fully-qualified host names.
- email
Addresses List<String> - Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
- Contains only valid RFC 3986 URIs.
- custom
Sans X509ExtensionResponse[] - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - dns
Names string[] - Contains only valid, fully-qualified host names.
- email
Addresses string[] - Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses string[] - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris string[]
- Contains only valid RFC 3986 URIs.
- custom_
sans Sequence[X509ExtensionResponse] - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - dns_
names Sequence[str] - Contains only valid, fully-qualified host names.
- email_
addresses Sequence[str] - Contains only valid RFC 2822 E-mail addresses.
- ip_
addresses Sequence[str] - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris Sequence[str]
- Contains only valid RFC 3986 URIs.
- custom
Sans List<Property Map> - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - dns
Names List<String> - Contains only valid, fully-qualified host names.
- email
Addresses List<String> - Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
- Contains only valid RFC 3986 URIs.
SubjectConfigResponse
- Subject
Pulumi.
Google Native. Privateca. V1. Inputs. Subject Response - Optional. Contains distinguished name fields such as the common name, location and organization.
- Subject
Alt Pulumi.Name Google Native. Privateca. V1. Inputs. Subject Alt Names Response - Optional. The subject alternative name fields.
- Subject
Subject
Response - Optional. Contains distinguished name fields such as the common name, location and organization.
- Subject
Alt SubjectName Alt Names Response - Optional. The subject alternative name fields.
- subject
Subject
Response - Optional. Contains distinguished name fields such as the common name, location and organization.
- subject
Alt SubjectName Alt Names Response - Optional. The subject alternative name fields.
- subject
Subject
Response - Optional. Contains distinguished name fields such as the common name, location and organization.
- subject
Alt SubjectName Alt Names Response - Optional. The subject alternative name fields.
- subject
Subject
Response - Optional. Contains distinguished name fields such as the common name, location and organization.
- subject_
alt_ Subjectname Alt Names Response - Optional. The subject alternative name fields.
- subject Property Map
- Optional. Contains distinguished name fields such as the common name, location and organization.
- subject
Alt Property MapName - Optional. The subject alternative name fields.
SubjectDescriptionResponse
- Hex
Serial stringNumber - The serial number encoded in lowercase hexadecimal.
- Lifetime string
- For convenience, the actual lifetime of an issued certificate.
- Not
After stringTime - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- Not
Before stringTime - The time at which the certificate becomes valid.
- Subject
Pulumi.
Google Native. Privateca. V1. Inputs. Subject Response - Contains distinguished name fields such as the common name, location and / organization.
- Subject
Alt Pulumi.Name Google Native. Privateca. V1. Inputs. Subject Alt Names Response - The subject alternative name fields.
- Hex
Serial stringNumber - The serial number encoded in lowercase hexadecimal.
- Lifetime string
- For convenience, the actual lifetime of an issued certificate.
- Not
After stringTime - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- Not
Before stringTime - The time at which the certificate becomes valid.
- Subject
Subject
Response - Contains distinguished name fields such as the common name, location and / organization.
- Subject
Alt SubjectName Alt Names Response - The subject alternative name fields.
- hex
Serial StringNumber - The serial number encoded in lowercase hexadecimal.
- lifetime String
- For convenience, the actual lifetime of an issued certificate.
- not
After StringTime - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not
Before StringTime - The time at which the certificate becomes valid.
- subject
Subject
Response - Contains distinguished name fields such as the common name, location and / organization.
- subject
Alt SubjectName Alt Names Response - The subject alternative name fields.
- hex
Serial stringNumber - The serial number encoded in lowercase hexadecimal.
- lifetime string
- For convenience, the actual lifetime of an issued certificate.
- not
After stringTime - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not
Before stringTime - The time at which the certificate becomes valid.
- subject
Subject
Response - Contains distinguished name fields such as the common name, location and / organization.
- subject
Alt SubjectName Alt Names Response - The subject alternative name fields.
- hex_
serial_ strnumber - The serial number encoded in lowercase hexadecimal.
- lifetime str
- For convenience, the actual lifetime of an issued certificate.
- not_
after_ strtime - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not_
before_ strtime - The time at which the certificate becomes valid.
- subject
Subject
Response - Contains distinguished name fields such as the common name, location and / organization.
- subject_
alt_ Subjectname Alt Names Response - The subject alternative name fields.
- hex
Serial StringNumber - The serial number encoded in lowercase hexadecimal.
- lifetime String
- For convenience, the actual lifetime of an issued certificate.
- not
After StringTime - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not
Before StringTime - The time at which the certificate becomes valid.
- subject Property Map
- Contains distinguished name fields such as the common name, location and / organization.
- subject
Alt Property MapName - The subject alternative name fields.
SubjectResponse
- Common
Name string - The "common name" of the subject.
- Country
Code string - The country code of the subject.
- Locality string
- The locality or city of the subject.
- Organization string
- The organization of the subject.
- Organizational
Unit string - The organizational_unit of the subject.
- Postal
Code string - The postal code of the subject.
- Province string
- The province, territory, or regional state of the subject.
- Street
Address string - The street address of the subject.
- Common
Name string - The "common name" of the subject.
- Country
Code string - The country code of the subject.
- Locality string
- The locality or city of the subject.
- Organization string
- The organization of the subject.
- Organizational
Unit string - The organizational_unit of the subject.
- Postal
Code string - The postal code of the subject.
- Province string
- The province, territory, or regional state of the subject.
- Street
Address string - The street address of the subject.
- common
Name String - The "common name" of the subject.
- country
Code String - The country code of the subject.
- locality String
- The locality or city of the subject.
- organization String
- The organization of the subject.
- organizational
Unit String - The organizational_unit of the subject.
- postal
Code String - The postal code of the subject.
- province String
- The province, territory, or regional state of the subject.
- street
Address String - The street address of the subject.
- common
Name string - The "common name" of the subject.
- country
Code string - The country code of the subject.
- locality string
- The locality or city of the subject.
- organization string
- The organization of the subject.
- organizational
Unit string - The organizational_unit of the subject.
- postal
Code string - The postal code of the subject.
- province string
- The province, territory, or regional state of the subject.
- street
Address string - The street address of the subject.
- common_
name str - The "common name" of the subject.
- country_
code str - The country code of the subject.
- locality str
- The locality or city of the subject.
- organization str
- The organization of the subject.
- organizational_
unit str - The organizational_unit of the subject.
- postal_
code str - The postal code of the subject.
- province str
- The province, territory, or regional state of the subject.
- street_
address str - The street address of the subject.
- common
Name String - The "common name" of the subject.
- country
Code String - The country code of the subject.
- locality String
- The locality or city of the subject.
- organization String
- The organization of the subject.
- organizational
Unit String - The organizational_unit of the subject.
- postal
Code String - The postal code of the subject.
- province String
- The province, territory, or regional state of the subject.
- street
Address String - The street address of the subject.
X509ExtensionResponse
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response - The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id ObjectId Response - The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id ObjectId Response - The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
- critical boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id ObjectId Response - The OID for this X.509 extension.
- value string
- The value of this X.509 extension.
- critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
id ObjectId Response - The OID for this X.509 extension.
- value str
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map - The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
X509ParametersResponse
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> - Optional. Describes custom X.509 extensions.
- Aia
Ocsp List<string>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options Pulumi.Google Native. Privateca. V1. Inputs. Ca Options Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints Response - Optional. Describes the X.509 name constraints extension.
- Policy
Ids List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []X509ExtensionResponse - Optional. Describes custom X.509 extensions.
- Aia
Ocsp []stringServers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- Policy
Ids []ObjectId Response - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<X509ExtensionResponse> - Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy
Ids List<ObjectId Response> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions X509ExtensionResponse[] - Optional. Describes custom X.509 extensions.
- aia
Ocsp string[]Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy
Ids ObjectId Response[] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[X509ExtensionResponse] - Optional. Describes custom X.509 extensions.
- aia_
ocsp_ Sequence[str]servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name_
constraints NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy_
ids Sequence[ObjectId Response] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> - Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage Property Map - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints Property Map - Optional. Describes the X.509 name constraints extension.
- policy
Ids List<Property Map> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi