Google Cloud Classic v7.19.0, Apr 18 24

Google Cloud Classic v7.19.0 published on Thursday, Apr 18, 2024 by Pulumi

gcp.certificateauthority.CertificateTemplate

Explore with Pulumi AI

Google Cloud Classic v7.19.0 published on Thursday, Apr 18, 2024 by Pulumi

Certificate Authority Service provides reusable and parameterized templates that you can use for common certificate issuance scenarios. A certificate template represents a relatively static and well-defined certificate issuance schema within an organization. A certificate template can essentially become a full-fledged vertical certificate issuance framework.

For more information, see:

Example Usage

Basic_certificate_template

An example of a basic privateca certificate template

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const primary = new gcp.certificateauthority.CertificateTemplate("primary", {
    location: "us-west1",
    name: "template",
    description: "An updated sample certificate template",
    identityConstraints: {
        allowSubjectAltNamesPassthrough: true,
        allowSubjectPassthrough: true,
        celExpression: {
            description: "Always true",
            expression: "true",
            location: "any.file.anywhere",
            title: "Sample expression",
        },
    },
    passthroughExtensions: {
        additionalExtensions: [{
            objectIdPaths: [
                1,
                6,
            ],
        }],
        knownExtensions: ["EXTENDED_KEY_USAGE"],
    },
    predefinedValues: {
        additionalExtensions: [{
            objectId: {
                objectIdPaths: [
                    1,
                    6,
                ],
            },
            value: "c3RyaW5nCg==",
            critical: true,
        }],
        aiaOcspServers: ["string"],
        caOptions: {
            isCa: false,
            maxIssuerPathLength: 6,
        },
        keyUsage: {
            baseKeyUsage: {
                certSign: false,
                contentCommitment: true,
                crlSign: false,
                dataEncipherment: true,
                decipherOnly: true,
                digitalSignature: true,
                encipherOnly: true,
                keyAgreement: true,
                keyEncipherment: true,
            },
            extendedKeyUsage: {
                clientAuth: true,
                codeSigning: true,
                emailProtection: true,
                ocspSigning: true,
                serverAuth: true,
                timeStamping: true,
            },
            unknownExtendedKeyUsages: [{
                objectIdPaths: [
                    1,
                    6,
                ],
            }],
        },
        policyIds: [{
            objectIdPaths: [
                1,
                6,
            ],
        }],
    },
    project: "my-project-name",
    labels: {
        "label-two": "value-two",
    },
});

import pulumi
import pulumi_gcp as gcp

primary = gcp.certificateauthority.CertificateTemplate("primary",
    location="us-west1",
    name="template",
    description="An updated sample certificate template",
    identity_constraints=gcp.certificateauthority.CertificateTemplateIdentityConstraintsArgs(
        allow_subject_alt_names_passthrough=True,
        allow_subject_passthrough=True,
        cel_expression=gcp.certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs(
            description="Always true",
            expression="true",
            location="any.file.anywhere",
            title="Sample expression",
        ),
    ),
    passthrough_extensions=gcp.certificateauthority.CertificateTemplatePassthroughExtensionsArgs(
        additional_extensions=[gcp.certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs(
            object_id_paths=[
                1,
                6,
            ],
        )],
        known_extensions=["EXTENDED_KEY_USAGE"],
    ),
    predefined_values=gcp.certificateauthority.CertificateTemplatePredefinedValuesArgs(
        additional_extensions=[gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs(
            object_id=gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs(
                object_id_paths=[
                    1,
                    6,
                ],
            ),
            value="c3RyaW5nCg==",
            critical=True,
        )],
        aia_ocsp_servers=["string"],
        ca_options=gcp.certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs(
            is_ca=False,
            max_issuer_path_length=6,
        ),
        key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs(
            base_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs(
                cert_sign=False,
                content_commitment=True,
                crl_sign=False,
                data_encipherment=True,
                decipher_only=True,
                digital_signature=True,
                encipher_only=True,
                key_agreement=True,
                key_encipherment=True,
            ),
            extended_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs(
                client_auth=True,
                code_signing=True,
                email_protection=True,
                ocsp_signing=True,
                server_auth=True,
                time_stamping=True,
            ),
            unknown_extended_key_usages=[gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs(
                object_id_paths=[
                    1,
                    6,
                ],
            )],
        ),
        policy_ids=[gcp.certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs(
            object_id_paths=[
                1,
                6,
            ],
        )],
    ),
    project="my-project-name",
    labels={
        "label-two": "value-two",
    })

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := certificateauthority.NewCertificateTemplate(ctx, "primary", &certificateauthority.CertificateTemplateArgs{
			Location:    pulumi.String("us-west1"),
			Name:        pulumi.String("template"),
			Description: pulumi.String("An updated sample certificate template"),
			IdentityConstraints: &certificateauthority.CertificateTemplateIdentityConstraintsArgs{
				AllowSubjectAltNamesPassthrough: pulumi.Bool(true),
				AllowSubjectPassthrough:         pulumi.Bool(true),
				CelExpression: &certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs{
					Description: pulumi.String("Always true"),
					Expression:  pulumi.String("true"),
					Location:    pulumi.String("any.file.anywhere"),
					Title:       pulumi.String("Sample expression"),
				},
			},
			PassthroughExtensions: &certificateauthority.CertificateTemplatePassthroughExtensionsArgs{
				AdditionalExtensions: certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArray{
					&certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs{
						ObjectIdPaths: pulumi.IntArray{
							pulumi.Int(1),
							pulumi.Int(6),
						},
					},
				},
				KnownExtensions: pulumi.StringArray{
					pulumi.String("EXTENDED_KEY_USAGE"),
				},
			},
			PredefinedValues: &certificateauthority.CertificateTemplatePredefinedValuesArgs{
				AdditionalExtensions: certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArray{
					&certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs{
						ObjectId: &certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs{
							ObjectIdPaths: pulumi.IntArray{
								pulumi.Int(1),
								pulumi.Int(6),
							},
						},
						Value:    pulumi.String("c3RyaW5nCg=="),
						Critical: pulumi.Bool(true),
					},
				},
				AiaOcspServers: pulumi.StringArray{
					pulumi.String("string"),
				},
				CaOptions: &certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs{
					IsCa:                pulumi.Bool(false),
					MaxIssuerPathLength: pulumi.Int(6),
				},
				KeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs{
					BaseKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs{
						CertSign:          pulumi.Bool(false),
						ContentCommitment: pulumi.Bool(true),
						CrlSign:           pulumi.Bool(false),
						DataEncipherment:  pulumi.Bool(true),
						DecipherOnly:      pulumi.Bool(true),
						DigitalSignature:  pulumi.Bool(true),
						EncipherOnly:      pulumi.Bool(true),
						KeyAgreement:      pulumi.Bool(true),
						KeyEncipherment:   pulumi.Bool(true),
					},
					ExtendedKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs{
						ClientAuth:      pulumi.Bool(true),
						CodeSigning:     pulumi.Bool(true),
						EmailProtection: pulumi.Bool(true),
						OcspSigning:     pulumi.Bool(true),
						ServerAuth:      pulumi.Bool(true),
						TimeStamping:    pulumi.Bool(true),
					},
					UnknownExtendedKeyUsages: certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArray{
						&certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs{
							ObjectIdPaths: pulumi.IntArray{
								pulumi.Int(1),
								pulumi.Int(6),
							},
						},
					},
				},
				PolicyIds: certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArray{
					&certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs{
						ObjectIdPaths: pulumi.IntArray{
							pulumi.Int(1),
							pulumi.Int(6),
						},
					},
				},
			},
			Project: pulumi.String("my-project-name"),
			Labels: pulumi.StringMap{
				"label-two": pulumi.String("value-two"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var primary = new Gcp.CertificateAuthority.CertificateTemplate("primary", new()
    {
        Location = "us-west1",
        Name = "template",
        Description = "An updated sample certificate template",
        IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsArgs
        {
            AllowSubjectAltNamesPassthrough = true,
            AllowSubjectPassthrough = true,
            CelExpression = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs
            {
                Description = "Always true",
                Expression = "true",
                Location = "any.file.anywhere",
                Title = "Sample expression",
            },
        },
        PassthroughExtensions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsArgs
        {
            AdditionalExtensions = new[]
            {
                new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs
                {
                    ObjectIdPaths = new[]
                    {
                        1,
                        6,
                    },
                },
            },
            KnownExtensions = new[]
            {
                "EXTENDED_KEY_USAGE",
            },
        },
        PredefinedValues = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesArgs
        {
            AdditionalExtensions = new[]
            {
                new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionArgs
                {
                    ObjectId = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs
                    {
                        ObjectIdPaths = new[]
                        {
                            1,
                            6,
                        },
                    },
                    Value = "c3RyaW5nCg==",
                    Critical = true,
                },
            },
            AiaOcspServers = new[]
            {
                "string",
            },
            CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesCaOptionsArgs
            {
                IsCa = false,
                MaxIssuerPathLength = 6,
            },
            KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageArgs
            {
                BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs
                {
                    CertSign = false,
                    ContentCommitment = true,
                    CrlSign = false,
                    DataEncipherment = true,
                    DecipherOnly = true,
                    DigitalSignature = true,
                    EncipherOnly = true,
                    KeyAgreement = true,
                    KeyEncipherment = true,
                },
                ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs
                {
                    ClientAuth = true,
                    CodeSigning = true,
                    EmailProtection = true,
                    OcspSigning = true,
                    ServerAuth = true,
                    TimeStamping = true,
                },
                UnknownExtendedKeyUsages = new[]
                {
                    new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs
                    {
                        ObjectIdPaths = new[]
                        {
                            1,
                            6,
                        },
                    },
                },
            },
            PolicyIds = new[]
            {
                new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesPolicyIdArgs
                {
                    ObjectIdPaths = new[]
                    {
                        1,
                        6,
                    },
                },
            },
        },
        Project = "my-project-name",
        Labels = 
        {
            { "label-two", "value-two" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CertificateTemplate;
import com.pulumi.gcp.certificateauthority.CertificateTemplateArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePassthroughExtensionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var primary = new CertificateTemplate("primary", CertificateTemplateArgs.builder()        
            .location("us-west1")
            .name("template")
            .description("An updated sample certificate template")
            .identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
                .allowSubjectAltNamesPassthrough(true)
                .allowSubjectPassthrough(true)
                .celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
                    .description("Always true")
                    .expression("true")
                    .location("any.file.anywhere")
                    .title("Sample expression")
                    .build())
                .build())
            .passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
                .additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
                    .objectIdPaths(                    
                        1,
                        6)
                    .build())
                .knownExtensions("EXTENDED_KEY_USAGE")
                .build())
            .predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
                .additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
                    .objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
                        .objectIdPaths(                        
                            1,
                            6)
                        .build())
                    .value("c3RyaW5nCg==")
                    .critical(true)
                    .build())
                .aiaOcspServers("string")
                .caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
                    .isCa(false)
                    .maxIssuerPathLength(6)
                    .build())
                .keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
                    .baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
                        .certSign(false)
                        .contentCommitment(true)
                        .crlSign(false)
                        .dataEncipherment(true)
                        .decipherOnly(true)
                        .digitalSignature(true)
                        .encipherOnly(true)
                        .keyAgreement(true)
                        .keyEncipherment(true)
                        .build())
                    .extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
                        .clientAuth(true)
                        .codeSigning(true)
                        .emailProtection(true)
                        .ocspSigning(true)
                        .serverAuth(true)
                        .timeStamping(true)
                        .build())
                    .unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
                        .objectIdPaths(                        
                            1,
                            6)
                        .build())
                    .build())
                .policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
                    .objectIdPaths(                    
                        1,
                        6)
                    .build())
                .build())
            .project("my-project-name")
            .labels(Map.of("label-two", "value-two"))
            .build());

    }
}

resources:
  primary:
    type: gcp:certificateauthority:CertificateTemplate
    properties:
      location: us-west1
      name: template
      description: An updated sample certificate template
      identityConstraints:
        allowSubjectAltNamesPassthrough: true
        allowSubjectPassthrough: true
        celExpression:
          description: Always true
          expression: 'true'
          location: any.file.anywhere
          title: Sample expression
      passthroughExtensions:
        additionalExtensions:
          - objectIdPaths:
              - 1
              - 6
        knownExtensions:
          - EXTENDED_KEY_USAGE
      predefinedValues:
        additionalExtensions:
          - objectId:
              objectIdPaths:
                - 1
                - 6
            value: c3RyaW5nCg==
            critical: true
        aiaOcspServers:
          - string
        caOptions:
          isCa: false
          maxIssuerPathLength: 6
        keyUsage:
          baseKeyUsage:
            certSign: false
            contentCommitment: true
            crlSign: false
            dataEncipherment: true
            decipherOnly: true
            digitalSignature: true
            encipherOnly: true
            keyAgreement: true
            keyEncipherment: true
          extendedKeyUsage:
            clientAuth: true
            codeSigning: true
            emailProtection: true
            ocspSigning: true
            serverAuth: true
            timeStamping: true
          unknownExtendedKeyUsages:
            - objectIdPaths:
                - 1
                - 6
        policyIds:
          - objectIdPaths:
              - 1
              - 6
      project: my-project-name
      labels:
        label-two: value-two

Create CertificateTemplate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new CertificateTemplate(name: string, args: CertificateTemplateArgs, opts?: CustomResourceOptions);

@overload
def CertificateTemplate(resource_name: str,
                        args: CertificateTemplateArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def CertificateTemplate(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        location: Optional[str] = None,
                        description: Optional[str] = None,
                        identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
                        labels: Optional[Mapping[str, str]] = None,
                        name: Optional[str] = None,
                        passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
                        predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
                        project: Optional[str] = None)

func NewCertificateTemplate(ctx *Context, name string, args CertificateTemplateArgs, opts ...ResourceOption) (*CertificateTemplate, error)

public CertificateTemplate(string name, CertificateTemplateArgs args, CustomResourceOptions? opts = null)

public CertificateTemplate(String name, CertificateTemplateArgs args)
public CertificateTemplate(String name, CertificateTemplateArgs args, CustomResourceOptions options)

type: gcp:certificateauthority:CertificateTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args CertificateTemplateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertificateTemplateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertificateTemplateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateTemplateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertificateTemplateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Example

The following reference example uses placeholder values for all input properties.

var certificateTemplateResource = new Gcp.CertificateAuthority.CertificateTemplate("certificateTemplateResource", new()
{
    Location = "string",
    Description = "string",
    IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsArgs
    {
        AllowSubjectAltNamesPassthrough = false,
        AllowSubjectPassthrough = false,
        CelExpression = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs
        {
            Description = "string",
            Expression = "string",
            Location = "string",
            Title = "string",
        },
    },
    Labels = 
    {
        { "string", "string" },
    },
    Name = "string",
    PassthroughExtensions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsArgs
    {
        AdditionalExtensions = new[]
        {
            new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs
            {
                ObjectIdPaths = new[]
                {
                    0,
                },
            },
        },
        KnownExtensions = new[]
        {
            "string",
        },
    },
    PredefinedValues = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesArgs
    {
        AdditionalExtensions = new[]
        {
            new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionArgs
            {
                ObjectId = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs
                {
                    ObjectIdPaths = new[]
                    {
                        0,
                    },
                },
                Value = "string",
                Critical = false,
            },
        },
        AiaOcspServers = new[]
        {
            "string",
        },
        CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesCaOptionsArgs
        {
            IsCa = false,
            MaxIssuerPathLength = 0,
        },
        KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageArgs
        {
            BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs
            {
                CertSign = false,
                ContentCommitment = false,
                CrlSign = false,
                DataEncipherment = false,
                DecipherOnly = false,
                DigitalSignature = false,
                EncipherOnly = false,
                KeyAgreement = false,
                KeyEncipherment = false,
            },
            ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs
            {
                ClientAuth = false,
                CodeSigning = false,
                EmailProtection = false,
                OcspSigning = false,
                ServerAuth = false,
                TimeStamping = false,
            },
            UnknownExtendedKeyUsages = new[]
            {
                new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs
                {
                    ObjectIdPaths = new[]
                    {
                        0,
                    },
                },
            },
        },
        PolicyIds = new[]
        {
            new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesPolicyIdArgs
            {
                ObjectIdPaths = new[]
                {
                    0,
                },
            },
        },
    },
    Project = "string",
});

example, err := certificateauthority.NewCertificateTemplate(ctx, "certificateTemplateResource", &certificateauthority.CertificateTemplateArgs{
	Location:    pulumi.String("string"),
	Description: pulumi.String("string"),
	IdentityConstraints: &certificateauthority.CertificateTemplateIdentityConstraintsArgs{
		AllowSubjectAltNamesPassthrough: pulumi.Bool(false),
		AllowSubjectPassthrough:         pulumi.Bool(false),
		CelExpression: &certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs{
			Description: pulumi.String("string"),
			Expression:  pulumi.String("string"),
			Location:    pulumi.String("string"),
			Title:       pulumi.String("string"),
		},
	},
	Labels: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Name: pulumi.String("string"),
	PassthroughExtensions: &certificateauthority.CertificateTemplatePassthroughExtensionsArgs{
		AdditionalExtensions: certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArray{
			&certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs{
				ObjectIdPaths: pulumi.IntArray{
					pulumi.Int(0),
				},
			},
		},
		KnownExtensions: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	PredefinedValues: &certificateauthority.CertificateTemplatePredefinedValuesArgs{
		AdditionalExtensions: certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArray{
			&certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs{
				ObjectId: &certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs{
					ObjectIdPaths: pulumi.IntArray{
						pulumi.Int(0),
					},
				},
				Value:    pulumi.String("string"),
				Critical: pulumi.Bool(false),
			},
		},
		AiaOcspServers: pulumi.StringArray{
			pulumi.String("string"),
		},
		CaOptions: &certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs{
			IsCa:                pulumi.Bool(false),
			MaxIssuerPathLength: pulumi.Int(0),
		},
		KeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs{
			BaseKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs{
				CertSign:          pulumi.Bool(false),
				ContentCommitment: pulumi.Bool(false),
				CrlSign:           pulumi.Bool(false),
				DataEncipherment:  pulumi.Bool(false),
				DecipherOnly:      pulumi.Bool(false),
				DigitalSignature:  pulumi.Bool(false),
				EncipherOnly:      pulumi.Bool(false),
				KeyAgreement:      pulumi.Bool(false),
				KeyEncipherment:   pulumi.Bool(false),
			},
			ExtendedKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs{
				ClientAuth:      pulumi.Bool(false),
				CodeSigning:     pulumi.Bool(false),
				EmailProtection: pulumi.Bool(false),
				OcspSigning:     pulumi.Bool(false),
				ServerAuth:      pulumi.Bool(false),
				TimeStamping:    pulumi.Bool(false),
			},
			UnknownExtendedKeyUsages: certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArray{
				&certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs{
					ObjectIdPaths: pulumi.IntArray{
						pulumi.Int(0),
					},
				},
			},
		},
		PolicyIds: certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArray{
			&certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs{
				ObjectIdPaths: pulumi.IntArray{
					pulumi.Int(0),
				},
			},
		},
	},
	Project: pulumi.String("string"),
})

var certificateTemplateResource = new CertificateTemplate("certificateTemplateResource", CertificateTemplateArgs.builder()        
    .location("string")
    .description("string")
    .identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
        .allowSubjectAltNamesPassthrough(false)
        .allowSubjectPassthrough(false)
        .celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
            .description("string")
            .expression("string")
            .location("string")
            .title("string")
            .build())
        .build())
    .labels(Map.of("string", "string"))
    .name("string")
    .passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
        .additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
            .objectIdPaths(0)
            .build())
        .knownExtensions("string")
        .build())
    .predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
        .additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
            .objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
                .objectIdPaths(0)
                .build())
            .value("string")
            .critical(false)
            .build())
        .aiaOcspServers("string")
        .caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
            .isCa(false)
            .maxIssuerPathLength(0)
            .build())
        .keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
            .baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
                .certSign(false)
                .contentCommitment(false)
                .crlSign(false)
                .dataEncipherment(false)
                .decipherOnly(false)
                .digitalSignature(false)
                .encipherOnly(false)
                .keyAgreement(false)
                .keyEncipherment(false)
                .build())
            .extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
                .clientAuth(false)
                .codeSigning(false)
                .emailProtection(false)
                .ocspSigning(false)
                .serverAuth(false)
                .timeStamping(false)
                .build())
            .unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
                .objectIdPaths(0)
                .build())
            .build())
        .policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
            .objectIdPaths(0)
            .build())
        .build())
    .project("string")
    .build());

certificate_template_resource = gcp.certificateauthority.CertificateTemplate("certificateTemplateResource",
    location="string",
    description="string",
    identity_constraints=gcp.certificateauthority.CertificateTemplateIdentityConstraintsArgs(
        allow_subject_alt_names_passthrough=False,
        allow_subject_passthrough=False,
        cel_expression=gcp.certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs(
            description="string",
            expression="string",
            location="string",
            title="string",
        ),
    ),
    labels={
        "string": "string",
    },
    name="string",
    passthrough_extensions=gcp.certificateauthority.CertificateTemplatePassthroughExtensionsArgs(
        additional_extensions=[gcp.certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs(
            object_id_paths=[0],
        )],
        known_extensions=["string"],
    ),
    predefined_values=gcp.certificateauthority.CertificateTemplatePredefinedValuesArgs(
        additional_extensions=[gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs(
            object_id=gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs(
                object_id_paths=[0],
            ),
            value="string",
            critical=False,
        )],
        aia_ocsp_servers=["string"],
        ca_options=gcp.certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs(
            is_ca=False,
            max_issuer_path_length=0,
        ),
        key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs(
            base_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs(
                cert_sign=False,
                content_commitment=False,
                crl_sign=False,
                data_encipherment=False,
                decipher_only=False,
                digital_signature=False,
                encipher_only=False,
                key_agreement=False,
                key_encipherment=False,
            ),
            extended_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs(
                client_auth=False,
                code_signing=False,
                email_protection=False,
                ocsp_signing=False,
                server_auth=False,
                time_stamping=False,
            ),
            unknown_extended_key_usages=[gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs(
                object_id_paths=[0],
            )],
        ),
        policy_ids=[gcp.certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs(
            object_id_paths=[0],
        )],
    ),
    project="string")

const certificateTemplateResource = new gcp.certificateauthority.CertificateTemplate("certificateTemplateResource", {
    location: "string",
    description: "string",
    identityConstraints: {
        allowSubjectAltNamesPassthrough: false,
        allowSubjectPassthrough: false,
        celExpression: {
            description: "string",
            expression: "string",
            location: "string",
            title: "string",
        },
    },
    labels: {
        string: "string",
    },
    name: "string",
    passthroughExtensions: {
        additionalExtensions: [{
            objectIdPaths: [0],
        }],
        knownExtensions: ["string"],
    },
    predefinedValues: {
        additionalExtensions: [{
            objectId: {
                objectIdPaths: [0],
            },
            value: "string",
            critical: false,
        }],
        aiaOcspServers: ["string"],
        caOptions: {
            isCa: false,
            maxIssuerPathLength: 0,
        },
        keyUsage: {
            baseKeyUsage: {
                certSign: false,
                contentCommitment: false,
                crlSign: false,
                dataEncipherment: false,
                decipherOnly: false,
                digitalSignature: false,
                encipherOnly: false,
                keyAgreement: false,
                keyEncipherment: false,
            },
            extendedKeyUsage: {
                clientAuth: false,
                codeSigning: false,
                emailProtection: false,
                ocspSigning: false,
                serverAuth: false,
                timeStamping: false,
            },
            unknownExtendedKeyUsages: [{
                objectIdPaths: [0],
            }],
        },
        policyIds: [{
            objectIdPaths: [0],
        }],
    },
    project: "string",
});

type: gcp:certificateauthority:CertificateTemplate
properties:
    description: string
    identityConstraints:
        allowSubjectAltNamesPassthrough: false
        allowSubjectPassthrough: false
        celExpression:
            description: string
            expression: string
            location: string
            title: string
    labels:
        string: string
    location: string
    name: string
    passthroughExtensions:
        additionalExtensions:
            - objectIdPaths:
                - 0
        knownExtensions:
            - string
    predefinedValues:
        additionalExtensions:
            - critical: false
              objectId:
                objectIdPaths:
                    - 0
              value: string
        aiaOcspServers:
            - string
        caOptions:
            isCa: false
            maxIssuerPathLength: 0
        keyUsage:
            baseKeyUsage:
                certSign: false
                contentCommitment: false
                crlSign: false
                dataEncipherment: false
                decipherOnly: false
                digitalSignature: false
                encipherOnly: false
                keyAgreement: false
                keyEncipherment: false
            extendedKeyUsage:
                clientAuth: false
                codeSigning: false
                emailProtection: false
                ocspSigning: false
                serverAuth: false
                timeStamping: false
            unknownExtendedKeyUsages:
                - objectIdPaths:
                    - 0
        policyIds:
            - objectIdPaths:
                - 0
    project: string

CertificateTemplate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CertificateTemplate resource accepts the following input properties:

Location string

The location for the resource

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

IdentityConstraints CertificateTemplateIdentityConstraints

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

Labels Dictionary<string, string>

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

PassthroughExtensions CertificateTemplatePassthroughExtensions

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

PredefinedValues CertificateTemplatePredefinedValues

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

Project string

The project for the resource

Location string

The location for the resource

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

IdentityConstraints CertificateTemplateIdentityConstraintsArgs

Labels map[string]string

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs

PredefinedValues CertificateTemplatePredefinedValuesArgs

Project string

The project for the resource

location String

The location for the resource

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identityConstraints CertificateTemplateIdentityConstraints

labels Map<String,String>

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

name String

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions CertificateTemplatePassthroughExtensions

predefinedValues CertificateTemplatePredefinedValues

project String

The project for the resource

location string

The location for the resource

description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identityConstraints CertificateTemplateIdentityConstraints

labels {[key: string]: string}

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions CertificateTemplatePassthroughExtensions

predefinedValues CertificateTemplatePredefinedValues

project string

The project for the resource

location str

The location for the resource

description str

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identity_constraints CertificateTemplateIdentityConstraintsArgs

labels Mapping[str, str]

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

name str

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthrough_extensions CertificateTemplatePassthroughExtensionsArgs

predefined_values CertificateTemplatePredefinedValuesArgs

project str

The project for the resource

location String

The location for the resource

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identityConstraints Property Map

labels Map<String>

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

name String

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions Property Map

predefinedValues Property Map

project String

The project for the resource

Outputs

All input properties are implicitly available as output properties. Additionally, the CertificateTemplate resource produces the following output properties:

CreateTime string: Output only. The time at which this CertificateTemplate was created.
EffectiveLabels Dictionary<string, object>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Id string: The provider-assigned unique ID for this managed resource.
PulumiLabels Dictionary<string, object>: The combination of labels configured directly on the resource and default labels configured on the provider.
UpdateTime string: Output only. The time at which this CertificateTemplate was updated.

CreateTime string: Output only. The time at which this CertificateTemplate was created.
EffectiveLabels map[string]interface{}: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Id string: The provider-assigned unique ID for this managed resource.
PulumiLabels map[string]interface{}: The combination of labels configured directly on the resource and default labels configured on the provider.
UpdateTime string: Output only. The time at which this CertificateTemplate was updated.

createTime String: Output only. The time at which this CertificateTemplate was created.
effectiveLabels Map<String,Object>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id String: The provider-assigned unique ID for this managed resource.
pulumiLabels Map<String,Object>: The combination of labels configured directly on the resource and default labels configured on the provider.
updateTime String: Output only. The time at which this CertificateTemplate was updated.

createTime string: Output only. The time at which this CertificateTemplate was created.
effectiveLabels {[key: string]: any}: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id string: The provider-assigned unique ID for this managed resource.
pulumiLabels {[key: string]: any}: The combination of labels configured directly on the resource and default labels configured on the provider.
updateTime string: Output only. The time at which this CertificateTemplate was updated.

create_time str: Output only. The time at which this CertificateTemplate was created.
effective_labels Mapping[str, Any]: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id str: The provider-assigned unique ID for this managed resource.
pulumi_labels Mapping[str, Any]: The combination of labels configured directly on the resource and default labels configured on the provider.
update_time str: Output only. The time at which this CertificateTemplate was updated.

createTime String: Output only. The time at which this CertificateTemplate was created.
effectiveLabels Map<Any>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id String: The provider-assigned unique ID for this managed resource.
pulumiLabels Map<Any>: The combination of labels configured directly on the resource and default labels configured on the provider.
updateTime String: Output only. The time at which this CertificateTemplate was updated.

Look up Existing CertificateTemplate Resource

Get an existing CertificateTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateTemplateState, opts?: CustomResourceOptions): CertificateTemplate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        create_time: Optional[str] = None,
        description: Optional[str] = None,
        effective_labels: Optional[Mapping[str, Any]] = None,
        identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
        labels: Optional[Mapping[str, str]] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
        predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
        project: Optional[str] = None,
        pulumi_labels: Optional[Mapping[str, Any]] = None,
        update_time: Optional[str] = None) -> CertificateTemplate

func GetCertificateTemplate(ctx *Context, name string, id IDInput, state *CertificateTemplateState, opts ...ResourceOption) (*CertificateTemplate, error)

public static CertificateTemplate Get(string name, Input<string> id, CertificateTemplateState? state, CustomResourceOptions? opts = null)

public static CertificateTemplate get(String name, Output<String> id, CertificateTemplateState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CreateTime string

Output only. The time at which this CertificateTemplate was created.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

EffectiveLabels Dictionary<string, object>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

IdentityConstraints CertificateTemplateIdentityConstraints

Labels Dictionary<string, string>

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Location string

The location for the resource

Name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

PassthroughExtensions CertificateTemplatePassthroughExtensions

PredefinedValues CertificateTemplatePredefinedValues

Project string

The project for the resource

PulumiLabels Dictionary<string, object>

The combination of labels configured directly on the resource and default labels configured on the provider.

UpdateTime string

Output only. The time at which this CertificateTemplate was updated.

CreateTime string

Output only. The time at which this CertificateTemplate was created.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

EffectiveLabels map[string]interface{}

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

IdentityConstraints CertificateTemplateIdentityConstraintsArgs

Labels map[string]string

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Location string

The location for the resource

Name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs

PredefinedValues CertificateTemplatePredefinedValuesArgs

Project string

The project for the resource

PulumiLabels map[string]interface{}

The combination of labels configured directly on the resource and default labels configured on the provider.

UpdateTime string

Output only. The time at which this CertificateTemplate was updated.

createTime String

Output only. The time at which this CertificateTemplate was created.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

effectiveLabels Map<String,Object>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

identityConstraints CertificateTemplateIdentityConstraints

labels Map<String,String>

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location String

The location for the resource

name String

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions CertificateTemplatePassthroughExtensions

predefinedValues CertificateTemplatePredefinedValues

project String

The project for the resource

pulumiLabels Map<String,Object>

The combination of labels configured directly on the resource and default labels configured on the provider.

updateTime String

Output only. The time at which this CertificateTemplate was updated.

createTime string

Output only. The time at which this CertificateTemplate was created.

description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

effectiveLabels {[key: string]: any}

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

identityConstraints CertificateTemplateIdentityConstraints

labels {[key: string]: string}

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location string

The location for the resource

name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions CertificateTemplatePassthroughExtensions

predefinedValues CertificateTemplatePredefinedValues

project string

The project for the resource

pulumiLabels {[key: string]: any}

The combination of labels configured directly on the resource and default labels configured on the provider.

updateTime string

Output only. The time at which this CertificateTemplate was updated.

create_time str

Output only. The time at which this CertificateTemplate was created.

description str

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

effective_labels Mapping[str, Any]

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

identity_constraints CertificateTemplateIdentityConstraintsArgs

labels Mapping[str, str]

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location str

The location for the resource

name str

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthrough_extensions CertificateTemplatePassthroughExtensionsArgs

predefined_values CertificateTemplatePredefinedValuesArgs

project str

The project for the resource

pulumi_labels Mapping[str, Any]

The combination of labels configured directly on the resource and default labels configured on the provider.

update_time str

Output only. The time at which this CertificateTemplate was updated.

createTime String

Output only. The time at which this CertificateTemplate was created.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

effectiveLabels Map<Any>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

identityConstraints Property Map

labels Map<String>

Optional. Labels with user-defined metadata.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location String

The location for the resource

name String

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions Property Map

predefinedValues Property Map

project String

The project for the resource

pulumiLabels Map<Any>

The combination of labels configured directly on the resource and default labels configured on the provider.

updateTime String

Output only. The time at which this CertificateTemplate was updated.

Supporting Types

CertificateTemplateIdentityConstraints, CertificateTemplateIdentityConstraintsArgs

AllowSubjectAltNamesPassthrough bool: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
AllowSubjectPassthrough bool: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
CelExpression CertificateTemplateIdentityConstraintsCelExpression: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

AllowSubjectAltNamesPassthrough bool: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
AllowSubjectPassthrough bool: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
CelExpression CertificateTemplateIdentityConstraintsCelExpression: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough Boolean: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough Boolean: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression CertificateTemplateIdentityConstraintsCelExpression: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough boolean: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough boolean: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression CertificateTemplateIdentityConstraintsCelExpression: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allow_subject_alt_names_passthrough bool: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allow_subject_passthrough bool: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
cel_expression CertificateTemplateIdentityConstraintsCelExpression: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough Boolean: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough Boolean: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression Property Map: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

CertificateTemplateIdentityConstraintsCelExpression, CertificateTemplateIdentityConstraintsCelExpressionArgs

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression string: Textual representation of an expression in Common Expression Language syntax.
location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression str: Textual representation of an expression in Common Expression Language syntax.
location str: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title str: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

CertificateTemplatePassthroughExtensions, CertificateTemplatePassthroughExtensionsArgs

AdditionalExtensions List<CertificateTemplatePassthroughExtensionsAdditionalExtension>: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
KnownExtensions List<string>: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

AdditionalExtensions []CertificateTemplatePassthroughExtensionsAdditionalExtension: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
KnownExtensions []string: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions List<CertificateTemplatePassthroughExtensionsAdditionalExtension>: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions List<String>: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions CertificateTemplatePassthroughExtensionsAdditionalExtension[]: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions string[]: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additional_extensions Sequence[CertificateTemplatePassthroughExtensionsAdditionalExtension]: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
known_extensions Sequence[str]: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions List<Property Map>: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions List<String>: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

CertificateTemplatePassthroughExtensionsAdditionalExtension, CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs

ObjectIdPaths List<int>: Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]: Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>: Required. The parts of an OID path. The most significant parts of the path come first.

CertificateTemplatePredefinedValues, CertificateTemplatePredefinedValuesArgs

AdditionalExtensions List<CertificateTemplatePredefinedValuesAdditionalExtension>: Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions CertificateTemplatePredefinedValuesCaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage CertificateTemplatePredefinedValuesKeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds List<CertificateTemplatePredefinedValuesPolicyId>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []CertificateTemplatePredefinedValuesAdditionalExtension: Optional. Describes custom X.509 extensions.
AiaOcspServers []string: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions CertificateTemplatePredefinedValuesCaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage CertificateTemplatePredefinedValuesKeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds []CertificateTemplatePredefinedValuesPolicyId: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<CertificateTemplatePredefinedValuesAdditionalExtension>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CertificateTemplatePredefinedValuesCaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage CertificateTemplatePredefinedValuesKeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds List<CertificateTemplatePredefinedValuesPolicyId>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions CertificateTemplatePredefinedValuesAdditionalExtension[]: Optional. Describes custom X.509 extensions.
aiaOcspServers string[]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CertificateTemplatePredefinedValuesCaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage CertificateTemplatePredefinedValuesKeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds CertificateTemplatePredefinedValuesPolicyId[]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[CertificateTemplatePredefinedValuesAdditionalExtension]: Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
ca_options CertificateTemplatePredefinedValuesCaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
key_usage CertificateTemplatePredefinedValuesKeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
policy_ids Sequence[CertificateTemplatePredefinedValuesPolicyId]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions Property Map: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage Property Map: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds List<Property Map>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

CertificateTemplatePredefinedValuesAdditionalExtension, CertificateTemplatePredefinedValuesAdditionalExtensionArgs

ObjectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId: Required. The OID for this X.509 extension.
Value string: Required. The value of this X.509 extension.
Critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

ObjectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId: Required. The OID for this X.509 extension.
Value string: Required. The value of this X.509 extension.
Critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId: Required. The OID for this X.509 extension.
value String: Required. The value of this X.509 extension.
critical Boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId: Required. The OID for this X.509 extension.
value string: Required. The value of this X.509 extension.
critical boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

object_id CertificateTemplatePredefinedValuesAdditionalExtensionObjectId: Required. The OID for this X.509 extension.
value str: Required. The value of this X.509 extension.
critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId Property Map: Required. The OID for this X.509 extension.
value String: Required. The value of this X.509 extension.
critical Boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

CertificateTemplatePredefinedValuesAdditionalExtensionObjectId, CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs

ObjectIdPaths List<int>: Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]: Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>: Required. The parts of an OID path. The most significant parts of the path come first.

CertificateTemplatePredefinedValuesCaOptions, CertificateTemplatePredefinedValuesCaOptionsArgs

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Integer: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

is_ca bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CertificateTemplatePredefinedValuesKeyUsage, CertificateTemplatePredefinedValuesKeyUsageArgs

BaseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
ExtendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

BaseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
ExtendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
extendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
extendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage[]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

base_key_usage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
extended_key_usage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage: Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage Property Map: Describes high-level ways in which a key may be used.
extendedKeyUsage Property Map: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<Property Map>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage, CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

certSign boolean: The key may be used to sign certificates.
contentCommitment boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign boolean: The key may be used sign certificate revocation lists.
dataEncipherment boolean: The key may be used to encipher data.
decipherOnly boolean: The key may be used to decipher only.
digitalSignature boolean: The key may be used for digital signatures.
encipherOnly boolean: The key may be used to encipher only.
keyAgreement boolean: The key may be used in a key agreement protocol.
keyEncipherment boolean: The key may be used to encipher other keys.

cert_sign bool: The key may be used to sign certificates.
content_commitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crl_sign bool: The key may be used sign certificate revocation lists.
data_encipherment bool: The key may be used to encipher data.
decipher_only bool: The key may be used to decipher only.
digital_signature bool: The key may be used for digital signatures.
encipher_only bool: The key may be used to encipher only.
key_agreement bool: The key may be used in a key agreement protocol.
key_encipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
code_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
email_protection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocsp_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
server_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
time_stamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs

ObjectIdPaths List<int>: Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]: Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>: Required. The parts of an OID path. The most significant parts of the path come first.

CertificateTemplatePredefinedValuesPolicyId, CertificateTemplatePredefinedValuesPolicyIdArgs

ObjectIdPaths List<int>: Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]: Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>: Required. The parts of an OID path. The most significant parts of the path come first.

Import

CertificateTemplate can be imported using any of these accepted formats:

projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}
{{project}}/{{location}}/{{name}}
{{location}}/{{name}}

When using the pulumi import command, CertificateTemplate can be imported using one of the formats above. For example:

$ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}

$ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{project}}/{{location}}/{{name}}

$ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{location}}/{{name}}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud Classic v7.19.0 published on Thursday, Apr 18, 2024 by Pulumi

pulumi/pulumi-gcp

gcp.certificateauthority.CertificateTemplate

On this page

On this page

Example Usage

Basic_certificate_template

Create CertificateTemplate Resource

Constructor syntax

Parameters

Example

CertificateTemplate Resource Properties

Inputs

Outputs

Look up Existing CertificateTemplate Resource

Supporting Types

CertificateTemplateIdentityConstraints, CertificateTemplateIdentityConstraintsArgs

CertificateTemplateIdentityConstraintsCelExpression, CertificateTemplateIdentityConstraintsCelExpressionArgs

CertificateTemplatePassthroughExtensions, CertificateTemplatePassthroughExtensionsArgs

CertificateTemplatePassthroughExtensionsAdditionalExtension, CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs

CertificateTemplatePredefinedValues, CertificateTemplatePredefinedValuesArgs

CertificateTemplatePredefinedValuesAdditionalExtension, CertificateTemplatePredefinedValuesAdditionalExtensionArgs

CertificateTemplatePredefinedValuesAdditionalExtensionObjectId, CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs

CertificateTemplatePredefinedValuesCaOptions, CertificateTemplatePredefinedValuesCaOptionsArgs

CertificateTemplatePredefinedValuesKeyUsage, CertificateTemplatePredefinedValuesKeyUsageArgs

CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage, CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs

CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs

CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs

CertificateTemplatePredefinedValuesPolicyId, CertificateTemplatePredefinedValuesPolicyIdArgs

Import

Package Details

On this page

On this page