CertificateTemplate

Certificate Authority Service provides reusable and parameterized templates that you can use for common certificate issuance scenarios. A certificate template represents a relatively static and well-defined certificate issuance schema within an organization. A certificate template can essentially become a full-fledged vertical certificate issuance framework.

For more information, see:

Example Usage

Basic_certificate_template

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CertificateTemplate;
import com.pulumi.gcp.certificateauthority.CertificateTemplateArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePassthroughExtensionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var primary = new CertificateTemplate("primary", CertificateTemplateArgs.builder()        
            .description("An updated sample certificate template")
            .identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
                .allowSubjectAltNamesPassthrough(true)
                .allowSubjectPassthrough(true)
                .celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
                    .description("Always true")
                    .expression("true")
                    .location("any.file.anywhere")
                    .title("Sample expression")
                    .build())
                .build())
            .labels(Map.of("label-two", "value-two"))
            .location("us-west1")
            .passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
                .additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
                    .objectIdPath(                    
                        1,
                        6)
                    .build())
                .knownExtensions("EXTENDED_KEY_USAGE")
                .build())
            .predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
                .additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
                    .critical(true)
                    .objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
                        .objectIdPath(                        
                            1,
                            6)
                        .build())
                    .value("c3RyaW5nCg==")
                    .build())
                .aiaOcspServers("string")
                .caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
                    .isCa(false)
                    .maxIssuerPathLength(6)
                    .build())
                .keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
                    .baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
                        .certSign(false)
                        .contentCommitment(true)
                        .crlSign(false)
                        .dataEncipherment(true)
                        .decipherOnly(true)
                        .digitalSignature(true)
                        .encipherOnly(true)
                        .keyAgreement(true)
                        .keyEncipherment(true)
                        .build())
                    .extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
                        .clientAuth(true)
                        .codeSigning(true)
                        .emailProtection(true)
                        .ocspSigning(true)
                        .serverAuth(true)
                        .timeStamping(true)
                        .build())
                    .unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
                        .objectIdPath(                        
                            1,
                            6)
                        .build())
                    .build())
                .policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
                    .objectIdPath(                    
                        1,
                        6)
                    .build())
                .build())
            .project("my-project-name")
            .build());

    }
}

Coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const primary = new gcp.certificateauthority.CertificateTemplate("primary", {
    description: "An updated sample certificate template",
    identityConstraints: {
        allowSubjectAltNamesPassthrough: true,
        allowSubjectPassthrough: true,
        celExpression: {
            description: "Always true",
            expression: "true",
            location: "any.file.anywhere",
            title: "Sample expression",
        },
    },
    labels: {
        "label-two": "value-two",
    },
    location: "us-west1",
    passthroughExtensions: {
        additionalExtensions: [{
            objectIdPaths: [
                1,
                6,
            ],
        }],
        knownExtensions: ["EXTENDED_KEY_USAGE"],
    },
    predefinedValues: {
        additionalExtensions: [{
            critical: true,
            objectId: {
                objectIdPaths: [
                    1,
                    6,
                ],
            },
            value: "c3RyaW5nCg==",
        }],
        aiaOcspServers: ["string"],
        caOptions: {
            isCa: false,
            maxIssuerPathLength: 6,
        },
        keyUsage: {
            baseKeyUsage: {
                certSign: false,
                contentCommitment: true,
                crlSign: false,
                dataEncipherment: true,
                decipherOnly: true,
                digitalSignature: true,
                encipherOnly: true,
                keyAgreement: true,
                keyEncipherment: true,
            },
            extendedKeyUsage: {
                clientAuth: true,
                codeSigning: true,
                emailProtection: true,
                ocspSigning: true,
                serverAuth: true,
                timeStamping: true,
            },
            unknownExtendedKeyUsages: [{
                objectIdPaths: [
                    1,
                    6,
                ],
            }],
        },
        policyIds: [{
            objectIdPaths: [
                1,
                6,
            ],
        }],
    },
    project: "my-project-name",
});
resources:
  primary:
    type: gcp:certificateauthority:CertificateTemplate
    properties:
      description: An updated sample certificate template
      identityConstraints:
        allowSubjectAltNamesPassthrough: true
        allowSubjectPassthrough: true
        celExpression:
          description: Always true
          expression: 'true'
          location: any.file.anywhere
          title: Sample expression
      labels:
        label-two: value-two
      location: us-west1
      passthroughExtensions:
        additionalExtensions:
          - objectIdPath:
              - 1
              - 6
        knownExtensions:
          - EXTENDED_KEY_USAGE
      predefinedValues:
        additionalExtensions:
          - critical: true
            objectId:
              objectIdPath:
                - 1
                - 6
            value: c3RyaW5nCg==
        aiaOcspServers:
          - string
        caOptions:
          isCa: false
          maxIssuerPathLength: 6
        keyUsage:
          baseKeyUsage:
            certSign: false
            contentCommitment: true
            crlSign: false
            dataEncipherment: true
            decipherOnly: true
            digitalSignature: true
            encipherOnly: true
            keyAgreement: true
            keyEncipherment: true
          extendedKeyUsage:
            clientAuth: true
            codeSigning: true
            emailProtection: true
            ocspSigning: true
            serverAuth: true
            timeStamping: true
          unknownExtendedKeyUsages:
            - objectIdPath:
                - 1
                - 6
        policyIds:
          - objectIdPath:
              - 1
              - 6
      project: my-project-name

Create CertificateTemplate Resource

new CertificateTemplate(name: string, args: CertificateTemplateArgs, opts?: CustomResourceOptions);
@overload
def CertificateTemplate(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        description: Optional[str] = None,
                        identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
                        labels: Optional[Mapping[str, str]] = None,
                        location: Optional[str] = None,
                        name: Optional[str] = None,
                        passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
                        predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
                        project: Optional[str] = None)
@overload
def CertificateTemplate(resource_name: str,
                        args: CertificateTemplateArgs,
                        opts: Optional[ResourceOptions] = None)
func NewCertificateTemplate(ctx *Context, name string, args CertificateTemplateArgs, opts ...ResourceOption) (*CertificateTemplate, error)
public CertificateTemplate(string name, CertificateTemplateArgs args, CustomResourceOptions? opts = null)
public CertificateTemplate(String name, CertificateTemplateArgs args)
public CertificateTemplate(String name, CertificateTemplateArgs args, CustomResourceOptions options)
type: gcp:certificateauthority:CertificateTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args CertificateTemplateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args CertificateTemplateArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CertificateTemplateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CertificateTemplateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args CertificateTemplateArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

CertificateTemplate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CertificateTemplate resource accepts the following input properties:

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

IdentityConstraints CertificateTemplateIdentityConstraintsArgs

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

Labels Dictionary<string, string>

Optional. Labels with user-defined metadata.

Name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

PredefinedValues CertificateTemplatePredefinedValuesArgs

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

Project string

The project for the resource

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

IdentityConstraints CertificateTemplateIdentityConstraintsArgs

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

Labels map[string]string

Optional. Labels with user-defined metadata.

Name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

PredefinedValues CertificateTemplatePredefinedValuesArgs

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

Project string

The project for the resource

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identityConstraints CertificateTemplateIdentityConstraintsArgs

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

labels Map<String,String>

Optional. Labels with user-defined metadata.

name String

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions CertificateTemplatePassthroughExtensionsArgs

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

predefinedValues CertificateTemplatePredefinedValuesArgs

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

project String

The project for the resource

location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identityConstraints CertificateTemplateIdentityConstraintsArgs

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

labels {[key: string]: string}

Optional. Labels with user-defined metadata.

name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions CertificateTemplatePassthroughExtensionsArgs

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

predefinedValues CertificateTemplatePredefinedValuesArgs

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

project string

The project for the resource

location str

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

description str

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identity_constraints CertificateTemplateIdentityConstraintsArgs

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

labels Mapping[str, str]

Optional. Labels with user-defined metadata.

name str

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthrough_extensions CertificateTemplatePassthroughExtensionsArgs

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

predefined_values CertificateTemplatePredefinedValuesArgs

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

project str

The project for the resource

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identityConstraints Property Map

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

labels Map<String>

Optional. Labels with user-defined metadata.

name String

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions Property Map

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

predefinedValues Property Map

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

project String

The project for the resource

Outputs

All input properties are implicitly available as output properties. Additionally, the CertificateTemplate resource produces the following output properties:

CreateTime string

Output only. The time at which this CertificateTemplate was created.

Id string

The provider-assigned unique ID for this managed resource.

UpdateTime string

Output only. The time at which this CertificateTemplate was updated.

CreateTime string

Output only. The time at which this CertificateTemplate was created.

Id string

The provider-assigned unique ID for this managed resource.

UpdateTime string

Output only. The time at which this CertificateTemplate was updated.

createTime String

Output only. The time at which this CertificateTemplate was created.

id String

The provider-assigned unique ID for this managed resource.

updateTime String

Output only. The time at which this CertificateTemplate was updated.

createTime string

Output only. The time at which this CertificateTemplate was created.

id string

The provider-assigned unique ID for this managed resource.

updateTime string

Output only. The time at which this CertificateTemplate was updated.

create_time str

Output only. The time at which this CertificateTemplate was created.

id str

The provider-assigned unique ID for this managed resource.

update_time str

Output only. The time at which this CertificateTemplate was updated.

createTime String

Output only. The time at which this CertificateTemplate was created.

id String

The provider-assigned unique ID for this managed resource.

updateTime String

Output only. The time at which this CertificateTemplate was updated.

Look up Existing CertificateTemplate Resource

Get an existing CertificateTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateTemplateState, opts?: CustomResourceOptions): CertificateTemplate
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        create_time: Optional[str] = None,
        description: Optional[str] = None,
        identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
        labels: Optional[Mapping[str, str]] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
        predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
        project: Optional[str] = None,
        update_time: Optional[str] = None) -> CertificateTemplate
func GetCertificateTemplate(ctx *Context, name string, id IDInput, state *CertificateTemplateState, opts ...ResourceOption) (*CertificateTemplate, error)
public static CertificateTemplate Get(string name, Input<string> id, CertificateTemplateState? state, CustomResourceOptions? opts = null)
public static CertificateTemplate get(String name, Output<String> id, CertificateTemplateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
CreateTime string

Output only. The time at which this CertificateTemplate was created.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

IdentityConstraints CertificateTemplateIdentityConstraintsArgs

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

Labels Dictionary<string, string>

Optional. Labels with user-defined metadata.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

PredefinedValues CertificateTemplatePredefinedValuesArgs

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

Project string

The project for the resource

UpdateTime string

Output only. The time at which this CertificateTemplate was updated.

CreateTime string

Output only. The time at which this CertificateTemplate was created.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

IdentityConstraints CertificateTemplateIdentityConstraintsArgs

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

Labels map[string]string

Optional. Labels with user-defined metadata.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

PredefinedValues CertificateTemplatePredefinedValuesArgs

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

Project string

The project for the resource

UpdateTime string

Output only. The time at which this CertificateTemplate was updated.

createTime String

Output only. The time at which this CertificateTemplate was created.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identityConstraints CertificateTemplateIdentityConstraintsArgs

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

labels Map<String,String>

Optional. Labels with user-defined metadata.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

name String

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions CertificateTemplatePassthroughExtensionsArgs

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

predefinedValues CertificateTemplatePredefinedValuesArgs

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

project String

The project for the resource

updateTime String

Output only. The time at which this CertificateTemplate was updated.

createTime string

Output only. The time at which this CertificateTemplate was created.

description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identityConstraints CertificateTemplateIdentityConstraintsArgs

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

labels {[key: string]: string}

Optional. Labels with user-defined metadata.

location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

name string

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions CertificateTemplatePassthroughExtensionsArgs

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

predefinedValues CertificateTemplatePredefinedValuesArgs

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

project string

The project for the resource

updateTime string

Output only. The time at which this CertificateTemplate was updated.

create_time str

Output only. The time at which this CertificateTemplate was created.

description str

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identity_constraints CertificateTemplateIdentityConstraintsArgs

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

labels Mapping[str, str]

Optional. Labels with user-defined metadata.

location str

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

name str

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthrough_extensions CertificateTemplatePassthroughExtensionsArgs

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

predefined_values CertificateTemplatePredefinedValuesArgs

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

project str

The project for the resource

update_time str

Output only. The time at which this CertificateTemplate was updated.

createTime String

Output only. The time at which this CertificateTemplate was created.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

identityConstraints Property Map

Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

labels Map<String>

Optional. Labels with user-defined metadata.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

name String

The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

passthroughExtensions Property Map

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

predefinedValues Property Map

Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

project String

The project for the resource

updateTime String

Output only. The time at which this CertificateTemplate was updated.

Supporting Types

CertificateTemplateIdentityConstraints

AllowSubjectAltNamesPassthrough bool

Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

AllowSubjectPassthrough bool

Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

CelExpression CertificateTemplateIdentityConstraintsCelExpression

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

AllowSubjectAltNamesPassthrough bool

Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

AllowSubjectPassthrough bool

Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

CelExpression CertificateTemplateIdentityConstraintsCelExpression

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough Boolean

Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

allowSubjectPassthrough Boolean

Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

celExpression CertificateTemplateIdentityConstraintsCelExpression

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough boolean

Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

allowSubjectPassthrough boolean

Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

celExpression CertificateTemplateIdentityConstraintsCelExpression

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allow_subject_alt_names_passthrough bool

Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

allow_subject_passthrough bool

Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

cel_expression CertificateTemplateIdentityConstraintsCelExpression

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough Boolean

Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

allowSubjectPassthrough Boolean

Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

celExpression Property Map

Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

CertificateTemplateIdentityConstraintsCelExpression

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression string

Textual representation of an expression in Common Expression Language syntax.

location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression str

Textual representation of an expression in Common Expression Language syntax.

location str

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title str

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

CertificateTemplatePassthroughExtensions

AdditionalExtensions List<CertificateTemplatePassthroughExtensionsAdditionalExtension>

Optional. Describes custom X.509 extensions.

KnownExtensions List<string>

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

AdditionalExtensions []CertificateTemplatePassthroughExtensionsAdditionalExtension

Optional. Describes custom X.509 extensions.

KnownExtensions []string

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions List<CertificateTemplatePassthroughExtensionsAdditionalExtension>

Optional. Describes custom X.509 extensions.

knownExtensions List<String>

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions CertificateTemplatePassthroughExtensionsAdditionalExtension[]

Optional. Describes custom X.509 extensions.

knownExtensions string[]

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additional_extensions Sequence[CertificateTemplatePassthroughExtensionsAdditionalExtension]

Optional. Describes custom X.509 extensions.

known_extensions Sequence[str]

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions List<Property Map>

Optional. Describes custom X.509 extensions.

knownExtensions List<String>

Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

CertificateTemplatePassthroughExtensionsAdditionalExtension

ObjectIdPaths List<int>

Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]

Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>

Required. The parts of an OID path. The most significant parts of the path come first.

CertificateTemplatePredefinedValues

AdditionalExtensions List<CertificateTemplatePredefinedValuesAdditionalExtension>

Optional. Describes custom X.509 extensions.

AiaOcspServers List<string>

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

CaOptions CertificateTemplatePredefinedValuesCaOptions

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

KeyUsage CertificateTemplatePredefinedValuesKeyUsage

Optional. Indicates the intended use for keys that correspond to a certificate.

PolicyIds List<CertificateTemplatePredefinedValuesPolicyId>

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []CertificateTemplatePredefinedValuesAdditionalExtension

Optional. Describes custom X.509 extensions.

AiaOcspServers []string

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

CaOptions CertificateTemplatePredefinedValuesCaOptions

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

KeyUsage CertificateTemplatePredefinedValuesKeyUsage

Optional. Indicates the intended use for keys that correspond to a certificate.

PolicyIds []CertificateTemplatePredefinedValuesPolicyId

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<CertificateTemplatePredefinedValuesAdditionalExtension>

Optional. Describes custom X.509 extensions.

aiaOcspServers List<String>

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions CertificateTemplatePredefinedValuesCaOptions

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

keyUsage CertificateTemplatePredefinedValuesKeyUsage

Optional. Indicates the intended use for keys that correspond to a certificate.

policyIds List<CertificateTemplatePredefinedValuesPolicyId>

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions CertificateTemplatePredefinedValuesAdditionalExtension[]

Optional. Describes custom X.509 extensions.

aiaOcspServers string[]

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions CertificateTemplatePredefinedValuesCaOptions

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

keyUsage CertificateTemplatePredefinedValuesKeyUsage

Optional. Indicates the intended use for keys that correspond to a certificate.

policyIds CertificateTemplatePredefinedValuesPolicyId[]

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[CertificateTemplatePredefinedValuesAdditionalExtension]

Optional. Describes custom X.509 extensions.

aia_ocsp_servers Sequence[str]

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

ca_options CertificateTemplatePredefinedValuesCaOptions

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

key_usage CertificateTemplatePredefinedValuesKeyUsage

Optional. Indicates the intended use for keys that correspond to a certificate.

policy_ids Sequence[CertificateTemplatePredefinedValuesPolicyId]

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>

Optional. Describes custom X.509 extensions.

aiaOcspServers List<String>

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions Property Map

Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

keyUsage Property Map

Optional. Indicates the intended use for keys that correspond to a certificate.

policyIds List<Property Map>

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

CertificateTemplatePredefinedValuesAdditionalExtension

ObjectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

Required. The OID for this X.509 extension.

Value string

Required. The value of this X.509 extension.

Critical bool

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

ObjectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

Required. The OID for this X.509 extension.

Value string

Required. The value of this X.509 extension.

Critical bool

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

Required. The OID for this X.509 extension.

value String

Required. The value of this X.509 extension.

critical Boolean

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

Required. The OID for this X.509 extension.

value string

Required. The value of this X.509 extension.

critical boolean

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

object_id CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

Required. The OID for this X.509 extension.

value str

Required. The value of this X.509 extension.

critical bool

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId Property Map

Required. The OID for this X.509 extension.

value String

Required. The value of this X.509 extension.

critical Boolean

Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

ObjectIdPaths List<int>

Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]

Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>

Required. The parts of an OID path. The most significant parts of the path come first.

CertificateTemplatePredefinedValuesCaOptions

IsCa bool

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

MaxIssuerPathLength int

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

IsCa bool

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

MaxIssuerPathLength int

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

maxIssuerPathLength Integer

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa boolean

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

maxIssuerPathLength number

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

is_ca bool

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

max_issuer_path_length int

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

maxIssuerPathLength Number

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CertificateTemplatePredefinedValuesKeyUsage

BaseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

Describes high-level ways in which a key may be used.

ExtendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

Detailed scenarios in which a key may be used.

UnknownExtendedKeyUsages List<CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage>

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

BaseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

Describes high-level ways in which a key may be used.

ExtendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

Detailed scenarios in which a key may be used.

UnknownExtendedKeyUsages []CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

Describes high-level ways in which a key may be used.

extendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

Detailed scenarios in which a key may be used.

unknownExtendedKeyUsages List<CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage>

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

Describes high-level ways in which a key may be used.

extendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

Detailed scenarios in which a key may be used.

unknownExtendedKeyUsages CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage[]

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

base_key_usage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

Describes high-level ways in which a key may be used.

extended_key_usage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

Detailed scenarios in which a key may be used.

unknown_extended_key_usages Sequence[CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage]

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage Property Map

Describes high-level ways in which a key may be used.

extendedKeyUsage Property Map

Detailed scenarios in which a key may be used.

unknownExtendedKeyUsages List<Property Map>

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

CertSign bool

The key may be used to sign certificates.

ContentCommitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

CrlSign bool

The key may be used sign certificate revocation lists.

DataEncipherment bool

The key may be used to encipher data.

DecipherOnly bool

The key may be used to decipher only.

DigitalSignature bool

The key may be used for digital signatures.

EncipherOnly bool

The key may be used to encipher only.

KeyAgreement bool

The key may be used in a key agreement protocol.

KeyEncipherment bool

The key may be used to encipher other keys.

CertSign bool

The key may be used to sign certificates.

ContentCommitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

CrlSign bool

The key may be used sign certificate revocation lists.

DataEncipherment bool

The key may be used to encipher data.

DecipherOnly bool

The key may be used to decipher only.

DigitalSignature bool

The key may be used for digital signatures.

EncipherOnly bool

The key may be used to encipher only.

KeyAgreement bool

The key may be used in a key agreement protocol.

KeyEncipherment bool

The key may be used to encipher other keys.

certSign Boolean

The key may be used to sign certificates.

contentCommitment Boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign Boolean

The key may be used sign certificate revocation lists.

dataEncipherment Boolean

The key may be used to encipher data.

decipherOnly Boolean

The key may be used to decipher only.

digitalSignature Boolean

The key may be used for digital signatures.

encipherOnly Boolean

The key may be used to encipher only.

keyAgreement Boolean

The key may be used in a key agreement protocol.

keyEncipherment Boolean

The key may be used to encipher other keys.

certSign boolean

The key may be used to sign certificates.

contentCommitment boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign boolean

The key may be used sign certificate revocation lists.

dataEncipherment boolean

The key may be used to encipher data.

decipherOnly boolean

The key may be used to decipher only.

digitalSignature boolean

The key may be used for digital signatures.

encipherOnly boolean

The key may be used to encipher only.

keyAgreement boolean

The key may be used in a key agreement protocol.

keyEncipherment boolean

The key may be used to encipher other keys.

cert_sign bool

The key may be used to sign certificates.

content_commitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crl_sign bool

The key may be used sign certificate revocation lists.

data_encipherment bool

The key may be used to encipher data.

decipher_only bool

The key may be used to decipher only.

digital_signature bool

The key may be used for digital signatures.

encipher_only bool

The key may be used to encipher only.

key_agreement bool

The key may be used in a key agreement protocol.

key_encipherment bool

The key may be used to encipher other keys.

certSign Boolean

The key may be used to sign certificates.

contentCommitment Boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign Boolean

The key may be used sign certificate revocation lists.

dataEncipherment Boolean

The key may be used to encipher data.

decipherOnly Boolean

The key may be used to decipher only.

digitalSignature Boolean

The key may be used for digital signatures.

encipherOnly Boolean

The key may be used to encipher only.

keyAgreement Boolean

The key may be used in a key agreement protocol.

keyEncipherment Boolean

The key may be used to encipher other keys.

CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

ClientAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

CodeSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

EmailProtection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

OcspSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

ServerAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

TimeStamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

CodeSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

EmailProtection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

OcspSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

ServerAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

TimeStamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

code_signing bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

email_protection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocsp_signing bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

server_auth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

time_stamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage

ObjectIdPaths List<int>

Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]

Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>

Required. The parts of an OID path. The most significant parts of the path come first.

CertificateTemplatePredefinedValuesPolicyId

ObjectIdPaths List<int>

Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]

Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]

Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>

Required. The parts of an OID path. The most significant parts of the path come first.

Import

CertificateTemplate can be imported using any of these accepted formats

 $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}
 $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{project}}/{{location}}/{{name}}
 $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{location}}/{{name}}

Package Details

Repository
https://github.com/pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.