gcp.certificateauthority.CertificateTemplate
Explore with Pulumi AI
Certificate Authority Service provides reusable and parameterized templates that you can use for common certificate issuance scenarios. A certificate template represents a relatively static and well-defined certificate issuance schema within an organization. A certificate template can essentially become a full-fledged vertical certificate issuance framework.
For more information, see:
Example Usage
Basic_certificate_template
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CertificateTemplate;
import com.pulumi.gcp.certificateauthority.CertificateTemplateArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePassthroughExtensionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var primary = new CertificateTemplate("primary", CertificateTemplateArgs.builder()
.description("An updated sample certificate template")
.identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
.allowSubjectAltNamesPassthrough(true)
.allowSubjectPassthrough(true)
.celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
.description("Always true")
.expression("true")
.location("any.file.anywhere")
.title("Sample expression")
.build())
.build())
.labels(Map.of("label-two", "value-two"))
.location("us-west1")
.passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
.additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
.objectIdPath(
1,
6)
.build())
.knownExtensions("EXTENDED_KEY_USAGE")
.build())
.predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
.additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
.critical(true)
.objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
.objectIdPath(
1,
6)
.build())
.value("c3RyaW5nCg==")
.build())
.aiaOcspServers("string")
.caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
.isCa(false)
.maxIssuerPathLength(6)
.build())
.keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
.baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
.certSign(false)
.contentCommitment(true)
.crlSign(false)
.dataEncipherment(true)
.decipherOnly(true)
.digitalSignature(true)
.encipherOnly(true)
.keyAgreement(true)
.keyEncipherment(true)
.build())
.extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
.clientAuth(true)
.codeSigning(true)
.emailProtection(true)
.ocspSigning(true)
.serverAuth(true)
.timeStamping(true)
.build())
.unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
.objectIdPath(
1,
6)
.build())
.build())
.policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
.objectIdPath(
1,
6)
.build())
.build())
.project("my-project-name")
.build());
}
}
Coming soon!
Coming soon!
resources:
primary:
type: gcp:certificateauthority:CertificateTemplate
properties:
description: An updated sample certificate template
identityConstraints:
allowSubjectAltNamesPassthrough: true
allowSubjectPassthrough: true
celExpression:
description: Always true
expression: 'true'
location: any.file.anywhere
title: Sample expression
labels:
label-two: value-two
location: us-west1
passthroughExtensions:
additionalExtensions:
- objectIdPath:
- 1
- 6
knownExtensions:
- EXTENDED_KEY_USAGE
predefinedValues:
additionalExtensions:
- critical: true
objectId:
objectIdPath:
- 1
- 6
value: c3RyaW5nCg==
aiaOcspServers:
- string
caOptions:
isCa: false
maxIssuerPathLength: 6
keyUsage:
baseKeyUsage:
certSign: false
contentCommitment: true
crlSign: false
dataEncipherment: true
decipherOnly: true
digitalSignature: true
encipherOnly: true
keyAgreement: true
keyEncipherment: true
extendedKeyUsage:
clientAuth: true
codeSigning: true
emailProtection: true
ocspSigning: true
serverAuth: true
timeStamping: true
unknownExtendedKeyUsages:
- objectIdPath:
- 1
- 6
policyIds:
- objectIdPath:
- 1
- 6
project: my-project-name
Create CertificateTemplate Resource
new CertificateTemplate(name: string, args: CertificateTemplateArgs, opts?: CustomResourceOptions);
@overload
def CertificateTemplate(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
project: Optional[str] = None)
@overload
def CertificateTemplate(resource_name: str,
args: CertificateTemplateArgs,
opts: Optional[ResourceOptions] = None)
func NewCertificateTemplate(ctx *Context, name string, args CertificateTemplateArgs, opts ...ResourceOption) (*CertificateTemplate, error)
public CertificateTemplate(string name, CertificateTemplateArgs args, CustomResourceOptions? opts = null)
public CertificateTemplate(String name, CertificateTemplateArgs args)
public CertificateTemplate(String name, CertificateTemplateArgs args, CustomResourceOptions options)
type: gcp:certificateauthority:CertificateTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateTemplateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CertificateTemplate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CertificateTemplate resource accepts the following input properties:
- Location string
The location for the resource
- Description string
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Identity
Constraints CertificateTemplate Identity Constraints Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- Labels Dictionary<string, string>
Optional. Labels with user-defined metadata.
- Name string
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- Passthrough
Extensions CertificateTemplate Passthrough Extensions Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- Predefined
Values CertificateTemplate Predefined Values Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- Project string
The project for the resource
- Location string
The location for the resource
- Description string
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Identity
Constraints CertificateTemplate Identity Constraints Args Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- Labels map[string]string
Optional. Labels with user-defined metadata.
- Name string
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- Passthrough
Extensions CertificateTemplate Passthrough Extensions Args Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- Predefined
Values CertificateTemplate Predefined Values Args Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- Project string
The project for the resource
- location String
The location for the resource
- description String
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- identity
Constraints CertificateTemplate Identity Constraints Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels Map<String,String>
Optional. Labels with user-defined metadata.
- name String
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- passthrough
Extensions CertificateTemplate Passthrough Extensions Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined
Values CertificateTemplate Predefined Values Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project String
The project for the resource
- location string
The location for the resource
- description string
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- identity
Constraints CertificateTemplate Identity Constraints Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels {[key: string]: string}
Optional. Labels with user-defined metadata.
- name string
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- passthrough
Extensions CertificateTemplate Passthrough Extensions Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined
Values CertificateTemplate Predefined Values Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project string
The project for the resource
- location str
The location for the resource
- description str
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- identity_
constraints CertificateTemplate Identity Constraints Args Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels Mapping[str, str]
Optional. Labels with user-defined metadata.
- name str
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- passthrough_
extensions CertificateTemplate Passthrough Extensions Args Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined_
values CertificateTemplate Predefined Values Args Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project str
The project for the resource
- location String
The location for the resource
- description String
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- identity
Constraints Property Map Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels Map<String>
Optional. Labels with user-defined metadata.
- name String
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- passthrough
Extensions Property Map Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined
Values Property Map Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project String
The project for the resource
Outputs
All input properties are implicitly available as output properties. Additionally, the CertificateTemplate resource produces the following output properties:
- Create
Time string Output only. The time at which this CertificateTemplate was created.
- Id string
The provider-assigned unique ID for this managed resource.
- Update
Time string Output only. The time at which this CertificateTemplate was updated.
- Create
Time string Output only. The time at which this CertificateTemplate was created.
- Id string
The provider-assigned unique ID for this managed resource.
- Update
Time string Output only. The time at which this CertificateTemplate was updated.
- create
Time String Output only. The time at which this CertificateTemplate was created.
- id String
The provider-assigned unique ID for this managed resource.
- update
Time String Output only. The time at which this CertificateTemplate was updated.
- create
Time string Output only. The time at which this CertificateTemplate was created.
- id string
The provider-assigned unique ID for this managed resource.
- update
Time string Output only. The time at which this CertificateTemplate was updated.
- create_
time str Output only. The time at which this CertificateTemplate was created.
- id str
The provider-assigned unique ID for this managed resource.
- update_
time str Output only. The time at which this CertificateTemplate was updated.
- create
Time String Output only. The time at which this CertificateTemplate was created.
- id String
The provider-assigned unique ID for this managed resource.
- update
Time String Output only. The time at which this CertificateTemplate was updated.
Look up Existing CertificateTemplate Resource
Get an existing CertificateTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CertificateTemplateState, opts?: CustomResourceOptions): CertificateTemplate
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
create_time: Optional[str] = None,
description: Optional[str] = None,
identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
project: Optional[str] = None,
update_time: Optional[str] = None) -> CertificateTemplate
func GetCertificateTemplate(ctx *Context, name string, id IDInput, state *CertificateTemplateState, opts ...ResourceOption) (*CertificateTemplate, error)
public static CertificateTemplate Get(string name, Input<string> id, CertificateTemplateState? state, CustomResourceOptions? opts = null)
public static CertificateTemplate get(String name, Output<String> id, CertificateTemplateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Create
Time string Output only. The time at which this CertificateTemplate was created.
- Description string
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Identity
Constraints CertificateTemplate Identity Constraints Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- Labels Dictionary<string, string>
Optional. Labels with user-defined metadata.
- Location string
The location for the resource
- Name string
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- Passthrough
Extensions CertificateTemplate Passthrough Extensions Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- Predefined
Values CertificateTemplate Predefined Values Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- Project string
The project for the resource
- Update
Time string Output only. The time at which this CertificateTemplate was updated.
- Create
Time string Output only. The time at which this CertificateTemplate was created.
- Description string
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Identity
Constraints CertificateTemplate Identity Constraints Args Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- Labels map[string]string
Optional. Labels with user-defined metadata.
- Location string
The location for the resource
- Name string
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- Passthrough
Extensions CertificateTemplate Passthrough Extensions Args Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- Predefined
Values CertificateTemplate Predefined Values Args Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- Project string
The project for the resource
- Update
Time string Output only. The time at which this CertificateTemplate was updated.
- create
Time String Output only. The time at which this CertificateTemplate was created.
- description String
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- identity
Constraints CertificateTemplate Identity Constraints Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels Map<String,String>
Optional. Labels with user-defined metadata.
- location String
The location for the resource
- name String
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- passthrough
Extensions CertificateTemplate Passthrough Extensions Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined
Values CertificateTemplate Predefined Values Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project String
The project for the resource
- update
Time String Output only. The time at which this CertificateTemplate was updated.
- create
Time string Output only. The time at which this CertificateTemplate was created.
- description string
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- identity
Constraints CertificateTemplate Identity Constraints Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels {[key: string]: string}
Optional. Labels with user-defined metadata.
- location string
The location for the resource
- name string
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- passthrough
Extensions CertificateTemplate Passthrough Extensions Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined
Values CertificateTemplate Predefined Values Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project string
The project for the resource
- update
Time string Output only. The time at which this CertificateTemplate was updated.
- create_
time str Output only. The time at which this CertificateTemplate was created.
- description str
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- identity_
constraints CertificateTemplate Identity Constraints Args Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels Mapping[str, str]
Optional. Labels with user-defined metadata.
- location str
The location for the resource
- name str
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- passthrough_
extensions CertificateTemplate Passthrough Extensions Args Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined_
values CertificateTemplate Predefined Values Args Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project str
The project for the resource
- update_
time str Output only. The time at which this CertificateTemplate was updated.
- create
Time String Output only. The time at which this CertificateTemplate was created.
- description String
Optional. A human-readable description of scenarios this template is intended for.
(Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- identity
Constraints Property Map Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
- labels Map<String>
Optional. Labels with user-defined metadata.
- location String
The location for the resource
- name String
The resource name for this CertificateTemplate in the format
projects/*/locations/*/certificateTemplates/*
.- passthrough
Extensions Property Map Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
- predefined
Values Property Map Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
- project String
The project for the resource
- update
Time String Output only. The time at which this CertificateTemplate was updated.
Supporting Types
CertificateTemplateIdentityConstraints, CertificateTemplateIdentityConstraintsArgs
- Allow
Subject boolAlt Names Passthrough Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression CertificateTemplate Identity Constraints Cel Expression Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- Allow
Subject boolAlt Names Passthrough Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression CertificateTemplate Identity Constraints Cel Expression Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression CertificateTemplate Identity Constraints Cel Expression Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject booleanAlt Names Passthrough Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject booleanPassthrough Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression CertificateTemplate Identity Constraints Cel Expression Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow_
subject_ boolalt_ names_ passthrough Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow_
subject_ boolpassthrough Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel_
expression CertificateTemplate Identity Constraints Cel Expression Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Property Map Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
CertificateTemplateIdentityConstraintsCelExpression, CertificateTemplateIdentityConstraintsCelExpressionArgs
- Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
Textual representation of an expression in Common Expression Language syntax.
- Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
Textual representation of an expression in Common Expression Language syntax.
- Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
Textual representation of an expression in Common Expression Language syntax.
- location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
Textual representation of an expression in Common Expression Language syntax.
- location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
Textual representation of an expression in Common Expression Language syntax.
- location str
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
Textual representation of an expression in Common Expression Language syntax.
- location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
CertificateTemplatePassthroughExtensions, CertificateTemplatePassthroughExtensionsArgs
- Additional
Extensions List<CertificateTemplate Passthrough Extensions Additional Extension> Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions List<string> Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- Additional
Extensions []CertificateTemplate Passthrough Extensions Additional Extension Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions []string Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<CertificateTemplate Passthrough Extensions Additional Extension> Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<String> Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions CertificateTemplate Passthrough Extensions Additional Extension[] Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions string[] Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional_
extensions Sequence[CertificateTemplate Passthrough Extensions Additional Extension] Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known_
extensions Sequence[str] Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<Property Map> Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<String> Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
CertificateTemplatePassthroughExtensionsAdditionalExtension, CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs
- Object
Id List<int>Paths Required. The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPaths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Paths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Paths Required. The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]paths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Paths Required. The parts of an OID path. The most significant parts of the path come first.
CertificateTemplatePredefinedValues, CertificateTemplatePredefinedValuesArgs
- Additional
Extensions List<CertificateTemplate Predefined Values Additional Extension> Optional. Describes custom X.509 extensions.
- Aia
Ocsp List<string>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CertificateTemplate Predefined Values Ca Options Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage CertificateTemplate Predefined Values Key Usage Optional. Indicates the intended use for keys that correspond to a certificate.
- Policy
Ids List<CertificateTemplate Predefined Values Policy Id> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []CertificateTemplate Predefined Values Additional Extension Optional. Describes custom X.509 extensions.
- Aia
Ocsp []stringServers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CertificateTemplate Predefined Values Ca Options Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage CertificateTemplate Predefined Values Key Usage Optional. Indicates the intended use for keys that correspond to a certificate.
- Policy
Ids []CertificateTemplate Predefined Values Policy Id Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<CertificateTemplate Predefined Values Additional Extension> Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CertificateTemplate Predefined Values Ca Options Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage CertificateTemplate Predefined Values Key Usage Optional. Indicates the intended use for keys that correspond to a certificate.
- policy
Ids List<CertificateTemplate Predefined Values Policy Id> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions CertificateTemplate Predefined Values Additional Extension[] Optional. Describes custom X.509 extensions.
- aia
Ocsp string[]Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CertificateTemplate Predefined Values Ca Options Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage CertificateTemplate Predefined Values Key Usage Optional. Indicates the intended use for keys that correspond to a certificate.
- policy
Ids CertificateTemplate Predefined Values Policy Id[] Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[CertificateTemplate Predefined Values Additional Extension] Optional. Describes custom X.509 extensions.
- aia_
ocsp_ Sequence[str]servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CertificateTemplate Predefined Values Ca Options Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage CertificateTemplate Predefined Values Key Usage Optional. Indicates the intended use for keys that correspond to a certificate.
- policy_
ids Sequence[CertificateTemplate Predefined Values Policy Id] Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage Property Map Optional. Indicates the intended use for keys that correspond to a certificate.
- policy
Ids List<Property Map> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
CertificateTemplatePredefinedValuesAdditionalExtension, CertificateTemplatePredefinedValuesAdditionalExtensionArgs
- Object
Id CertificateTemplate Predefined Values Additional Extension Object Id Required. The OID for this X.509 extension.
- Value string
Required. The value of this X.509 extension.
- Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id CertificateTemplate Predefined Values Additional Extension Object Id Required. The OID for this X.509 extension.
- Value string
Required. The value of this X.509 extension.
- Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id CertificateTemplate Predefined Values Additional Extension Object Id Required. The OID for this X.509 extension.
- value String
Required. The value of this X.509 extension.
- critical Boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id CertificateTemplate Predefined Values Additional Extension Object Id Required. The OID for this X.509 extension.
- value string
Required. The value of this X.509 extension.
- critical boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
id CertificateTemplate Predefined Values Additional Extension Object Id Required. The OID for this X.509 extension.
- value str
Required. The value of this X.509 extension.
- critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map Required. The OID for this X.509 extension.
- value String
Required. The value of this X.509 extension.
- critical Boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
CertificateTemplatePredefinedValuesAdditionalExtensionObjectId, CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs
- Object
Id List<int>Paths Required. The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPaths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Paths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Paths Required. The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]paths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Paths Required. The parts of an OID path. The most significant parts of the path come first.
CertificateTemplatePredefinedValuesCaOptions, CertificateTemplatePredefinedValuesCaOptionsArgs
- Is
Ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CertificateTemplatePredefinedValuesKeyUsage, CertificateTemplatePredefinedValuesKeyUsageArgs
- Base
Key CertificateUsage Template Predefined Values Key Usage Base Key Usage Describes high-level ways in which a key may be used.
- Extended
Key CertificateUsage Template Predefined Values Key Usage Extended Key Usage Detailed scenarios in which a key may be used.
- Unknown
Extended List<CertificateKey Usages Template Predefined Values Key Usage Unknown Extended Key Usage> Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key CertificateUsage Template Predefined Values Key Usage Base Key Usage Describes high-level ways in which a key may be used.
- Extended
Key CertificateUsage Template Predefined Values Key Usage Extended Key Usage Detailed scenarios in which a key may be used.
- Unknown
Extended []CertificateKey Usages Template Predefined Values Key Usage Unknown Extended Key Usage Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key CertificateUsage Template Predefined Values Key Usage Base Key Usage Describes high-level ways in which a key may be used.
- extended
Key CertificateUsage Template Predefined Values Key Usage Extended Key Usage Detailed scenarios in which a key may be used.
- unknown
Extended List<CertificateKey Usages Template Predefined Values Key Usage Unknown Extended Key Usage> Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key CertificateUsage Template Predefined Values Key Usage Base Key Usage Describes high-level ways in which a key may be used.
- extended
Key CertificateUsage Template Predefined Values Key Usage Extended Key Usage Detailed scenarios in which a key may be used.
- unknown
Extended CertificateKey Usages Template Predefined Values Key Usage Unknown Extended Key Usage[] Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ Certificateusage Template Predefined Values Key Usage Base Key Usage Describes high-level ways in which a key may be used.
- extended_
key_ Certificateusage Template Predefined Values Key Usage Extended Key Usage Detailed scenarios in which a key may be used.
- unknown_
extended_ Sequence[Certificatekey_ usages Template Predefined Values Key Usage Unknown Extended Key Usage] Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Property MapUsage Describes high-level ways in which a key may be used.
- extended
Key Property MapUsage Detailed scenarios in which a key may be used.
- unknown
Extended List<Property Map>Key Usages Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage, CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
- cert
Sign boolean The key may be used to sign certificates.
- content
Commitment boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean The key may be used sign certificate revocation lists.
- data
Encipherment boolean The key may be used to encipher data.
- decipher
Only boolean The key may be used to decipher only.
- digital
Signature boolean The key may be used for digital signatures.
- encipher
Only boolean The key may be used to encipher only.
- key
Agreement boolean The key may be used in a key agreement protocol.
- key
Encipherment boolean The key may be used to encipher other keys.
- cert_
sign bool The key may be used to sign certificates.
- content_
commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool The key may be used sign certificate revocation lists.
- data_
encipherment bool The key may be used to encipher data.
- decipher_
only bool The key may be used to decipher only.
- digital_
signature bool The key may be used for digital signatures.
- encipher_
only bool The key may be used to encipher only.
- key_
agreement bool The key may be used in a key agreement protocol.
- key_
encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs
- Object
Id List<int>Paths Required. The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPaths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Paths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Paths Required. The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]paths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Paths Required. The parts of an OID path. The most significant parts of the path come first.
CertificateTemplatePredefinedValuesPolicyId, CertificateTemplatePredefinedValuesPolicyIdArgs
- Object
Id List<int>Paths Required. The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPaths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Paths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Paths Required. The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]paths Required. The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Paths Required. The parts of an OID path. The most significant parts of the path come first.
Import
CertificateTemplate can be imported using any of these accepted formats
$ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}
$ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{project}}/{{location}}/{{name}}
$ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{location}}/{{name}}
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-beta
Terraform Provider.