Google Cloud Classic v6.52.0, Mar 22 23

gcp.certificateauthority.CertificateTemplate

Certificate Authority Service provides reusable and parameterized templates that you can use for common certificate issuance scenarios. A certificate template represents a relatively static and well-defined certificate issuance schema within an organization. A certificate template can essentially become a full-fledged vertical certificate issuance framework.

For more information, see:

Example Usage

Basic_certificate_template

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CertificateTemplate;
import com.pulumi.gcp.certificateauthority.CertificateTemplateArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePassthroughExtensionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var primary = new CertificateTemplate("primary", CertificateTemplateArgs.builder()        
            .description("An updated sample certificate template")
            .identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
                .allowSubjectAltNamesPassthrough(true)
                .allowSubjectPassthrough(true)
                .celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
                    .description("Always true")
                    .expression("true")
                    .location("any.file.anywhere")
                    .title("Sample expression")
                    .build())
                .build())
            .labels(Map.of("label-two", "value-two"))
            .location("us-west1")
            .passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
                .additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
                    .objectIdPath(                    
                        1,
                        6)
                    .build())
                .knownExtensions("EXTENDED_KEY_USAGE")
                .build())
            .predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
                .additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
                    .critical(true)
                    .objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
                        .objectIdPath(                        
                            1,
                            6)
                        .build())
                    .value("c3RyaW5nCg==")
                    .build())
                .aiaOcspServers("string")
                .caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
                    .isCa(false)
                    .maxIssuerPathLength(6)
                    .build())
                .keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
                    .baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
                        .certSign(false)
                        .contentCommitment(true)
                        .crlSign(false)
                        .dataEncipherment(true)
                        .decipherOnly(true)
                        .digitalSignature(true)
                        .encipherOnly(true)
                        .keyAgreement(true)
                        .keyEncipherment(true)
                        .build())
                    .extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
                        .clientAuth(true)
                        .codeSigning(true)
                        .emailProtection(true)
                        .ocspSigning(true)
                        .serverAuth(true)
                        .timeStamping(true)
                        .build())
                    .unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
                        .objectIdPath(                        
                            1,
                            6)
                        .build())
                    .build())
                .policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
                    .objectIdPath(                    
                        1,
                        6)
                    .build())
                .build())
            .project("my-project-name")
            .build());

    }
}

Coming soon!

resources:
  primary:
    type: gcp:certificateauthority:CertificateTemplate
    properties:
      description: An updated sample certificate template
      identityConstraints:
        allowSubjectAltNamesPassthrough: true
        allowSubjectPassthrough: true
        celExpression:
          description: Always true
          expression: 'true'
          location: any.file.anywhere
          title: Sample expression
      labels:
        label-two: value-two
      location: us-west1
      passthroughExtensions:
        additionalExtensions:
          - objectIdPath:
              - 1
              - 6
        knownExtensions:
          - EXTENDED_KEY_USAGE
      predefinedValues:
        additionalExtensions:
          - critical: true
            objectId:
              objectIdPath:
                - 1
                - 6
            value: c3RyaW5nCg==
        aiaOcspServers:
          - string
        caOptions:
          isCa: false
          maxIssuerPathLength: 6
        keyUsage:
          baseKeyUsage:
            certSign: false
            contentCommitment: true
            crlSign: false
            dataEncipherment: true
            decipherOnly: true
            digitalSignature: true
            encipherOnly: true
            keyAgreement: true
            keyEncipherment: true
          extendedKeyUsage:
            clientAuth: true
            codeSigning: true
            emailProtection: true
            ocspSigning: true
            serverAuth: true
            timeStamping: true
          unknownExtendedKeyUsages:
            - objectIdPath:
                - 1
                - 6
        policyIds:
          - objectIdPath:
              - 1
              - 6
      project: my-project-name

Create CertificateTemplate Resource

new CertificateTemplate(name: string, args: CertificateTemplateArgs, opts?: CustomResourceOptions);

@overload
def CertificateTemplate(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        description: Optional[str] = None,
                        identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
                        labels: Optional[Mapping[str, str]] = None,
                        location: Optional[str] = None,
                        name: Optional[str] = None,
                        passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
                        predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
                        project: Optional[str] = None)
@overload
def CertificateTemplate(resource_name: str,
                        args: CertificateTemplateArgs,
                        opts: Optional[ResourceOptions] = None)

func NewCertificateTemplate(ctx *Context, name string, args CertificateTemplateArgs, opts ...ResourceOption) (*CertificateTemplate, error)

public CertificateTemplate(string name, CertificateTemplateArgs args, CustomResourceOptions? opts = null)

public CertificateTemplate(String name, CertificateTemplateArgs args)
public CertificateTemplate(String name, CertificateTemplateArgs args, CustomResourceOptions options)

type: gcp:certificateauthority:CertificateTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateTemplateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertificateTemplateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertificateTemplateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateTemplateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertificateTemplateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

CertificateTemplate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CertificateTemplate resource accepts the following input properties:

Location string: The location for the resource
Description string: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
IdentityConstraints CertificateTemplateIdentityConstraintsArgs: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
Labels Dictionary<string, string>: Optional. Labels with user-defined metadata.
Name string: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
PredefinedValues CertificateTemplatePredefinedValuesArgs: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
Project string: The project for the resource

Location string: The location for the resource
Description string: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
IdentityConstraints CertificateTemplateIdentityConstraintsArgs: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
Labels map[string]string: Optional. Labels with user-defined metadata.
Name string: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
PredefinedValues CertificateTemplatePredefinedValuesArgs: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
Project string: The project for the resource

location String: The location for the resource
description String: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
identityConstraints CertificateTemplateIdentityConstraintsArgs: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels Map<String,String>: Optional. Labels with user-defined metadata.
name String: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthroughExtensions CertificateTemplatePassthroughExtensionsArgs: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefinedValues CertificateTemplatePredefinedValuesArgs: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
project String: The project for the resource

location string: The location for the resource
description string: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
identityConstraints CertificateTemplateIdentityConstraintsArgs: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels {[key: string]: string}: Optional. Labels with user-defined metadata.
name string: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthroughExtensions CertificateTemplatePassthroughExtensionsArgs: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefinedValues CertificateTemplatePredefinedValuesArgs: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
project string: The project for the resource

location str: The location for the resource
description str: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
identity_constraints CertificateTemplateIdentityConstraintsArgs: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels Mapping[str, str]: Optional. Labels with user-defined metadata.
name str: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthrough_extensions CertificateTemplatePassthroughExtensionsArgs: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefined_values CertificateTemplatePredefinedValuesArgs: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
project str: The project for the resource

location String: The location for the resource
description String: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
identityConstraints Property Map: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels Map<String>: Optional. Labels with user-defined metadata.
name String: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthroughExtensions Property Map: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefinedValues Property Map: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
project String: The project for the resource

Outputs

All input properties are implicitly available as output properties. Additionally, the CertificateTemplate resource produces the following output properties:

CreateTime string: Output only. The time at which this CertificateTemplate was created.
Id string: The provider-assigned unique ID for this managed resource.
UpdateTime string: Output only. The time at which this CertificateTemplate was updated.

CreateTime string: Output only. The time at which this CertificateTemplate was created.
Id string: The provider-assigned unique ID for this managed resource.
UpdateTime string: Output only. The time at which this CertificateTemplate was updated.

createTime String: Output only. The time at which this CertificateTemplate was created.
id String: The provider-assigned unique ID for this managed resource.
updateTime String: Output only. The time at which this CertificateTemplate was updated.

createTime string: Output only. The time at which this CertificateTemplate was created.
id string: The provider-assigned unique ID for this managed resource.
updateTime string: Output only. The time at which this CertificateTemplate was updated.

create_time str: Output only. The time at which this CertificateTemplate was created.
id str: The provider-assigned unique ID for this managed resource.
update_time str: Output only. The time at which this CertificateTemplate was updated.

createTime String: Output only. The time at which this CertificateTemplate was created.
id String: The provider-assigned unique ID for this managed resource.
updateTime String: Output only. The time at which this CertificateTemplate was updated.

Look up Existing CertificateTemplate Resource

Get an existing CertificateTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateTemplateState, opts?: CustomResourceOptions): CertificateTemplate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        create_time: Optional[str] = None,
        description: Optional[str] = None,
        identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
        labels: Optional[Mapping[str, str]] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
        predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
        project: Optional[str] = None,
        update_time: Optional[str] = None) -> CertificateTemplate

func GetCertificateTemplate(ctx *Context, name string, id IDInput, state *CertificateTemplateState, opts ...ResourceOption) (*CertificateTemplate, error)

public static CertificateTemplate Get(string name, Input<string> id, CertificateTemplateState? state, CustomResourceOptions? opts = null)

public static CertificateTemplate get(String name, Output<String> id, CertificateTemplateState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CreateTime string: Output only. The time at which this CertificateTemplate was created.
Description string: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
IdentityConstraints CertificateTemplateIdentityConstraintsArgs: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
Labels Dictionary<string, string>: Optional. Labels with user-defined metadata.
Location string: The location for the resource
Name string: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
PredefinedValues CertificateTemplatePredefinedValuesArgs: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
Project string: The project for the resource
UpdateTime string: Output only. The time at which this CertificateTemplate was updated.

CreateTime string: Output only. The time at which this CertificateTemplate was created.
Description string: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
IdentityConstraints CertificateTemplateIdentityConstraintsArgs: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
Labels map[string]string: Optional. Labels with user-defined metadata.
Location string: The location for the resource
Name string: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
PredefinedValues CertificateTemplatePredefinedValuesArgs: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
Project string: The project for the resource
UpdateTime string: Output only. The time at which this CertificateTemplate was updated.

createTime String: Output only. The time at which this CertificateTemplate was created.
description String: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
identityConstraints CertificateTemplateIdentityConstraintsArgs: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels Map<String,String>: Optional. Labels with user-defined metadata.
location String: The location for the resource
name String: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthroughExtensions CertificateTemplatePassthroughExtensionsArgs: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefinedValues CertificateTemplatePredefinedValuesArgs: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
project String: The project for the resource
updateTime String: Output only. The time at which this CertificateTemplate was updated.

createTime string: Output only. The time at which this CertificateTemplate was created.
description string: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
identityConstraints CertificateTemplateIdentityConstraintsArgs: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels {[key: string]: string}: Optional. Labels with user-defined metadata.
location string: The location for the resource
name string: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthroughExtensions CertificateTemplatePassthroughExtensionsArgs: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefinedValues CertificateTemplatePredefinedValuesArgs: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
project string: The project for the resource
updateTime string: Output only. The time at which this CertificateTemplate was updated.

create_time str: Output only. The time at which this CertificateTemplate was created.
description str: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
identity_constraints CertificateTemplateIdentityConstraintsArgs: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels Mapping[str, str]: Optional. Labels with user-defined metadata.
location str: The location for the resource
name str: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthrough_extensions CertificateTemplatePassthroughExtensionsArgs: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefined_values CertificateTemplatePredefinedValuesArgs: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
project str: The project for the resource
update_time str: Output only. The time at which this CertificateTemplate was updated.

createTime String: Output only. The time at which this CertificateTemplate was created.
description String: Optional. A human-readable description of scenarios this template is intended for. (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
identityConstraints Property Map: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels Map<String>: Optional. Labels with user-defined metadata.
location String: The location for the resource
name String: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthroughExtensions Property Map: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefinedValues Property Map: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
project String: The project for the resource
updateTime String: Output only. The time at which this CertificateTemplate was updated.

Supporting Types

CertificateTemplateIdentityConstraints

AllowSubjectAltNamesPassthrough bool: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
AllowSubjectPassthrough bool: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
CelExpression CertificateTemplateIdentityConstraintsCelExpression: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

AllowSubjectAltNamesPassthrough bool: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
AllowSubjectPassthrough bool: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
CelExpression CertificateTemplateIdentityConstraintsCelExpression: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough Boolean: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough Boolean: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression CertificateTemplateIdentityConstraintsCelExpression: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough boolean: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough boolean: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression CertificateTemplateIdentityConstraintsCelExpression: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allow_subject_alt_names_passthrough bool: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allow_subject_passthrough bool: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
cel_expression CertificateTemplateIdentityConstraintsCelExpression: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough Boolean: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough Boolean: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression Property Map: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

CertificateTemplateIdentityConstraintsCelExpression

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression string: Textual representation of an expression in Common Expression Language syntax.
location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression str: Textual representation of an expression in Common Expression Language syntax.
location str: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title str: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

CertificateTemplatePassthroughExtensions

AdditionalExtensions List<CertificateTemplatePassthroughExtensionsAdditionalExtension>: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
KnownExtensions List<string>: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

AdditionalExtensions []CertificateTemplatePassthroughExtensionsAdditionalExtension: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
KnownExtensions []string: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions List<CertificateTemplatePassthroughExtensionsAdditionalExtension>: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions List<String>: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions CertificateTemplatePassthroughExtensionsAdditionalExtension[]: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions string[]: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additional_extensions Sequence[CertificateTemplatePassthroughExtensionsAdditionalExtension]: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
known_extensions Sequence[str]: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions List<Property Map>: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions List<String>: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

CertificateTemplatePassthroughExtensionsAdditionalExtension

ObjectIdPaths List<int>: Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]: Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>: Required. The parts of an OID path. The most significant parts of the path come first.

CertificateTemplatePredefinedValues

AdditionalExtensions List<CertificateTemplatePredefinedValuesAdditionalExtension>: Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions CertificateTemplatePredefinedValuesCaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage CertificateTemplatePredefinedValuesKeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds List<CertificateTemplatePredefinedValuesPolicyId>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []CertificateTemplatePredefinedValuesAdditionalExtension: Optional. Describes custom X.509 extensions.
AiaOcspServers []string: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions CertificateTemplatePredefinedValuesCaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage CertificateTemplatePredefinedValuesKeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds []CertificateTemplatePredefinedValuesPolicyId: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<CertificateTemplatePredefinedValuesAdditionalExtension>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CertificateTemplatePredefinedValuesCaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage CertificateTemplatePredefinedValuesKeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds List<CertificateTemplatePredefinedValuesPolicyId>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions CertificateTemplatePredefinedValuesAdditionalExtension[]: Optional. Describes custom X.509 extensions.
aiaOcspServers string[]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CertificateTemplatePredefinedValuesCaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage CertificateTemplatePredefinedValuesKeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds CertificateTemplatePredefinedValuesPolicyId[]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[CertificateTemplatePredefinedValuesAdditionalExtension]: Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
ca_options CertificateTemplatePredefinedValuesCaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
key_usage CertificateTemplatePredefinedValuesKeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
policy_ids Sequence[CertificateTemplatePredefinedValuesPolicyId]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions Property Map: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage Property Map: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds List<Property Map>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

CertificateTemplatePredefinedValuesAdditionalExtension

ObjectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId: Required. The OID for this X.509 extension.
Value string: Required. The value of this X.509 extension.
Critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

ObjectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId: Required. The OID for this X.509 extension.
Value string: Required. The value of this X.509 extension.
Critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId: Required. The OID for this X.509 extension.
value String: Required. The value of this X.509 extension.
critical Boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId: Required. The OID for this X.509 extension.
value string: Required. The value of this X.509 extension.
critical boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

object_id CertificateTemplatePredefinedValuesAdditionalExtensionObjectId: Required. The OID for this X.509 extension.
value str: Required. The value of this X.509 extension.
critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId Property Map: Required. The OID for this X.509 extension.
value String: Required. The value of this X.509 extension.
critical Boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

ObjectIdPaths List<int>: Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]: Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>: Required. The parts of an OID path. The most significant parts of the path come first.

CertificateTemplatePredefinedValuesCaOptions

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Integer: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

is_ca bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CertificateTemplatePredefinedValuesKeyUsage

BaseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
ExtendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

BaseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
ExtendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
extendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
extendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage[]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

base_key_usage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
extended_key_usage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage: Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage Property Map: Describes high-level ways in which a key may be used.
extendedKeyUsage Property Map: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<Property Map>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

certSign boolean: The key may be used to sign certificates.
contentCommitment boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign boolean: The key may be used sign certificate revocation lists.
dataEncipherment boolean: The key may be used to encipher data.
decipherOnly boolean: The key may be used to decipher only.
digitalSignature boolean: The key may be used for digital signatures.
encipherOnly boolean: The key may be used to encipher only.
keyAgreement boolean: The key may be used in a key agreement protocol.
keyEncipherment boolean: The key may be used to encipher other keys.

cert_sign bool: The key may be used to sign certificates.
content_commitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crl_sign bool: The key may be used sign certificate revocation lists.
data_encipherment bool: The key may be used to encipher data.
decipher_only bool: The key may be used to decipher only.
digital_signature bool: The key may be used for digital signatures.
encipher_only bool: The key may be used to encipher only.
key_agreement bool: The key may be used in a key agreement protocol.
key_encipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
code_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
email_protection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocsp_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
server_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
time_stamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage

ObjectIdPaths List<int>: Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]: Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>: Required. The parts of an OID path. The most significant parts of the path come first.

CertificateTemplatePredefinedValuesPolicyId

ObjectIdPaths List<int>: Required. The parts of an OID path. The most significant parts of the path come first.

ObjectIdPaths []int: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Integer>: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths number[]: Required. The parts of an OID path. The most significant parts of the path come first.

object_id_paths Sequence[int]: Required. The parts of an OID path. The most significant parts of the path come first.

objectIdPaths List<Number>: Required. The parts of an OID path. The most significant parts of the path come first.

Import

CertificateTemplate can be imported using any of these accepted formats

 $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}

 $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{project}}/{{location}}/{{name}}

 $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{location}}/{{name}}

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.