1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. certificateauthority
  5. CertificateTemplate
Google Cloud Classic v6.67.0 published on Wednesday, Sep 27, 2023 by Pulumi

gcp.certificateauthority.CertificateTemplate

Explore with Pulumi AI

gcp logo
Google Cloud Classic v6.67.0 published on Wednesday, Sep 27, 2023 by Pulumi

    Certificate Authority Service provides reusable and parameterized templates that you can use for common certificate issuance scenarios. A certificate template represents a relatively static and well-defined certificate issuance schema within an organization. A certificate template can essentially become a full-fledged vertical certificate issuance framework.

    For more information, see:

    Example Usage

    Basic_certificate_template

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificateauthority.CertificateTemplate;
    import com.pulumi.gcp.certificateauthority.CertificateTemplateArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePassthroughExtensionsArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesCaOptionsArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var primary = new CertificateTemplate("primary", CertificateTemplateArgs.builder()        
                .description("An updated sample certificate template")
                .identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
                    .allowSubjectAltNamesPassthrough(true)
                    .allowSubjectPassthrough(true)
                    .celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
                        .description("Always true")
                        .expression("true")
                        .location("any.file.anywhere")
                        .title("Sample expression")
                        .build())
                    .build())
                .labels(Map.of("label-two", "value-two"))
                .location("us-west1")
                .passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
                    .additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
                        .objectIdPath(                    
                            1,
                            6)
                        .build())
                    .knownExtensions("EXTENDED_KEY_USAGE")
                    .build())
                .predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
                    .additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
                        .critical(true)
                        .objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
                            .objectIdPath(                        
                                1,
                                6)
                            .build())
                        .value("c3RyaW5nCg==")
                        .build())
                    .aiaOcspServers("string")
                    .caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
                        .isCa(false)
                        .maxIssuerPathLength(6)
                        .build())
                    .keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
                        .baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
                            .certSign(false)
                            .contentCommitment(true)
                            .crlSign(false)
                            .dataEncipherment(true)
                            .decipherOnly(true)
                            .digitalSignature(true)
                            .encipherOnly(true)
                            .keyAgreement(true)
                            .keyEncipherment(true)
                            .build())
                        .extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
                            .clientAuth(true)
                            .codeSigning(true)
                            .emailProtection(true)
                            .ocspSigning(true)
                            .serverAuth(true)
                            .timeStamping(true)
                            .build())
                        .unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
                            .objectIdPath(                        
                                1,
                                6)
                            .build())
                        .build())
                    .policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
                        .objectIdPath(                    
                            1,
                            6)
                        .build())
                    .build())
                .project("my-project-name")
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      primary:
        type: gcp:certificateauthority:CertificateTemplate
        properties:
          description: An updated sample certificate template
          identityConstraints:
            allowSubjectAltNamesPassthrough: true
            allowSubjectPassthrough: true
            celExpression:
              description: Always true
              expression: 'true'
              location: any.file.anywhere
              title: Sample expression
          labels:
            label-two: value-two
          location: us-west1
          passthroughExtensions:
            additionalExtensions:
              - objectIdPath:
                  - 1
                  - 6
            knownExtensions:
              - EXTENDED_KEY_USAGE
          predefinedValues:
            additionalExtensions:
              - critical: true
                objectId:
                  objectIdPath:
                    - 1
                    - 6
                value: c3RyaW5nCg==
            aiaOcspServers:
              - string
            caOptions:
              isCa: false
              maxIssuerPathLength: 6
            keyUsage:
              baseKeyUsage:
                certSign: false
                contentCommitment: true
                crlSign: false
                dataEncipherment: true
                decipherOnly: true
                digitalSignature: true
                encipherOnly: true
                keyAgreement: true
                keyEncipherment: true
              extendedKeyUsage:
                clientAuth: true
                codeSigning: true
                emailProtection: true
                ocspSigning: true
                serverAuth: true
                timeStamping: true
              unknownExtendedKeyUsages:
                - objectIdPath:
                    - 1
                    - 6
            policyIds:
              - objectIdPath:
                  - 1
                  - 6
          project: my-project-name
    

    Create CertificateTemplate Resource

    new CertificateTemplate(name: string, args: CertificateTemplateArgs, opts?: CustomResourceOptions);
    @overload
    def CertificateTemplate(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            description: Optional[str] = None,
                            identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
                            labels: Optional[Mapping[str, str]] = None,
                            location: Optional[str] = None,
                            name: Optional[str] = None,
                            passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
                            predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
                            project: Optional[str] = None)
    @overload
    def CertificateTemplate(resource_name: str,
                            args: CertificateTemplateArgs,
                            opts: Optional[ResourceOptions] = None)
    func NewCertificateTemplate(ctx *Context, name string, args CertificateTemplateArgs, opts ...ResourceOption) (*CertificateTemplate, error)
    public CertificateTemplate(string name, CertificateTemplateArgs args, CustomResourceOptions? opts = null)
    public CertificateTemplate(String name, CertificateTemplateArgs args)
    public CertificateTemplate(String name, CertificateTemplateArgs args, CustomResourceOptions options)
    
    type: gcp:certificateauthority:CertificateTemplate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    CertificateTemplate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The CertificateTemplate resource accepts the following input properties:

    Location string

    The location for the resource

    Description string

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    IdentityConstraints CertificateTemplateIdentityConstraints

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    Labels Dictionary<string, string>

    Optional. Labels with user-defined metadata.

    Name string

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    PassthroughExtensions CertificateTemplatePassthroughExtensions

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    PredefinedValues CertificateTemplatePredefinedValues

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    Project string

    The project for the resource

    Location string

    The location for the resource

    Description string

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    IdentityConstraints CertificateTemplateIdentityConstraintsArgs

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    Labels map[string]string

    Optional. Labels with user-defined metadata.

    Name string

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    PredefinedValues CertificateTemplatePredefinedValuesArgs

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    Project string

    The project for the resource

    location String

    The location for the resource

    description String

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    identityConstraints CertificateTemplateIdentityConstraints

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    labels Map<String,String>

    Optional. Labels with user-defined metadata.

    name String

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    passthroughExtensions CertificateTemplatePassthroughExtensions

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    predefinedValues CertificateTemplatePredefinedValues

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    project String

    The project for the resource

    location string

    The location for the resource

    description string

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    identityConstraints CertificateTemplateIdentityConstraints

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    labels {[key: string]: string}

    Optional. Labels with user-defined metadata.

    name string

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    passthroughExtensions CertificateTemplatePassthroughExtensions

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    predefinedValues CertificateTemplatePredefinedValues

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    project string

    The project for the resource

    location str

    The location for the resource

    description str

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    identity_constraints CertificateTemplateIdentityConstraintsArgs

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    labels Mapping[str, str]

    Optional. Labels with user-defined metadata.

    name str

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    passthrough_extensions CertificateTemplatePassthroughExtensionsArgs

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    predefined_values CertificateTemplatePredefinedValuesArgs

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    project str

    The project for the resource

    location String

    The location for the resource

    description String

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    identityConstraints Property Map

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    labels Map<String>

    Optional. Labels with user-defined metadata.

    name String

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    passthroughExtensions Property Map

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    predefinedValues Property Map

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    project String

    The project for the resource

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CertificateTemplate resource produces the following output properties:

    CreateTime string

    Output only. The time at which this CertificateTemplate was created.

    Id string

    The provider-assigned unique ID for this managed resource.

    UpdateTime string

    Output only. The time at which this CertificateTemplate was updated.

    CreateTime string

    Output only. The time at which this CertificateTemplate was created.

    Id string

    The provider-assigned unique ID for this managed resource.

    UpdateTime string

    Output only. The time at which this CertificateTemplate was updated.

    createTime String

    Output only. The time at which this CertificateTemplate was created.

    id String

    The provider-assigned unique ID for this managed resource.

    updateTime String

    Output only. The time at which this CertificateTemplate was updated.

    createTime string

    Output only. The time at which this CertificateTemplate was created.

    id string

    The provider-assigned unique ID for this managed resource.

    updateTime string

    Output only. The time at which this CertificateTemplate was updated.

    create_time str

    Output only. The time at which this CertificateTemplate was created.

    id str

    The provider-assigned unique ID for this managed resource.

    update_time str

    Output only. The time at which this CertificateTemplate was updated.

    createTime String

    Output only. The time at which this CertificateTemplate was created.

    id String

    The provider-assigned unique ID for this managed resource.

    updateTime String

    Output only. The time at which this CertificateTemplate was updated.

    Look up Existing CertificateTemplate Resource

    Get an existing CertificateTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CertificateTemplateState, opts?: CustomResourceOptions): CertificateTemplate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            create_time: Optional[str] = None,
            description: Optional[str] = None,
            identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
            labels: Optional[Mapping[str, str]] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
            predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
            project: Optional[str] = None,
            update_time: Optional[str] = None) -> CertificateTemplate
    func GetCertificateTemplate(ctx *Context, name string, id IDInput, state *CertificateTemplateState, opts ...ResourceOption) (*CertificateTemplate, error)
    public static CertificateTemplate Get(string name, Input<string> id, CertificateTemplateState? state, CustomResourceOptions? opts = null)
    public static CertificateTemplate get(String name, Output<String> id, CertificateTemplateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CreateTime string

    Output only. The time at which this CertificateTemplate was created.

    Description string

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    IdentityConstraints CertificateTemplateIdentityConstraints

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    Labels Dictionary<string, string>

    Optional. Labels with user-defined metadata.

    Location string

    The location for the resource

    Name string

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    PassthroughExtensions CertificateTemplatePassthroughExtensions

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    PredefinedValues CertificateTemplatePredefinedValues

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    Project string

    The project for the resource

    UpdateTime string

    Output only. The time at which this CertificateTemplate was updated.

    CreateTime string

    Output only. The time at which this CertificateTemplate was created.

    Description string

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    IdentityConstraints CertificateTemplateIdentityConstraintsArgs

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    Labels map[string]string

    Optional. Labels with user-defined metadata.

    Location string

    The location for the resource

    Name string

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    PredefinedValues CertificateTemplatePredefinedValuesArgs

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    Project string

    The project for the resource

    UpdateTime string

    Output only. The time at which this CertificateTemplate was updated.

    createTime String

    Output only. The time at which this CertificateTemplate was created.

    description String

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    identityConstraints CertificateTemplateIdentityConstraints

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    labels Map<String,String>

    Optional. Labels with user-defined metadata.

    location String

    The location for the resource

    name String

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    passthroughExtensions CertificateTemplatePassthroughExtensions

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    predefinedValues CertificateTemplatePredefinedValues

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    project String

    The project for the resource

    updateTime String

    Output only. The time at which this CertificateTemplate was updated.

    createTime string

    Output only. The time at which this CertificateTemplate was created.

    description string

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    identityConstraints CertificateTemplateIdentityConstraints

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    labels {[key: string]: string}

    Optional. Labels with user-defined metadata.

    location string

    The location for the resource

    name string

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    passthroughExtensions CertificateTemplatePassthroughExtensions

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    predefinedValues CertificateTemplatePredefinedValues

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    project string

    The project for the resource

    updateTime string

    Output only. The time at which this CertificateTemplate was updated.

    create_time str

    Output only. The time at which this CertificateTemplate was created.

    description str

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    identity_constraints CertificateTemplateIdentityConstraintsArgs

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    labels Mapping[str, str]

    Optional. Labels with user-defined metadata.

    location str

    The location for the resource

    name str

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    passthrough_extensions CertificateTemplatePassthroughExtensionsArgs

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    predefined_values CertificateTemplatePredefinedValuesArgs

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    project str

    The project for the resource

    update_time str

    Output only. The time at which this CertificateTemplate was updated.

    createTime String

    Output only. The time at which this CertificateTemplate was created.

    description String

    Optional. A human-readable description of scenarios this template is intended for.

    (Optional) Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    identityConstraints Property Map

    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.

    labels Map<String>

    Optional. Labels with user-defined metadata.

    location String

    The location for the resource

    name String

    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

    passthroughExtensions Property Map

    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.

    predefinedValues Property Map

    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

    project String

    The project for the resource

    updateTime String

    Output only. The time at which this CertificateTemplate was updated.

    Supporting Types

    CertificateTemplateIdentityConstraints, CertificateTemplateIdentityConstraintsArgs

    AllowSubjectAltNamesPassthrough bool

    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

    AllowSubjectPassthrough bool

    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

    CelExpression CertificateTemplateIdentityConstraintsCelExpression

    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

    AllowSubjectAltNamesPassthrough bool

    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

    AllowSubjectPassthrough bool

    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

    CelExpression CertificateTemplateIdentityConstraintsCelExpression

    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

    allowSubjectAltNamesPassthrough Boolean

    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

    allowSubjectPassthrough Boolean

    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

    celExpression CertificateTemplateIdentityConstraintsCelExpression

    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

    allowSubjectAltNamesPassthrough boolean

    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

    allowSubjectPassthrough boolean

    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

    celExpression CertificateTemplateIdentityConstraintsCelExpression

    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

    allow_subject_alt_names_passthrough bool

    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

    allow_subject_passthrough bool

    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

    cel_expression CertificateTemplateIdentityConstraintsCelExpression

    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

    allowSubjectAltNamesPassthrough Boolean

    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.

    allowSubjectPassthrough Boolean

    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.

    celExpression Property Map

    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

    CertificateTemplateIdentityConstraintsCelExpression, CertificateTemplateIdentityConstraintsCelExpressionArgs

    Description string

    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    Expression string

    Textual representation of an expression in Common Expression Language syntax.

    Location string

    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

    Title string

    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    Description string

    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    Expression string

    Textual representation of an expression in Common Expression Language syntax.

    Location string

    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

    Title string

    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    description String

    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    expression String

    Textual representation of an expression in Common Expression Language syntax.

    location String

    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

    title String

    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    description string

    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    expression string

    Textual representation of an expression in Common Expression Language syntax.

    location string

    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

    title string

    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    description str

    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    expression str

    Textual representation of an expression in Common Expression Language syntax.

    location str

    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

    title str

    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    description String

    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

    expression String

    Textual representation of an expression in Common Expression Language syntax.

    location String

    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

    title String

    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    CertificateTemplatePassthroughExtensions, CertificateTemplatePassthroughExtensionsArgs

    AdditionalExtensions List<CertificateTemplatePassthroughExtensionsAdditionalExtension>

    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

    KnownExtensions List<string>

    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

    AdditionalExtensions []CertificateTemplatePassthroughExtensionsAdditionalExtension

    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

    KnownExtensions []string

    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

    additionalExtensions List<CertificateTemplatePassthroughExtensionsAdditionalExtension>

    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

    knownExtensions List<String>

    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

    additionalExtensions CertificateTemplatePassthroughExtensionsAdditionalExtension[]

    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

    knownExtensions string[]

    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

    additional_extensions Sequence[CertificateTemplatePassthroughExtensionsAdditionalExtension]

    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

    known_extensions Sequence[str]

    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

    additionalExtensions List<Property Map>

    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

    knownExtensions List<String>

    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

    CertificateTemplatePassthroughExtensionsAdditionalExtension, CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs

    ObjectIdPaths List<int>

    Required. The parts of an OID path. The most significant parts of the path come first.

    ObjectIdPaths []int

    Required. The parts of an OID path. The most significant parts of the path come first.

    objectIdPaths List<Integer>

    Required. The parts of an OID path. The most significant parts of the path come first.

    objectIdPaths number[]

    Required. The parts of an OID path. The most significant parts of the path come first.

    object_id_paths Sequence[int]

    Required. The parts of an OID path. The most significant parts of the path come first.

    objectIdPaths List<Number>

    Required. The parts of an OID path. The most significant parts of the path come first.

    CertificateTemplatePredefinedValues, CertificateTemplatePredefinedValuesArgs

    AdditionalExtensions List<CertificateTemplatePredefinedValuesAdditionalExtension>

    Optional. Describes custom X.509 extensions.

    AiaOcspServers List<string>

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    CaOptions CertificateTemplatePredefinedValuesCaOptions

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    KeyUsage CertificateTemplatePredefinedValuesKeyUsage

    Optional. Indicates the intended use for keys that correspond to a certificate.

    PolicyIds List<CertificateTemplatePredefinedValuesPolicyId>

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    AdditionalExtensions []CertificateTemplatePredefinedValuesAdditionalExtension

    Optional. Describes custom X.509 extensions.

    AiaOcspServers []string

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    CaOptions CertificateTemplatePredefinedValuesCaOptions

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    KeyUsage CertificateTemplatePredefinedValuesKeyUsage

    Optional. Indicates the intended use for keys that correspond to a certificate.

    PolicyIds []CertificateTemplatePredefinedValuesPolicyId

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    additionalExtensions List<CertificateTemplatePredefinedValuesAdditionalExtension>

    Optional. Describes custom X.509 extensions.

    aiaOcspServers List<String>

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    caOptions CertificateTemplatePredefinedValuesCaOptions

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    keyUsage CertificateTemplatePredefinedValuesKeyUsage

    Optional. Indicates the intended use for keys that correspond to a certificate.

    policyIds List<CertificateTemplatePredefinedValuesPolicyId>

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    additionalExtensions CertificateTemplatePredefinedValuesAdditionalExtension[]

    Optional. Describes custom X.509 extensions.

    aiaOcspServers string[]

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    caOptions CertificateTemplatePredefinedValuesCaOptions

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    keyUsage CertificateTemplatePredefinedValuesKeyUsage

    Optional. Indicates the intended use for keys that correspond to a certificate.

    policyIds CertificateTemplatePredefinedValuesPolicyId[]

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    additional_extensions Sequence[CertificateTemplatePredefinedValuesAdditionalExtension]

    Optional. Describes custom X.509 extensions.

    aia_ocsp_servers Sequence[str]

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    ca_options CertificateTemplatePredefinedValuesCaOptions

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    key_usage CertificateTemplatePredefinedValuesKeyUsage

    Optional. Indicates the intended use for keys that correspond to a certificate.

    policy_ids Sequence[CertificateTemplatePredefinedValuesPolicyId]

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    additionalExtensions List<Property Map>

    Optional. Describes custom X.509 extensions.

    aiaOcspServers List<String>

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    caOptions Property Map

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    keyUsage Property Map

    Optional. Indicates the intended use for keys that correspond to a certificate.

    policyIds List<Property Map>

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    CertificateTemplatePredefinedValuesAdditionalExtension, CertificateTemplatePredefinedValuesAdditionalExtensionArgs

    ObjectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

    Required. The OID for this X.509 extension.

    Value string

    Required. The value of this X.509 extension.

    Critical bool

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    ObjectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

    Required. The OID for this X.509 extension.

    Value string

    Required. The value of this X.509 extension.

    Critical bool

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    objectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

    Required. The OID for this X.509 extension.

    value String

    Required. The value of this X.509 extension.

    critical Boolean

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    objectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

    Required. The OID for this X.509 extension.

    value string

    Required. The value of this X.509 extension.

    critical boolean

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    object_id CertificateTemplatePredefinedValuesAdditionalExtensionObjectId

    Required. The OID for this X.509 extension.

    value str

    Required. The value of this X.509 extension.

    critical bool

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    objectId Property Map

    Required. The OID for this X.509 extension.

    value String

    Required. The value of this X.509 extension.

    critical Boolean

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    CertificateTemplatePredefinedValuesAdditionalExtensionObjectId, CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs

    ObjectIdPaths List<int>

    Required. The parts of an OID path. The most significant parts of the path come first.


    ObjectIdPaths []int

    Required. The parts of an OID path. The most significant parts of the path come first.


    objectIdPaths List<Integer>

    Required. The parts of an OID path. The most significant parts of the path come first.


    objectIdPaths number[]

    Required. The parts of an OID path. The most significant parts of the path come first.


    object_id_paths Sequence[int]

    Required. The parts of an OID path. The most significant parts of the path come first.


    objectIdPaths List<Number>

    Required. The parts of an OID path. The most significant parts of the path come first.


    CertificateTemplatePredefinedValuesCaOptions, CertificateTemplatePredefinedValuesCaOptionsArgs

    IsCa bool

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    MaxIssuerPathLength int

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    IsCa bool

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    MaxIssuerPathLength int

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    isCa Boolean

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    maxIssuerPathLength Integer

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    isCa boolean

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    maxIssuerPathLength number

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    is_ca bool

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    max_issuer_path_length int

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    isCa Boolean

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    maxIssuerPathLength Number

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    CertificateTemplatePredefinedValuesKeyUsage, CertificateTemplatePredefinedValuesKeyUsageArgs

    BaseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

    Describes high-level ways in which a key may be used.

    ExtendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

    Detailed scenarios in which a key may be used.

    UnknownExtendedKeyUsages List<CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage>

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    BaseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

    Describes high-level ways in which a key may be used.

    ExtendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

    Detailed scenarios in which a key may be used.

    UnknownExtendedKeyUsages []CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    baseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

    Describes high-level ways in which a key may be used.

    extendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

    Detailed scenarios in which a key may be used.

    unknownExtendedKeyUsages List<CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage>

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    baseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

    Describes high-level ways in which a key may be used.

    extendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

    Detailed scenarios in which a key may be used.

    unknownExtendedKeyUsages CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage[]

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    base_key_usage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage

    Describes high-level ways in which a key may be used.

    extended_key_usage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage

    Detailed scenarios in which a key may be used.

    unknown_extended_key_usages Sequence[CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage]

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    baseKeyUsage Property Map

    Describes high-level ways in which a key may be used.

    extendedKeyUsage Property Map

    Detailed scenarios in which a key may be used.

    unknownExtendedKeyUsages List<Property Map>

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage, CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs

    CertSign bool

    The key may be used to sign certificates.

    ContentCommitment bool

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    CrlSign bool

    The key may be used sign certificate revocation lists.

    DataEncipherment bool

    The key may be used to encipher data.

    DecipherOnly bool

    The key may be used to decipher only.

    DigitalSignature bool

    The key may be used for digital signatures.

    EncipherOnly bool

    The key may be used to encipher only.

    KeyAgreement bool

    The key may be used in a key agreement protocol.

    KeyEncipherment bool

    The key may be used to encipher other keys.

    CertSign bool

    The key may be used to sign certificates.

    ContentCommitment bool

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    CrlSign bool

    The key may be used sign certificate revocation lists.

    DataEncipherment bool

    The key may be used to encipher data.

    DecipherOnly bool

    The key may be used to decipher only.

    DigitalSignature bool

    The key may be used for digital signatures.

    EncipherOnly bool

    The key may be used to encipher only.

    KeyAgreement bool

    The key may be used in a key agreement protocol.

    KeyEncipherment bool

    The key may be used to encipher other keys.

    certSign Boolean

    The key may be used to sign certificates.

    contentCommitment Boolean

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    crlSign Boolean

    The key may be used sign certificate revocation lists.

    dataEncipherment Boolean

    The key may be used to encipher data.

    decipherOnly Boolean

    The key may be used to decipher only.

    digitalSignature Boolean

    The key may be used for digital signatures.

    encipherOnly Boolean

    The key may be used to encipher only.

    keyAgreement Boolean

    The key may be used in a key agreement protocol.

    keyEncipherment Boolean

    The key may be used to encipher other keys.

    certSign boolean

    The key may be used to sign certificates.

    contentCommitment boolean

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    crlSign boolean

    The key may be used sign certificate revocation lists.

    dataEncipherment boolean

    The key may be used to encipher data.

    decipherOnly boolean

    The key may be used to decipher only.

    digitalSignature boolean

    The key may be used for digital signatures.

    encipherOnly boolean

    The key may be used to encipher only.

    keyAgreement boolean

    The key may be used in a key agreement protocol.

    keyEncipherment boolean

    The key may be used to encipher other keys.

    cert_sign bool

    The key may be used to sign certificates.

    content_commitment bool

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    crl_sign bool

    The key may be used sign certificate revocation lists.

    data_encipherment bool

    The key may be used to encipher data.

    decipher_only bool

    The key may be used to decipher only.

    digital_signature bool

    The key may be used for digital signatures.

    encipher_only bool

    The key may be used to encipher only.

    key_agreement bool

    The key may be used in a key agreement protocol.

    key_encipherment bool

    The key may be used to encipher other keys.

    certSign Boolean

    The key may be used to sign certificates.

    contentCommitment Boolean

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    crlSign Boolean

    The key may be used sign certificate revocation lists.

    dataEncipherment Boolean

    The key may be used to encipher data.

    decipherOnly Boolean

    The key may be used to decipher only.

    digitalSignature Boolean

    The key may be used for digital signatures.

    encipherOnly Boolean

    The key may be used to encipher only.

    keyAgreement Boolean

    The key may be used in a key agreement protocol.

    keyEncipherment Boolean

    The key may be used to encipher other keys.

    CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs

    ClientAuth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    CodeSigning bool

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    EmailProtection bool

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    OcspSigning bool

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    ServerAuth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    TimeStamping bool

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    ClientAuth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    CodeSigning bool

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    EmailProtection bool

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    OcspSigning bool

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    ServerAuth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    TimeStamping bool

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    clientAuth Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    codeSigning Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    emailProtection Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    ocspSigning Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    serverAuth Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    timeStamping Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    clientAuth boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    codeSigning boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    emailProtection boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    ocspSigning boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    serverAuth boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    timeStamping boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    client_auth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    code_signing bool

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    email_protection bool

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    ocsp_signing bool

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    server_auth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    time_stamping bool

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    clientAuth Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    codeSigning Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    emailProtection Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    ocspSigning Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    serverAuth Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    timeStamping Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs

    ObjectIdPaths List<int>

    Required. The parts of an OID path. The most significant parts of the path come first.

    ObjectIdPaths []int

    Required. The parts of an OID path. The most significant parts of the path come first.

    objectIdPaths List<Integer>

    Required. The parts of an OID path. The most significant parts of the path come first.

    objectIdPaths number[]

    Required. The parts of an OID path. The most significant parts of the path come first.

    object_id_paths Sequence[int]

    Required. The parts of an OID path. The most significant parts of the path come first.

    objectIdPaths List<Number>

    Required. The parts of an OID path. The most significant parts of the path come first.

    CertificateTemplatePredefinedValuesPolicyId, CertificateTemplatePredefinedValuesPolicyIdArgs

    ObjectIdPaths List<int>

    Required. The parts of an OID path. The most significant parts of the path come first.

    ObjectIdPaths []int

    Required. The parts of an OID path. The most significant parts of the path come first.

    objectIdPaths List<Integer>

    Required. The parts of an OID path. The most significant parts of the path come first.

    objectIdPaths number[]

    Required. The parts of an OID path. The most significant parts of the path come first.

    object_id_paths Sequence[int]

    Required. The parts of an OID path. The most significant parts of the path come first.

    objectIdPaths List<Number>

    Required. The parts of an OID path. The most significant parts of the path come first.

    Import

    CertificateTemplate can be imported using any of these accepted formats

     $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}
    
     $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{project}}/{{location}}/{{name}}
    
     $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{location}}/{{name}}
    

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the google-beta Terraform Provider.

    gcp logo
    Google Cloud Classic v6.67.0 published on Wednesday, Sep 27, 2023 by Pulumi