1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. certificateauthority
  5. getAuthority
Google Cloud Classic v7.27.0 published on Thursday, Jun 13, 2024 by Pulumi

gcp.certificateauthority.getAuthority

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.27.0 published on Thursday, Jun 13, 2024 by Pulumi

    Get info about a Google CAS Certificate Authority.

    Example Usage

    data "google_privateca_certificate_authority" "default" {
      location = "us-west1"
      pool = "pool-name"
      certificate_authority_id = "ca-id"
    }
    
    output "csr" {
      value = data.google_privateca_certificate_authority.default.pem_csr
    }
    

    Using getAuthority

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAuthority(args: GetAuthorityArgs, opts?: InvokeOptions): Promise<GetAuthorityResult>
    function getAuthorityOutput(args: GetAuthorityOutputArgs, opts?: InvokeOptions): Output<GetAuthorityResult>
    def get_authority(certificate_authority_id: Optional[str] = None,
                      location: Optional[str] = None,
                      pool: Optional[str] = None,
                      project: Optional[str] = None,
                      opts: Optional[InvokeOptions] = None) -> GetAuthorityResult
    def get_authority_output(certificate_authority_id: Optional[pulumi.Input[str]] = None,
                      location: Optional[pulumi.Input[str]] = None,
                      pool: Optional[pulumi.Input[str]] = None,
                      project: Optional[pulumi.Input[str]] = None,
                      opts: Optional[InvokeOptions] = None) -> Output[GetAuthorityResult]
    func LookupAuthority(ctx *Context, args *LookupAuthorityArgs, opts ...InvokeOption) (*LookupAuthorityResult, error)
    func LookupAuthorityOutput(ctx *Context, args *LookupAuthorityOutputArgs, opts ...InvokeOption) LookupAuthorityResultOutput

    > Note: This function is named LookupAuthority in the Go SDK.

    public static class GetAuthority 
    {
        public static Task<GetAuthorityResult> InvokeAsync(GetAuthorityArgs args, InvokeOptions? opts = null)
        public static Output<GetAuthorityResult> Invoke(GetAuthorityInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAuthorityResult> getAuthority(GetAuthorityArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: gcp:certificateauthority/getAuthority:getAuthority
      arguments:
        # arguments dictionary

    The following arguments are supported:

    CertificateAuthorityId string
    ID of the certificate authority.


    Location string
    The location the certificate authority exists in.
    Pool string
    The name of the pool the certificate authority belongs to.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    CertificateAuthorityId string
    ID of the certificate authority.


    Location string
    The location the certificate authority exists in.
    Pool string
    The name of the pool the certificate authority belongs to.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    certificateAuthorityId String
    ID of the certificate authority.


    location String
    The location the certificate authority exists in.
    pool String
    The name of the pool the certificate authority belongs to.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    certificateAuthorityId string
    ID of the certificate authority.


    location string
    The location the certificate authority exists in.
    pool string
    The name of the pool the certificate authority belongs to.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    certificate_authority_id str
    ID of the certificate authority.


    location str
    The location the certificate authority exists in.
    pool str
    The name of the pool the certificate authority belongs to.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    certificateAuthorityId String
    ID of the certificate authority.


    location String
    The location the certificate authority exists in.
    pool String
    The name of the pool the certificate authority belongs to.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    getAuthority Result

    The following output properties are available:

    AccessUrls List<GetAuthorityAccessUrl>
    Configs List<GetAuthorityConfig>
    CreateTime string
    DeletionProtection bool
    DesiredState string
    EffectiveLabels Dictionary<string, string>
    GcsBucket string
    Id string
    The provider-assigned unique ID for this managed resource.
    IgnoreActiveCertificatesOnDeletion bool
    KeySpecs List<GetAuthorityKeySpec>
    Labels Dictionary<string, string>
    Lifetime string
    Name string
    PemCaCertificate string
    PemCaCertificates List<string>
    PemCsr string
    The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
    PulumiLabels Dictionary<string, string>
    SkipGracePeriod bool
    State string
    SubordinateConfigs List<GetAuthoritySubordinateConfig>
    Type string
    UpdateTime string
    CertificateAuthorityId string
    Location string
    Pool string
    Project string
    AccessUrls []GetAuthorityAccessUrl
    Configs []GetAuthorityConfig
    CreateTime string
    DeletionProtection bool
    DesiredState string
    EffectiveLabels map[string]string
    GcsBucket string
    Id string
    The provider-assigned unique ID for this managed resource.
    IgnoreActiveCertificatesOnDeletion bool
    KeySpecs []GetAuthorityKeySpec
    Labels map[string]string
    Lifetime string
    Name string
    PemCaCertificate string
    PemCaCertificates []string
    PemCsr string
    The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
    PulumiLabels map[string]string
    SkipGracePeriod bool
    State string
    SubordinateConfigs []GetAuthoritySubordinateConfig
    Type string
    UpdateTime string
    CertificateAuthorityId string
    Location string
    Pool string
    Project string
    accessUrls List<GetAuthorityAccessUrl>
    configs List<GetAuthorityConfig>
    createTime String
    deletionProtection Boolean
    desiredState String
    effectiveLabels Map<String,String>
    gcsBucket String
    id String
    The provider-assigned unique ID for this managed resource.
    ignoreActiveCertificatesOnDeletion Boolean
    keySpecs List<GetAuthorityKeySpec>
    labels Map<String,String>
    lifetime String
    name String
    pemCaCertificate String
    pemCaCertificates List<String>
    pemCsr String
    The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
    pulumiLabels Map<String,String>
    skipGracePeriod Boolean
    state String
    subordinateConfigs List<GetAuthoritySubordinateConfig>
    type String
    updateTime String
    certificateAuthorityId String
    location String
    pool String
    project String
    accessUrls GetAuthorityAccessUrl[]
    configs GetAuthorityConfig[]
    createTime string
    deletionProtection boolean
    desiredState string
    effectiveLabels {[key: string]: string}
    gcsBucket string
    id string
    The provider-assigned unique ID for this managed resource.
    ignoreActiveCertificatesOnDeletion boolean
    keySpecs GetAuthorityKeySpec[]
    labels {[key: string]: string}
    lifetime string
    name string
    pemCaCertificate string
    pemCaCertificates string[]
    pemCsr string
    The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
    pulumiLabels {[key: string]: string}
    skipGracePeriod boolean
    state string
    subordinateConfigs GetAuthoritySubordinateConfig[]
    type string
    updateTime string
    certificateAuthorityId string
    location string
    pool string
    project string
    access_urls Sequence[GetAuthorityAccessUrl]
    configs Sequence[GetAuthorityConfig]
    create_time str
    deletion_protection bool
    desired_state str
    effective_labels Mapping[str, str]
    gcs_bucket str
    id str
    The provider-assigned unique ID for this managed resource.
    ignore_active_certificates_on_deletion bool
    key_specs Sequence[GetAuthorityKeySpec]
    labels Mapping[str, str]
    lifetime str
    name str
    pem_ca_certificate str
    pem_ca_certificates Sequence[str]
    pem_csr str
    The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
    pulumi_labels Mapping[str, str]
    skip_grace_period bool
    state str
    subordinate_configs Sequence[GetAuthoritySubordinateConfig]
    type str
    update_time str
    certificate_authority_id str
    location str
    pool str
    project str
    accessUrls List<Property Map>
    configs List<Property Map>
    createTime String
    deletionProtection Boolean
    desiredState String
    effectiveLabels Map<String>
    gcsBucket String
    id String
    The provider-assigned unique ID for this managed resource.
    ignoreActiveCertificatesOnDeletion Boolean
    keySpecs List<Property Map>
    labels Map<String>
    lifetime String
    name String
    pemCaCertificate String
    pemCaCertificates List<String>
    pemCsr String
    The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
    pulumiLabels Map<String>
    skipGracePeriod Boolean
    state String
    subordinateConfigs List<Property Map>
    type String
    updateTime String
    certificateAuthorityId String
    location String
    pool String
    project String

    Supporting Types

    GetAuthorityAccessUrl

    CaCertificateAccessUrl string
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    CrlAccessUrls List<string>
    The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
    CaCertificateAccessUrl string
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    CrlAccessUrls []string
    The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
    caCertificateAccessUrl String
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    crlAccessUrls List<String>
    The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
    caCertificateAccessUrl string
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    crlAccessUrls string[]
    The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
    ca_certificate_access_url str
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    crl_access_urls Sequence[str]
    The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
    caCertificateAccessUrl String
    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
    crlAccessUrls List<String>
    The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

    GetAuthorityConfig

    SubjectConfigs List<GetAuthorityConfigSubjectConfig>
    Specifies some of the values in a certificate that are related to the subject.
    SubjectKeyIds List<GetAuthorityConfigSubjectKeyId>
    When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
    X509Configs List<GetAuthorityConfigX509Config>
    Describes how some of the technical X.509 fields in a certificate should be populated.
    SubjectConfigs []GetAuthorityConfigSubjectConfig
    Specifies some of the values in a certificate that are related to the subject.
    SubjectKeyIds []GetAuthorityConfigSubjectKeyId
    When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
    X509Configs []GetAuthorityConfigX509Config
    Describes how some of the technical X.509 fields in a certificate should be populated.
    subjectConfigs List<GetAuthorityConfigSubjectConfig>
    Specifies some of the values in a certificate that are related to the subject.
    subjectKeyIds List<GetAuthorityConfigSubjectKeyId>
    When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
    x509Configs List<GetAuthorityConfigX509Config>
    Describes how some of the technical X.509 fields in a certificate should be populated.
    subjectConfigs GetAuthorityConfigSubjectConfig[]
    Specifies some of the values in a certificate that are related to the subject.
    subjectKeyIds GetAuthorityConfigSubjectKeyId[]
    When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
    x509Configs GetAuthorityConfigX509Config[]
    Describes how some of the technical X.509 fields in a certificate should be populated.
    subject_configs Sequence[GetAuthorityConfigSubjectConfig]
    Specifies some of the values in a certificate that are related to the subject.
    subject_key_ids Sequence[GetAuthorityConfigSubjectKeyId]
    When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
    x509_configs Sequence[GetAuthorityConfigX509Config]
    Describes how some of the technical X.509 fields in a certificate should be populated.
    subjectConfigs List<Property Map>
    Specifies some of the values in a certificate that are related to the subject.
    subjectKeyIds List<Property Map>
    When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
    x509Configs List<Property Map>
    Describes how some of the technical X.509 fields in a certificate should be populated.

    GetAuthorityConfigSubjectConfig

    SubjectAltNames List<GetAuthorityConfigSubjectConfigSubjectAltName>
    The subject alternative name fields.
    Subjects List<GetAuthorityConfigSubjectConfigSubject>
    Contains distinguished name fields such as the location and organization.
    SubjectAltNames []GetAuthorityConfigSubjectConfigSubjectAltName
    The subject alternative name fields.
    Subjects []GetAuthorityConfigSubjectConfigSubject
    Contains distinguished name fields such as the location and organization.
    subjectAltNames List<GetAuthorityConfigSubjectConfigSubjectAltName>
    The subject alternative name fields.
    subjects List<GetAuthorityConfigSubjectConfigSubject>
    Contains distinguished name fields such as the location and organization.
    subjectAltNames GetAuthorityConfigSubjectConfigSubjectAltName[]
    The subject alternative name fields.
    subjects GetAuthorityConfigSubjectConfigSubject[]
    Contains distinguished name fields such as the location and organization.
    subject_alt_names Sequence[GetAuthorityConfigSubjectConfigSubjectAltName]
    The subject alternative name fields.
    subjects Sequence[GetAuthorityConfigSubjectConfigSubject]
    Contains distinguished name fields such as the location and organization.
    subjectAltNames List<Property Map>
    The subject alternative name fields.
    subjects List<Property Map>
    Contains distinguished name fields such as the location and organization.

    GetAuthorityConfigSubjectConfigSubject

    CommonName string
    The common name of the distinguished name.
    CountryCode string
    The country code of the subject.
    Locality string
    The locality or city of the subject.
    Organization string
    The organization of the subject.
    OrganizationalUnit string
    The organizational unit of the subject.
    PostalCode string
    The postal code of the subject.
    Province string
    The province, territory, or regional state of the subject.
    StreetAddress string
    The street address of the subject.
    CommonName string
    The common name of the distinguished name.
    CountryCode string
    The country code of the subject.
    Locality string
    The locality or city of the subject.
    Organization string
    The organization of the subject.
    OrganizationalUnit string
    The organizational unit of the subject.
    PostalCode string
    The postal code of the subject.
    Province string
    The province, territory, or regional state of the subject.
    StreetAddress string
    The street address of the subject.
    commonName String
    The common name of the distinguished name.
    countryCode String
    The country code of the subject.
    locality String
    The locality or city of the subject.
    organization String
    The organization of the subject.
    organizationalUnit String
    The organizational unit of the subject.
    postalCode String
    The postal code of the subject.
    province String
    The province, territory, or regional state of the subject.
    streetAddress String
    The street address of the subject.
    commonName string
    The common name of the distinguished name.
    countryCode string
    The country code of the subject.
    locality string
    The locality or city of the subject.
    organization string
    The organization of the subject.
    organizationalUnit string
    The organizational unit of the subject.
    postalCode string
    The postal code of the subject.
    province string
    The province, territory, or regional state of the subject.
    streetAddress string
    The street address of the subject.
    common_name str
    The common name of the distinguished name.
    country_code str
    The country code of the subject.
    locality str
    The locality or city of the subject.
    organization str
    The organization of the subject.
    organizational_unit str
    The organizational unit of the subject.
    postal_code str
    The postal code of the subject.
    province str
    The province, territory, or regional state of the subject.
    street_address str
    The street address of the subject.
    commonName String
    The common name of the distinguished name.
    countryCode String
    The country code of the subject.
    locality String
    The locality or city of the subject.
    organization String
    The organization of the subject.
    organizationalUnit String
    The organizational unit of the subject.
    postalCode String
    The postal code of the subject.
    province String
    The province, territory, or regional state of the subject.
    streetAddress String
    The street address of the subject.

    GetAuthorityConfigSubjectConfigSubjectAltName

    DnsNames List<string>
    Contains only valid, fully-qualified host names.
    EmailAddresses List<string>
    Contains only valid RFC 2822 E-mail addresses.
    IpAddresses List<string>
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    Uris List<string>
    Contains only valid RFC 3986 URIs.
    DnsNames []string
    Contains only valid, fully-qualified host names.
    EmailAddresses []string
    Contains only valid RFC 2822 E-mail addresses.
    IpAddresses []string
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    Uris []string
    Contains only valid RFC 3986 URIs.
    dnsNames List<String>
    Contains only valid, fully-qualified host names.
    emailAddresses List<String>
    Contains only valid RFC 2822 E-mail addresses.
    ipAddresses List<String>
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris List<String>
    Contains only valid RFC 3986 URIs.
    dnsNames string[]
    Contains only valid, fully-qualified host names.
    emailAddresses string[]
    Contains only valid RFC 2822 E-mail addresses.
    ipAddresses string[]
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris string[]
    Contains only valid RFC 3986 URIs.
    dns_names Sequence[str]
    Contains only valid, fully-qualified host names.
    email_addresses Sequence[str]
    Contains only valid RFC 2822 E-mail addresses.
    ip_addresses Sequence[str]
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris Sequence[str]
    Contains only valid RFC 3986 URIs.
    dnsNames List<String>
    Contains only valid, fully-qualified host names.
    emailAddresses List<String>
    Contains only valid RFC 2822 E-mail addresses.
    ipAddresses List<String>
    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    uris List<String>
    Contains only valid RFC 3986 URIs.

    GetAuthorityConfigSubjectKeyId

    KeyId string
    The value of the KeyId in lowercase hexidecimal.
    KeyId string
    The value of the KeyId in lowercase hexidecimal.
    keyId String
    The value of the KeyId in lowercase hexidecimal.
    keyId string
    The value of the KeyId in lowercase hexidecimal.
    key_id str
    The value of the KeyId in lowercase hexidecimal.
    keyId String
    The value of the KeyId in lowercase hexidecimal.

    GetAuthorityConfigX509Config

    AdditionalExtensions List<GetAuthorityConfigX509ConfigAdditionalExtension>
    Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
    AiaOcspServers List<string>
    Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions List<GetAuthorityConfigX509ConfigCaOption>
    Describes values that are relevant in a CA certificate.
    KeyUsages List<GetAuthorityConfigX509ConfigKeyUsage>
    Indicates the intended use for keys that correspond to a certificate.
    NameConstraints List<GetAuthorityConfigX509ConfigNameConstraint>
    Describes the X.509 name constraints extension.
    PolicyIds List<GetAuthorityConfigX509ConfigPolicyId>
    Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    AdditionalExtensions []GetAuthorityConfigX509ConfigAdditionalExtension
    Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
    AiaOcspServers []string
    Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions []GetAuthorityConfigX509ConfigCaOption
    Describes values that are relevant in a CA certificate.
    KeyUsages []GetAuthorityConfigX509ConfigKeyUsage
    Indicates the intended use for keys that correspond to a certificate.
    NameConstraints []GetAuthorityConfigX509ConfigNameConstraint
    Describes the X.509 name constraints extension.
    PolicyIds []GetAuthorityConfigX509ConfigPolicyId
    Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions List<GetAuthorityConfigX509ConfigAdditionalExtension>
    Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
    aiaOcspServers List<String>
    Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions List<GetAuthorityConfigX509ConfigCaOption>
    Describes values that are relevant in a CA certificate.
    keyUsages List<GetAuthorityConfigX509ConfigKeyUsage>
    Indicates the intended use for keys that correspond to a certificate.
    nameConstraints List<GetAuthorityConfigX509ConfigNameConstraint>
    Describes the X.509 name constraints extension.
    policyIds List<GetAuthorityConfigX509ConfigPolicyId>
    Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions GetAuthorityConfigX509ConfigAdditionalExtension[]
    Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
    aiaOcspServers string[]
    Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions GetAuthorityConfigX509ConfigCaOption[]
    Describes values that are relevant in a CA certificate.
    keyUsages GetAuthorityConfigX509ConfigKeyUsage[]
    Indicates the intended use for keys that correspond to a certificate.
    nameConstraints GetAuthorityConfigX509ConfigNameConstraint[]
    Describes the X.509 name constraints extension.
    policyIds GetAuthorityConfigX509ConfigPolicyId[]
    Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additional_extensions Sequence[GetAuthorityConfigX509ConfigAdditionalExtension]
    Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
    aia_ocsp_servers Sequence[str]
    Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    ca_options Sequence[GetAuthorityConfigX509ConfigCaOption]
    Describes values that are relevant in a CA certificate.
    key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsage]
    Indicates the intended use for keys that correspond to a certificate.
    name_constraints Sequence[GetAuthorityConfigX509ConfigNameConstraint]
    Describes the X.509 name constraints extension.
    policy_ids Sequence[GetAuthorityConfigX509ConfigPolicyId]
    Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions List<Property Map>
    Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
    aiaOcspServers List<String>
    Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions List<Property Map>
    Describes values that are relevant in a CA certificate.
    keyUsages List<Property Map>
    Indicates the intended use for keys that correspond to a certificate.
    nameConstraints List<Property Map>
    Describes the X.509 name constraints extension.
    policyIds List<Property Map>
    Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    GetAuthorityConfigX509ConfigAdditionalExtension

    Critical bool
    Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    ObjectIds List<GetAuthorityConfigX509ConfigAdditionalExtensionObjectId>
    Describes values that are relevant in a CA certificate.
    Value string
    The value of this X.509 extension. A base64-encoded string.
    Critical bool
    Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    ObjectIds []GetAuthorityConfigX509ConfigAdditionalExtensionObjectId
    Describes values that are relevant in a CA certificate.
    Value string
    The value of this X.509 extension. A base64-encoded string.
    critical Boolean
    Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectIds List<GetAuthorityConfigX509ConfigAdditionalExtensionObjectId>
    Describes values that are relevant in a CA certificate.
    value String
    The value of this X.509 extension. A base64-encoded string.
    critical boolean
    Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectIds GetAuthorityConfigX509ConfigAdditionalExtensionObjectId[]
    Describes values that are relevant in a CA certificate.
    value string
    The value of this X.509 extension. A base64-encoded string.
    critical bool
    Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    object_ids Sequence[GetAuthorityConfigX509ConfigAdditionalExtensionObjectId]
    Describes values that are relevant in a CA certificate.
    value str
    The value of this X.509 extension. A base64-encoded string.
    critical Boolean
    Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectIds List<Property Map>
    Describes values that are relevant in a CA certificate.
    value String
    The value of this X.509 extension. A base64-encoded string.

    GetAuthorityConfigX509ConfigAdditionalExtensionObjectId

    ObjectIdPaths List<int>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    ObjectIdPaths []int
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    objectIdPaths List<Integer>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    objectIdPaths number[]
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    object_id_paths Sequence[int]
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    objectIdPaths List<Number>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

    GetAuthorityConfigX509ConfigCaOption

    IsCa bool
    When true, the "CA" in Basic Constraints extension will be set to true.
    MaxIssuerPathLength int
    Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
    NonCa bool
    When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
    ZeroMaxIssuerPathLength bool
    When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
    IsCa bool
    When true, the "CA" in Basic Constraints extension will be set to true.
    MaxIssuerPathLength int
    Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
    NonCa bool
    When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
    ZeroMaxIssuerPathLength bool
    When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
    isCa Boolean
    When true, the "CA" in Basic Constraints extension will be set to true.
    maxIssuerPathLength Integer
    Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
    nonCa Boolean
    When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
    zeroMaxIssuerPathLength Boolean
    When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
    isCa boolean
    When true, the "CA" in Basic Constraints extension will be set to true.
    maxIssuerPathLength number
    Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
    nonCa boolean
    When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
    zeroMaxIssuerPathLength boolean
    When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
    is_ca bool
    When true, the "CA" in Basic Constraints extension will be set to true.
    max_issuer_path_length int
    Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
    non_ca bool
    When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
    zero_max_issuer_path_length bool
    When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.
    isCa Boolean
    When true, the "CA" in Basic Constraints extension will be set to true.
    maxIssuerPathLength Number
    Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
    nonCa Boolean
    When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
    zeroMaxIssuerPathLength Boolean
    When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

    GetAuthorityConfigX509ConfigKeyUsage

    BaseKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage>
    Describes high-level ways in which a key may be used.
    ExtendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage>
    Describes high-level ways in which a key may be used.
    UnknownExtendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    BaseKeyUsages []GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage
    Describes high-level ways in which a key may be used.
    ExtendedKeyUsages []GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage
    Describes high-level ways in which a key may be used.
    UnknownExtendedKeyUsages []GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    baseKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage>
    Describes high-level ways in which a key may be used.
    extendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage>
    Describes high-level ways in which a key may be used.
    unknownExtendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    baseKeyUsages GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage[]
    Describes high-level ways in which a key may be used.
    extendedKeyUsages GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage[]
    Describes high-level ways in which a key may be used.
    unknownExtendedKeyUsages GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage[]
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    base_key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage]
    Describes high-level ways in which a key may be used.
    extended_key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage]
    Describes high-level ways in which a key may be used.
    unknown_extended_key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage]
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    baseKeyUsages List<Property Map>
    Describes high-level ways in which a key may be used.
    extendedKeyUsages List<Property Map>
    Describes high-level ways in which a key may be used.
    unknownExtendedKeyUsages List<Property Map>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

    GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage

    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.
    certSign boolean
    The key may be used to sign certificates.
    contentCommitment boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment boolean
    The key may be used to encipher data.
    decipherOnly boolean
    The key may be used to decipher only.
    digitalSignature boolean
    The key may be used for digital signatures.
    encipherOnly boolean
    The key may be used to encipher only.
    keyAgreement boolean
    The key may be used in a key agreement protocol.
    keyEncipherment boolean
    The key may be used to encipher other keys.
    cert_sign bool
    The key may be used to sign certificates.
    content_commitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crl_sign bool
    The key may be used sign certificate revocation lists.
    data_encipherment bool
    The key may be used to encipher data.
    decipher_only bool
    The key may be used to decipher only.
    digital_signature bool
    The key may be used for digital signatures.
    encipher_only bool
    The key may be used to encipher only.
    key_agreement bool
    The key may be used in a key agreement protocol.
    key_encipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.

    GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage

    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    client_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    code_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    email_protection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocsp_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    server_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    time_stamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage

    ObjectIdPaths List<int>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    ObjectIdPaths []int
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    objectIdPaths List<Integer>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    objectIdPaths number[]
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    object_id_paths Sequence[int]
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    objectIdPaths List<Number>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

    GetAuthorityConfigX509ConfigNameConstraint

    Critical bool
    Indicates whether or not the name constraints are marked critical.
    ExcludedDnsNames List<string>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    ExcludedEmailAddresses List<string>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    ExcludedIpRanges List<string>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    ExcludedUris List<string>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    PermittedDnsNames List<string>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    PermittedEmailAddresses List<string>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    PermittedIpRanges List<string>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    PermittedUris List<string>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    Critical bool
    Indicates whether or not the name constraints are marked critical.
    ExcludedDnsNames []string
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    ExcludedEmailAddresses []string
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    ExcludedIpRanges []string
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    ExcludedUris []string
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    PermittedDnsNames []string
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    PermittedEmailAddresses []string
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    PermittedIpRanges []string
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    PermittedUris []string
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    critical Boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames List<String>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    excludedEmailAddresses List<String>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    excludedIpRanges List<String>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris List<String>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    permittedDnsNames List<String>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    permittedEmailAddresses List<String>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    permittedIpRanges List<String>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris List<String>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    critical boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames string[]
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    excludedEmailAddresses string[]
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    excludedIpRanges string[]
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris string[]
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    permittedDnsNames string[]
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    permittedEmailAddresses string[]
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    permittedIpRanges string[]
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris string[]
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    critical bool
    Indicates whether or not the name constraints are marked critical.
    excluded_dns_names Sequence[str]
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    excluded_email_addresses Sequence[str]
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    excluded_ip_ranges Sequence[str]
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excluded_uris Sequence[str]
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    permitted_dns_names Sequence[str]
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    permitted_email_addresses Sequence[str]
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    permitted_ip_ranges Sequence[str]
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permitted_uris Sequence[str]
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    critical Boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames List<String>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    excludedEmailAddresses List<String>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    excludedIpRanges List<String>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris List<String>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
    permittedDnsNames List<String>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
    permittedEmailAddresses List<String>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
    permittedIpRanges List<String>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris List<String>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

    GetAuthorityConfigX509ConfigPolicyId

    ObjectIdPaths List<int>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    ObjectIdPaths []int
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    objectIdPaths List<Integer>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    objectIdPaths number[]
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    object_id_paths Sequence[int]
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
    objectIdPaths List<Number>
    An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

    GetAuthorityKeySpec

    Algorithm string
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
    CloudKmsKeyVersion string
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
    Algorithm string
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
    CloudKmsKeyVersion string
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
    algorithm String
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
    cloudKmsKeyVersion String
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
    algorithm string
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
    cloudKmsKeyVersion string
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
    algorithm str
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
    cloud_kms_key_version str
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.
    algorithm String
    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
    cloudKmsKeyVersion String
    The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

    GetAuthoritySubordinateConfig

    CertificateAuthority string
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
    PemIssuerChains List<GetAuthoritySubordinateConfigPemIssuerChain>
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    CertificateAuthority string
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
    PemIssuerChains []GetAuthoritySubordinateConfigPemIssuerChain
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificateAuthority String
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
    pemIssuerChains List<GetAuthoritySubordinateConfigPemIssuerChain>
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificateAuthority string
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
    pemIssuerChains GetAuthoritySubordinateConfigPemIssuerChain[]
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificate_authority str
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
    pem_issuer_chains Sequence[GetAuthoritySubordinateConfigPemIssuerChain]
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
    certificateAuthority String
    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
    pemIssuerChains List<Property Map>
    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

    GetAuthoritySubordinateConfigPemIssuerChain

    PemCertificates List<string>
    Expected to be in leaf-to-root order according to RFC 5246.
    PemCertificates []string
    Expected to be in leaf-to-root order according to RFC 5246.
    pemCertificates List<String>
    Expected to be in leaf-to-root order according to RFC 5246.
    pemCertificates string[]
    Expected to be in leaf-to-root order according to RFC 5246.
    pem_certificates Sequence[str]
    Expected to be in leaf-to-root order according to RFC 5246.
    pemCertificates List<String>
    Expected to be in leaf-to-root order according to RFC 5246.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.27.0 published on Thursday, Jun 13, 2024 by Pulumi