gcp.certificateauthority.getAuthority

func LookupAuthority(ctx *Context, args *LookupAuthorityArgs, opts ...InvokeOption) (*LookupAuthorityResult, error)
func LookupAuthorityOutput(ctx *Context, args *LookupAuthorityOutputArgs, opts ...InvokeOption) LookupAuthorityResultOutput

> Note: This function is named LookupAuthority in the Go SDK.

CertificateAuthorityId string

ID of the certificate authority.

---

Location string

The location the certificate authority exists in.

Pool string

The name of the pool the certificate authority belongs to.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

CertificateAuthorityId string

ID of the certificate authority.

---

Location string

The location the certificate authority exists in.

Pool string

The name of the pool the certificate authority belongs to.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

certificateAuthorityId String

ID of the certificate authority.

---

location String

The location the certificate authority exists in.

pool String

The name of the pool the certificate authority belongs to.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

certificateAuthorityId string

ID of the certificate authority.

---

location string

The location the certificate authority exists in.

pool string

The name of the pool the certificate authority belongs to.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

certificate_authority_id str

ID of the certificate authority.

---

location str

The location the certificate authority exists in.

pool str

The name of the pool the certificate authority belongs to.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

certificateAuthorityId String

ID of the certificate authority.

---

location String

The location the certificate authority exists in.

pool String

The name of the pool the certificate authority belongs to.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

AccessUrls List<GetAuthorityAccessUrl>

Configs List<GetAuthorityConfig>

CreateTime string

DeletionProtection bool

DesiredState string

EffectiveLabels Dictionary<string, string>

GcsBucket string

Id string

The provider-assigned unique ID for this managed resource.

IgnoreActiveCertificatesOnDeletion bool

KeySpecs List<GetAuthorityKeySpec>

Labels Dictionary<string, string>

Lifetime string

Name string

PemCaCertificate string

PemCaCertificates List<string>

PemCsr string

The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.

PulumiLabels Dictionary<string, string>

SkipGracePeriod bool

State string

SubordinateConfigs List<GetAuthoritySubordinateConfig>

Type string

UpdateTime string

UserDefinedAccessUrls List<GetAuthorityUserDefinedAccessUrl>

CertificateAuthorityId string

Location string

Pool string

Project string

AccessUrls []GetAuthorityAccessUrl

Configs []GetAuthorityConfig

CreateTime string

DeletionProtection bool

DesiredState string

EffectiveLabels map[string]string

GcsBucket string

Id string

The provider-assigned unique ID for this managed resource.

IgnoreActiveCertificatesOnDeletion bool

KeySpecs []GetAuthorityKeySpec

Labels map[string]string

Lifetime string

Name string

PemCaCertificate string

PemCaCertificates []string

PemCsr string

The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.

PulumiLabels map[string]string

SkipGracePeriod bool

State string

SubordinateConfigs []GetAuthoritySubordinateConfig

Type string

UpdateTime string

UserDefinedAccessUrls []GetAuthorityUserDefinedAccessUrl

CertificateAuthorityId string

Location string

Pool string

Project string

accessUrls List<GetAuthorityAccessUrl>

configs List<GetAuthorityConfig>

createTime String

deletionProtection Boolean

desiredState String

effectiveLabels Map<String,String>

gcsBucket String

id String

The provider-assigned unique ID for this managed resource.

ignoreActiveCertificatesOnDeletion Boolean

keySpecs List<GetAuthorityKeySpec>

labels Map<String,String>

lifetime String

name String

pemCaCertificate String

pemCaCertificates List<String>

pemCsr String

The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.

pulumiLabels Map<String,String>

skipGracePeriod Boolean

state String

subordinateConfigs List<GetAuthoritySubordinateConfig>

type String

updateTime String

userDefinedAccessUrls List<GetAuthorityUserDefinedAccessUrl>

certificateAuthorityId String

location String

pool String

project String

accessUrls GetAuthorityAccessUrl[]

configs GetAuthorityConfig[]

createTime string

deletionProtection boolean

desiredState string

effectiveLabels {[key: string]: string}

gcsBucket string

id string

The provider-assigned unique ID for this managed resource.

ignoreActiveCertificatesOnDeletion boolean

keySpecs GetAuthorityKeySpec[]

labels {[key: string]: string}

lifetime string

name string

pemCaCertificate string

pemCaCertificates string[]

pemCsr string

The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.

pulumiLabels {[key: string]: string}

skipGracePeriod boolean

state string

subordinateConfigs GetAuthoritySubordinateConfig[]

type string

updateTime string

userDefinedAccessUrls GetAuthorityUserDefinedAccessUrl[]

certificateAuthorityId string

location string

pool string

project string

access_urls Sequence[GetAuthorityAccessUrl]

configs Sequence[GetAuthorityConfig]

create_time str

deletion_protection bool

desired_state str

effective_labels Mapping[str, str]

gcs_bucket str

id str

The provider-assigned unique ID for this managed resource.

ignore_active_certificates_on_deletion bool

key_specs Sequence[GetAuthorityKeySpec]

labels Mapping[str, str]

lifetime str

name str

pem_ca_certificate str

pem_ca_certificates Sequence[str]

pem_csr str

The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.

pulumi_labels Mapping[str, str]

skip_grace_period bool

state str

subordinate_configs Sequence[GetAuthoritySubordinateConfig]

type str

update_time str

user_defined_access_urls Sequence[GetAuthorityUserDefinedAccessUrl]

certificate_authority_id str

location str

pool str

project str

accessUrls List<Property Map>

configs List<Property Map>

createTime String

deletionProtection Boolean

desiredState String

effectiveLabels Map<String>

gcsBucket String

id String

The provider-assigned unique ID for this managed resource.

ignoreActiveCertificatesOnDeletion Boolean

keySpecs List<Property Map>

labels Map<String>

lifetime String

name String

pemCaCertificate String

pemCaCertificates List<String>

pemCsr String

The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.

pulumiLabels Map<String>

skipGracePeriod Boolean

state String

subordinateConfigs List<Property Map>

type String

updateTime String

userDefinedAccessUrls List<Property Map>

certificateAuthorityId String

location String

pool String

project String

CaCertificateAccessUrl string

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

CrlAccessUrls List<string>

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

CaCertificateAccessUrl string

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

CrlAccessUrls []string

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl String

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

crlAccessUrls List<String>

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl string

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

crlAccessUrls string[]

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

ca_certificate_access_url str

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

crl_access_urls Sequence[str]

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl String

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

crlAccessUrls List<String>

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

SubjectConfigs List<GetAuthorityConfigSubjectConfig>

Specifies some of the values in a certificate that are related to the subject.

SubjectKeyIds List<GetAuthorityConfigSubjectKeyId>

When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..

X509Configs List<GetAuthorityConfigX509Config>

Describes how some of the technical X.509 fields in a certificate should be populated.

SubjectConfigs []GetAuthorityConfigSubjectConfig

Specifies some of the values in a certificate that are related to the subject.

SubjectKeyIds []GetAuthorityConfigSubjectKeyId

When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..

X509Configs []GetAuthorityConfigX509Config

Describes how some of the technical X.509 fields in a certificate should be populated.

subjectConfigs List<GetAuthorityConfigSubjectConfig>

Specifies some of the values in a certificate that are related to the subject.

subjectKeyIds List<GetAuthorityConfigSubjectKeyId>

When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..

x509Configs List<GetAuthorityConfigX509Config>

Describes how some of the technical X.509 fields in a certificate should be populated.

subjectConfigs GetAuthorityConfigSubjectConfig[]

Specifies some of the values in a certificate that are related to the subject.

subjectKeyIds GetAuthorityConfigSubjectKeyId[]

When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..

x509Configs GetAuthorityConfigX509Config[]

Describes how some of the technical X.509 fields in a certificate should be populated.

subject_configs Sequence[GetAuthorityConfigSubjectConfig]

Specifies some of the values in a certificate that are related to the subject.

subject_key_ids Sequence[GetAuthorityConfigSubjectKeyId]

When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..

x509_configs Sequence[GetAuthorityConfigX509Config]

Describes how some of the technical X.509 fields in a certificate should be populated.

subjectConfigs List<Property Map>

Specifies some of the values in a certificate that are related to the subject.

subjectKeyIds List<Property Map>

When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..

x509Configs List<Property Map>

Describes how some of the technical X.509 fields in a certificate should be populated.

SubjectAltNames List<GetAuthorityConfigSubjectConfigSubjectAltName>

The subject alternative name fields.

Subjects List<GetAuthorityConfigSubjectConfigSubject>

Contains distinguished name fields such as the location and organization.

SubjectAltNames []GetAuthorityConfigSubjectConfigSubjectAltName

The subject alternative name fields.

Subjects []GetAuthorityConfigSubjectConfigSubject

Contains distinguished name fields such as the location and organization.

subjectAltNames List<GetAuthorityConfigSubjectConfigSubjectAltName>

The subject alternative name fields.

subjects List<GetAuthorityConfigSubjectConfigSubject>

Contains distinguished name fields such as the location and organization.

subjectAltNames GetAuthorityConfigSubjectConfigSubjectAltName[]

The subject alternative name fields.

subjects GetAuthorityConfigSubjectConfigSubject[]

Contains distinguished name fields such as the location and organization.

subject_alt_names Sequence[GetAuthorityConfigSubjectConfigSubjectAltName]

The subject alternative name fields.

subjects Sequence[GetAuthorityConfigSubjectConfigSubject]

Contains distinguished name fields such as the location and organization.

subjectAltNames List<Property Map>

The subject alternative name fields.

subjects List<Property Map>

Contains distinguished name fields such as the location and organization.

CommonName string

The common name of the distinguished name.

CountryCode string

The country code of the subject.

Locality string

The locality or city of the subject.

Organization string

The organization of the subject.

OrganizationalUnit string

The organizational unit of the subject.

PostalCode string

The postal code of the subject.

Province string

The province, territory, or regional state of the subject.

StreetAddress string

The street address of the subject.

CommonName string

The common name of the distinguished name.

CountryCode string

The country code of the subject.

Locality string

The locality or city of the subject.

Organization string

The organization of the subject.

OrganizationalUnit string

The organizational unit of the subject.

PostalCode string

The postal code of the subject.

Province string

The province, territory, or regional state of the subject.

StreetAddress string

The street address of the subject.

commonName String

The common name of the distinguished name.

countryCode String

The country code of the subject.

locality String

The locality or city of the subject.

organization String

The organization of the subject.

organizationalUnit String

The organizational unit of the subject.

postalCode String

The postal code of the subject.

province String

The province, territory, or regional state of the subject.

streetAddress String

The street address of the subject.

commonName string

The common name of the distinguished name.

countryCode string

The country code of the subject.

locality string

The locality or city of the subject.

organization string

The organization of the subject.

organizationalUnit string

The organizational unit of the subject.

postalCode string

The postal code of the subject.

province string

The province, territory, or regional state of the subject.

streetAddress string

The street address of the subject.

common_name str

The common name of the distinguished name.

country_code str

The country code of the subject.

locality str

The locality or city of the subject.

organization str

The organization of the subject.

organizational_unit str

The organizational unit of the subject.

postal_code str

The postal code of the subject.

province str

The province, territory, or regional state of the subject.

street_address str

The street address of the subject.

commonName String

The common name of the distinguished name.

countryCode String

The country code of the subject.

locality String

The locality or city of the subject.

organization String

The organization of the subject.

organizationalUnit String

The organizational unit of the subject.

postalCode String

The postal code of the subject.

province String

The province, territory, or regional state of the subject.

streetAddress String

The street address of the subject.

DnsNames List<string>

Contains only valid, fully-qualified host names.

EmailAddresses List<string>

Contains only valid RFC 2822 E-mail addresses.

IpAddresses List<string>

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

Uris List<string>

Contains only valid RFC 3986 URIs.

DnsNames []string

Contains only valid, fully-qualified host names.

EmailAddresses []string

Contains only valid RFC 2822 E-mail addresses.

IpAddresses []string

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

Uris []string

Contains only valid RFC 3986 URIs.

dnsNames List<String>

Contains only valid, fully-qualified host names.

emailAddresses List<String>

Contains only valid RFC 2822 E-mail addresses.

ipAddresses List<String>

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

uris List<String>

Contains only valid RFC 3986 URIs.

dnsNames string[]

Contains only valid, fully-qualified host names.

emailAddresses string[]

Contains only valid RFC 2822 E-mail addresses.

ipAddresses string[]

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

uris string[]

Contains only valid RFC 3986 URIs.

dns_names Sequence[str]

Contains only valid, fully-qualified host names.

email_addresses Sequence[str]

Contains only valid RFC 2822 E-mail addresses.

ip_addresses Sequence[str]

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

uris Sequence[str]

Contains only valid RFC 3986 URIs.

dnsNames List<String>

Contains only valid, fully-qualified host names.

emailAddresses List<String>

Contains only valid RFC 2822 E-mail addresses.

ipAddresses List<String>

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

uris List<String>

Contains only valid RFC 3986 URIs.

KeyId string

The value of the KeyId in lowercase hexadecimal.

KeyId string

The value of the KeyId in lowercase hexadecimal.

keyId String

The value of the KeyId in lowercase hexadecimal.

keyId string

The value of the KeyId in lowercase hexadecimal.

key_id str

The value of the KeyId in lowercase hexadecimal.

keyId String

The value of the KeyId in lowercase hexadecimal.

AdditionalExtensions List<GetAuthorityConfigX509ConfigAdditionalExtension>

Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.

AiaOcspServers List<string>

Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

CaOptions List<GetAuthorityConfigX509ConfigCaOption>

Describes values that are relevant in a CA certificate.

KeyUsages List<GetAuthorityConfigX509ConfigKeyUsage>

Indicates the intended use for keys that correspond to a certificate.

NameConstraints List<GetAuthorityConfigX509ConfigNameConstraint>

Describes the X.509 name constraints extension.

PolicyIds List<GetAuthorityConfigX509ConfigPolicyId>

Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []GetAuthorityConfigX509ConfigAdditionalExtension

Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.

AiaOcspServers []string

Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

CaOptions []GetAuthorityConfigX509ConfigCaOption

Describes values that are relevant in a CA certificate.

KeyUsages []GetAuthorityConfigX509ConfigKeyUsage

Indicates the intended use for keys that correspond to a certificate.

NameConstraints []GetAuthorityConfigX509ConfigNameConstraint

Describes the X.509 name constraints extension.

PolicyIds []GetAuthorityConfigX509ConfigPolicyId

Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<GetAuthorityConfigX509ConfigAdditionalExtension>

Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.

aiaOcspServers List<String>

Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions List<GetAuthorityConfigX509ConfigCaOption>

Describes values that are relevant in a CA certificate.

keyUsages List<GetAuthorityConfigX509ConfigKeyUsage>

Indicates the intended use for keys that correspond to a certificate.

nameConstraints List<GetAuthorityConfigX509ConfigNameConstraint>

Describes the X.509 name constraints extension.

policyIds List<GetAuthorityConfigX509ConfigPolicyId>

Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions GetAuthorityConfigX509ConfigAdditionalExtension[]

Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.

aiaOcspServers string[]

Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions GetAuthorityConfigX509ConfigCaOption[]

Describes values that are relevant in a CA certificate.

keyUsages GetAuthorityConfigX509ConfigKeyUsage[]

Indicates the intended use for keys that correspond to a certificate.

nameConstraints GetAuthorityConfigX509ConfigNameConstraint[]

Describes the X.509 name constraints extension.

policyIds GetAuthorityConfigX509ConfigPolicyId[]

Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[GetAuthorityConfigX509ConfigAdditionalExtension]

Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.

aia_ocsp_servers Sequence[str]

Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

ca_options Sequence[GetAuthorityConfigX509ConfigCaOption]

Describes values that are relevant in a CA certificate.

key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsage]

Indicates the intended use for keys that correspond to a certificate.

name_constraints Sequence[GetAuthorityConfigX509ConfigNameConstraint]

Describes the X.509 name constraints extension.

policy_ids Sequence[GetAuthorityConfigX509ConfigPolicyId]

Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>

Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.

aiaOcspServers List<String>

Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions List<Property Map>

Describes values that are relevant in a CA certificate.

keyUsages List<Property Map>

Indicates the intended use for keys that correspond to a certificate.

nameConstraints List<Property Map>

Describes the X.509 name constraints extension.

policyIds List<Property Map>

Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

Critical bool

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

ObjectIds List<GetAuthorityConfigX509ConfigAdditionalExtensionObjectId>

Describes values that are relevant in a CA certificate.

Value string

The value of this X.509 extension. A base64-encoded string.

Critical bool

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

ObjectIds []GetAuthorityConfigX509ConfigAdditionalExtensionObjectId

Describes values that are relevant in a CA certificate.

Value string

The value of this X.509 extension. A base64-encoded string.

critical Boolean

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectIds List<GetAuthorityConfigX509ConfigAdditionalExtensionObjectId>

Describes values that are relevant in a CA certificate.

value String

The value of this X.509 extension. A base64-encoded string.

critical boolean

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectIds GetAuthorityConfigX509ConfigAdditionalExtensionObjectId[]

Describes values that are relevant in a CA certificate.

value string

The value of this X.509 extension. A base64-encoded string.

critical bool

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

object_ids Sequence[GetAuthorityConfigX509ConfigAdditionalExtensionObjectId]

Describes values that are relevant in a CA certificate.

value str

The value of this X.509 extension. A base64-encoded string.

critical Boolean

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectIds List<Property Map>

Describes values that are relevant in a CA certificate.

value String

The value of this X.509 extension. A base64-encoded string.

ObjectIdPaths List<int>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

ObjectIdPaths []int

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Integer>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths number[]

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

object_id_paths Sequence[int]

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Number>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

IsCa bool

When true, the "CA" in Basic Constraints extension will be set to true.

MaxIssuerPathLength int

Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.

NonCa bool

When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.

ZeroMaxIssuerPathLength bool

When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

IsCa bool

When true, the "CA" in Basic Constraints extension will be set to true.

MaxIssuerPathLength int

Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.

NonCa bool

When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.

ZeroMaxIssuerPathLength bool

When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

isCa Boolean

When true, the "CA" in Basic Constraints extension will be set to true.

maxIssuerPathLength Integer

Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.

nonCa Boolean

When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.

zeroMaxIssuerPathLength Boolean

When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

isCa boolean

When true, the "CA" in Basic Constraints extension will be set to true.

maxIssuerPathLength number

Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.

nonCa boolean

When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.

zeroMaxIssuerPathLength boolean

When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

is_ca bool

When true, the "CA" in Basic Constraints extension will be set to true.

max_issuer_path_length int

Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.

non_ca bool

When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.

zero_max_issuer_path_length bool

When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

isCa Boolean

When true, the "CA" in Basic Constraints extension will be set to true.

maxIssuerPathLength Number

Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.

nonCa Boolean

When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.

zeroMaxIssuerPathLength Boolean

When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

BaseKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage>

Describes high-level ways in which a key may be used.

ExtendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage>

Describes high-level ways in which a key may be used.

UnknownExtendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

BaseKeyUsages []GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage

Describes high-level ways in which a key may be used.

ExtendedKeyUsages []GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage

Describes high-level ways in which a key may be used.

UnknownExtendedKeyUsages []GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

baseKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage>

Describes high-level ways in which a key may be used.

extendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage>

Describes high-level ways in which a key may be used.

unknownExtendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

baseKeyUsages GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage[]

Describes high-level ways in which a key may be used.

extendedKeyUsages GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage[]

Describes high-level ways in which a key may be used.

unknownExtendedKeyUsages GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage[]

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

base_key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage]

Describes high-level ways in which a key may be used.

extended_key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage]

Describes high-level ways in which a key may be used.

unknown_extended_key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage]

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

baseKeyUsages List<Property Map>

Describes high-level ways in which a key may be used.

extendedKeyUsages List<Property Map>

Describes high-level ways in which a key may be used.

unknownExtendedKeyUsages List<Property Map>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

CertSign bool

The key may be used to sign certificates.

ContentCommitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

CrlSign bool

The key may be used sign certificate revocation lists.

DataEncipherment bool

The key may be used to encipher data.

DecipherOnly bool

The key may be used to decipher only.

DigitalSignature bool

The key may be used for digital signatures.

EncipherOnly bool

The key may be used to encipher only.

KeyAgreement bool

The key may be used in a key agreement protocol.

KeyEncipherment bool

The key may be used to encipher other keys.

CertSign bool

The key may be used to sign certificates.

ContentCommitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

CrlSign bool

The key may be used sign certificate revocation lists.

DataEncipherment bool

The key may be used to encipher data.

DecipherOnly bool

The key may be used to decipher only.

DigitalSignature bool

The key may be used for digital signatures.

EncipherOnly bool

The key may be used to encipher only.

KeyAgreement bool

The key may be used in a key agreement protocol.

KeyEncipherment bool

The key may be used to encipher other keys.

certSign Boolean

The key may be used to sign certificates.

contentCommitment Boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign Boolean

The key may be used sign certificate revocation lists.

dataEncipherment Boolean

The key may be used to encipher data.

decipherOnly Boolean

The key may be used to decipher only.

digitalSignature Boolean

The key may be used for digital signatures.

encipherOnly Boolean

The key may be used to encipher only.

keyAgreement Boolean

The key may be used in a key agreement protocol.

keyEncipherment Boolean

The key may be used to encipher other keys.

certSign boolean

The key may be used to sign certificates.

contentCommitment boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign boolean

The key may be used sign certificate revocation lists.

dataEncipherment boolean

The key may be used to encipher data.

decipherOnly boolean

The key may be used to decipher only.

digitalSignature boolean

The key may be used for digital signatures.

encipherOnly boolean

The key may be used to encipher only.

keyAgreement boolean

The key may be used in a key agreement protocol.

keyEncipherment boolean

The key may be used to encipher other keys.

cert_sign bool

The key may be used to sign certificates.

content_commitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crl_sign bool

The key may be used sign certificate revocation lists.

data_encipherment bool

The key may be used to encipher data.

decipher_only bool

The key may be used to decipher only.

digital_signature bool

The key may be used for digital signatures.

encipher_only bool

The key may be used to encipher only.

key_agreement bool

The key may be used in a key agreement protocol.

key_encipherment bool

The key may be used to encipher other keys.

certSign Boolean

The key may be used to sign certificates.

contentCommitment Boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign Boolean

The key may be used sign certificate revocation lists.

dataEncipherment Boolean

The key may be used to encipher data.

decipherOnly Boolean

The key may be used to decipher only.

digitalSignature Boolean

The key may be used for digital signatures.

encipherOnly Boolean

The key may be used to encipher only.

keyAgreement Boolean

The key may be used in a key agreement protocol.

keyEncipherment Boolean

The key may be used to encipher other keys.

ClientAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

CodeSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

EmailProtection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

OcspSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

ServerAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

TimeStamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

CodeSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

EmailProtection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

OcspSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

ServerAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

TimeStamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

code_signing bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

email_protection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocsp_signing bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

server_auth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

time_stamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ObjectIdPaths List<int>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

ObjectIdPaths []int

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Integer>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths number[]

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

object_id_paths Sequence[int]

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Number>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

Critical bool

Indicates whether or not the name constraints are marked critical.

ExcludedDnsNames List<string>

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

ExcludedEmailAddresses List<string>

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

ExcludedIpRanges List<string>

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

ExcludedUris List<string>

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

PermittedDnsNames List<string>

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

PermittedEmailAddresses List<string>

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

PermittedIpRanges List<string>

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

PermittedUris List<string>

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

Critical bool

Indicates whether or not the name constraints are marked critical.

ExcludedDnsNames []string

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

ExcludedEmailAddresses []string

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

ExcludedIpRanges []string

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

ExcludedUris []string

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

PermittedDnsNames []string

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

PermittedEmailAddresses []string

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

PermittedIpRanges []string

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

PermittedUris []string

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

critical Boolean

Indicates whether or not the name constraints are marked critical.

excludedDnsNames List<String>

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

excludedEmailAddresses List<String>

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

excludedIpRanges List<String>

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

excludedUris List<String>

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

permittedDnsNames List<String>

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

permittedEmailAddresses List<String>

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

permittedIpRanges List<String>

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

permittedUris List<String>

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

critical boolean

Indicates whether or not the name constraints are marked critical.

excludedDnsNames string[]

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

excludedEmailAddresses string[]

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

excludedIpRanges string[]

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

excludedUris string[]

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

permittedDnsNames string[]

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

permittedEmailAddresses string[]

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

permittedIpRanges string[]

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

permittedUris string[]

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

critical bool

Indicates whether or not the name constraints are marked critical.

excluded_dns_names Sequence[str]

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

excluded_email_addresses Sequence[str]

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

excluded_ip_ranges Sequence[str]

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

excluded_uris Sequence[str]

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

permitted_dns_names Sequence[str]

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

permitted_email_addresses Sequence[str]

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

permitted_ip_ranges Sequence[str]

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

permitted_uris Sequence[str]

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

critical Boolean

Indicates whether or not the name constraints are marked critical.

excludedDnsNames List<String>

Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

excludedEmailAddresses List<String>

Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

excludedIpRanges List<String>

Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

excludedUris List<String>

Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

permittedDnsNames List<String>

Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.

permittedEmailAddresses List<String>

Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.

permittedIpRanges List<String>

Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

permittedUris List<String>

Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

ObjectIdPaths List<int>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

ObjectIdPaths []int

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Integer>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths number[]

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

object_id_paths Sequence[int]

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Number>

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

Algorithm string

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]

CloudKmsKeyVersion string

The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

Algorithm string

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]

CloudKmsKeyVersion string

The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

algorithm String

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]

cloudKmsKeyVersion String

The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

algorithm string

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]

cloudKmsKeyVersion string

The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

algorithm str

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]

cloud_kms_key_version str

The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

algorithm String

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]

cloudKmsKeyVersion String

The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

CertificateAuthority string

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.

PemIssuerChains List<GetAuthoritySubordinateConfigPemIssuerChain>

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

CertificateAuthority string

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.

PemIssuerChains []GetAuthoritySubordinateConfigPemIssuerChain

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority String

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.

pemIssuerChains List<GetAuthoritySubordinateConfigPemIssuerChain>

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority string

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.

pemIssuerChains GetAuthoritySubordinateConfigPemIssuerChain[]

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificate_authority str

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.

pem_issuer_chains Sequence[GetAuthoritySubordinateConfigPemIssuerChain]

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority String

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.

pemIssuerChains List<Property Map>

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

PemCertificates List<string>

Expected to be in leaf-to-root order according to RFC 5246.

PemCertificates []string

Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates List<String>

Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates string[]

Expected to be in leaf-to-root order according to RFC 5246.

pem_certificates Sequence[str]

Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates List<String>

Expected to be in leaf-to-root order according to RFC 5246.

AiaIssuingCertificateUrls List<string>

A list of URLs where this CertificateAuthority's CA certificate is published that is specified by users.

CrlAccessUrls List<string>

A list of URLs where this CertificateAuthority's CRLs are published that is specified by users.

AiaIssuingCertificateUrls []string

A list of URLs where this CertificateAuthority's CA certificate is published that is specified by users.

CrlAccessUrls []string

A list of URLs where this CertificateAuthority's CRLs are published that is specified by users.

aiaIssuingCertificateUrls List<String>

A list of URLs where this CertificateAuthority's CA certificate is published that is specified by users.

crlAccessUrls List<String>

A list of URLs where this CertificateAuthority's CRLs are published that is specified by users.

aiaIssuingCertificateUrls string[]

A list of URLs where this CertificateAuthority's CA certificate is published that is specified by users.

crlAccessUrls string[]

A list of URLs where this CertificateAuthority's CRLs are published that is specified by users.

aia_issuing_certificate_urls Sequence[str]

A list of URLs where this CertificateAuthority's CA certificate is published that is specified by users.

crl_access_urls Sequence[str]

A list of URLs where this CertificateAuthority's CRLs are published that is specified by users.

aiaIssuingCertificateUrls List<String>

A list of URLs where this CertificateAuthority's CA certificate is published that is specified by users.

crlAccessUrls List<String>

A list of URLs where this CertificateAuthority's CRLs are published that is specified by users.