Welcome to Pulumi Registry, your window into the cloud. Read the announcement.

Google Native

v0.9.0 published on Wednesday, Nov 24, 2021 by Pulumi

CaPool

Create a CaPool. Auto-naming is currently not supported for this resource.

Create a CaPool Resource

new CaPool(name: string, args: CaPoolArgs, opts?: CustomResourceOptions);
@overload
def CaPool(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           ca_pool_id: Optional[str] = None,
           issuance_policy: Optional[IssuancePolicyArgs] = None,
           labels: Optional[Mapping[str, str]] = None,
           location: Optional[str] = None,
           project: Optional[str] = None,
           publishing_options: Optional[PublishingOptionsArgs] = None,
           request_id: Optional[str] = None,
           tier: Optional[CaPoolTier] = None)
@overload
def CaPool(resource_name: str,
           args: CaPoolArgs,
           opts: Optional[ResourceOptions] = None)
func NewCaPool(ctx *Context, name string, args CaPoolArgs, opts ...ResourceOption) (*CaPool, error)
public CaPool(string name, CaPoolArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args CaPoolArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args CaPoolArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CaPoolArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CaPoolArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

CaPool Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CaPool resource accepts the following input properties:

CaPoolId string
Tier Pulumi.GoogleNative.Privateca.V1.CaPoolTier
Immutable. The Tier of this CaPool.
IssuancePolicy Pulumi.GoogleNative.Privateca.V1.Inputs.IssuancePolicyArgs
Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
Labels Dictionary<string, string>
Optional. Labels with user-defined metadata.
Location string
Project string
PublishingOptions Pulumi.GoogleNative.Privateca.V1.Inputs.PublishingOptionsArgs
Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
RequestId string
CaPoolId string
Tier CaPoolTier
Immutable. The Tier of this CaPool.
IssuancePolicy IssuancePolicyArgs
Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
Labels map[string]string
Optional. Labels with user-defined metadata.
Location string
Project string
PublishingOptions PublishingOptionsArgs
Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
RequestId string
caPoolId string
tier CaPoolTier
Immutable. The Tier of this CaPool.
issuancePolicy IssuancePolicyArgs
Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
labels {[key: string]: string}
Optional. Labels with user-defined metadata.
location string
project string
publishingOptions PublishingOptionsArgs
Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
requestId string
ca_pool_id str
tier CaPoolTier
Immutable. The Tier of this CaPool.
issuance_policy IssuancePolicyArgs
Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
labels Mapping[str, str]
Optional. Labels with user-defined metadata.
location str
project str
publishing_options PublishingOptionsArgs
Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
request_id str

Outputs

All input properties are implicitly available as output properties. Additionally, the CaPool resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Name string
The resource name for this CaPool in the format projects//locations//caPools/*.
Id string
The provider-assigned unique ID for this managed resource.
Name string
The resource name for this CaPool in the format projects//locations//caPools/*.
id string
The provider-assigned unique ID for this managed resource.
name string
The resource name for this CaPool in the format projects//locations//caPools/*.
id str
The provider-assigned unique ID for this managed resource.
name str
The resource name for this CaPool in the format projects//locations//caPools/*.

Supporting Types

AllowedKeyType

EllipticCurve Pulumi.GoogleNative.Privateca.V1.Inputs.EcKeyType
Represents an allowed Elliptic Curve key type.
Rsa Pulumi.GoogleNative.Privateca.V1.Inputs.RsaKeyType
Represents an allowed RSA key type.
EllipticCurve EcKeyType
Represents an allowed Elliptic Curve key type.
Rsa RsaKeyType
Represents an allowed RSA key type.
ellipticCurve EcKeyType
Represents an allowed Elliptic Curve key type.
rsa RsaKeyType
Represents an allowed RSA key type.
elliptic_curve EcKeyType
Represents an allowed Elliptic Curve key type.
rsa RsaKeyType
Represents an allowed RSA key type.

AllowedKeyTypeResponse

EllipticCurve EcKeyTypeResponse
Represents an allowed Elliptic Curve key type.
Rsa RsaKeyTypeResponse
Represents an allowed RSA key type.
ellipticCurve EcKeyTypeResponse
Represents an allowed Elliptic Curve key type.
rsa RsaKeyTypeResponse
Represents an allowed RSA key type.
elliptic_curve EcKeyTypeResponse
Represents an allowed Elliptic Curve key type.
rsa RsaKeyTypeResponse
Represents an allowed RSA key type.

CaOptions

IsCa bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
IsCa bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
isCa boolean
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
is_ca bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CaOptionsResponse

IsCa bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
IsCa bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
isCa boolean
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
is_ca bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CaPoolTier

TierUnspecified
TIER_UNSPECIFIEDNot specified.
Enterprise
ENTERPRISEEnterprise tier.
Devops
DEVOPSDevOps tier.
CaPoolTierTierUnspecified
TIER_UNSPECIFIEDNot specified.
CaPoolTierEnterprise
ENTERPRISEEnterprise tier.
CaPoolTierDevops
DEVOPSDevOps tier.
TierUnspecified
TIER_UNSPECIFIEDNot specified.
Enterprise
ENTERPRISEEnterprise tier.
Devops
DEVOPSDevOps tier.
TIER_UNSPECIFIED
TIER_UNSPECIFIEDNot specified.
ENTERPRISE
ENTERPRISEEnterprise tier.
DEVOPS
DEVOPSDevOps tier.

CertificateExtensionConstraints

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>
Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
KnownExtensions List<Pulumi.GoogleNative.Privateca.V1.CertificateExtensionConstraintsKnownExtensionsItem>
Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
AdditionalExtensions []ObjectId
Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
KnownExtensions []CertificateExtensionConstraintsKnownExtensionsItem
Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
additionalExtensions ObjectId[]
Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions CertificateExtensionConstraintsKnownExtensionsItem[]
Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
additional_extensions Sequence[ObjectId]
Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
known_extensions Sequence[CertificateExtensionConstraintsKnownExtensionsItem]
Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

CertificateExtensionConstraintsKnownExtensionsItem

KnownCertificateExtensionUnspecified
KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
BaseKeyUsage
BASE_KEY_USAGERefers to a certificate’s Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
ExtendedKeyUsage
EXTENDED_KEY_USAGERefers to a certificate’s Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
CaOptions
CA_OPTIONSRefers to a certificate’s Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
PolicyIds
POLICY_IDSRefers to a certificate’s Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
AiaOcspServers
AIA_OCSP_SERVERSRefers to OCSP servers in a certificate’s Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
CertificateExtensionConstraintsKnownExtensionsItemKnownCertificateExtensionUnspecified
KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
CertificateExtensionConstraintsKnownExtensionsItemBaseKeyUsage
BASE_KEY_USAGERefers to a certificate’s Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
CertificateExtensionConstraintsKnownExtensionsItemExtendedKeyUsage
EXTENDED_KEY_USAGERefers to a certificate’s Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
CertificateExtensionConstraintsKnownExtensionsItemCaOptions
CA_OPTIONSRefers to a certificate’s Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
CertificateExtensionConstraintsKnownExtensionsItemPolicyIds
POLICY_IDSRefers to a certificate’s Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
CertificateExtensionConstraintsKnownExtensionsItemAiaOcspServers
AIA_OCSP_SERVERSRefers to OCSP servers in a certificate’s Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
KnownCertificateExtensionUnspecified
KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
BaseKeyUsage
BASE_KEY_USAGERefers to a certificate’s Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
ExtendedKeyUsage
EXTENDED_KEY_USAGERefers to a certificate’s Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
CaOptions
CA_OPTIONSRefers to a certificate’s Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
PolicyIds
POLICY_IDSRefers to a certificate’s Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
AiaOcspServers
AIA_OCSP_SERVERSRefers to OCSP servers in a certificate’s Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
BASE_KEY_USAGE
BASE_KEY_USAGERefers to a certificate’s Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
EXTENDED_KEY_USAGE
EXTENDED_KEY_USAGERefers to a certificate’s Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
CA_OPTIONS
CA_OPTIONSRefers to a certificate’s Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
POLICY_IDS
POLICY_IDSRefers to a certificate’s Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
AIA_OCSP_SERVERS
AIA_OCSP_SERVERSRefers to OCSP servers in a certificate’s Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.

CertificateExtensionConstraintsResponse

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
KnownExtensions List<string>
Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
AdditionalExtensions []ObjectIdResponse
Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
KnownExtensions []string
Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
additionalExtensions ObjectIdResponse[]
Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions string[]
Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
additional_extensions Sequence[ObjectIdResponse]
Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
known_extensions Sequence[str]
Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

CertificateIdentityConstraints

AllowSubjectAltNamesPassthrough bool
If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
AllowSubjectPassthrough bool
If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
CelExpression Pulumi.GoogleNative.Privateca.V1.Inputs.Expr
Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
AllowSubjectAltNamesPassthrough bool
If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
AllowSubjectPassthrough bool
If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
CelExpression Expr
Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
allowSubjectAltNamesPassthrough boolean
If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough boolean
If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression Expr
Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
allow_subject_alt_names_passthrough bool
If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allow_subject_passthrough bool
If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
cel_expression Expr
Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

CertificateIdentityConstraintsResponse

AllowSubjectAltNamesPassthrough bool
If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
AllowSubjectPassthrough bool
If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
CelExpression Pulumi.GoogleNative.Privateca.V1.Inputs.ExprResponse
Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
AllowSubjectAltNamesPassthrough bool
If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
AllowSubjectPassthrough bool
If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
CelExpression ExprResponse
Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
allowSubjectAltNamesPassthrough boolean
If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough boolean
If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression ExprResponse
Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
allow_subject_alt_names_passthrough bool
If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allow_subject_passthrough bool
If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
cel_expression ExprResponse
Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

EcKeyType

SignatureAlgorithm Pulumi.GoogleNative.Privateca.V1.EcKeyTypeSignatureAlgorithm
Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
SignatureAlgorithm EcKeyTypeSignatureAlgorithm
Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
signatureAlgorithm EcKeyTypeSignatureAlgorithm
Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
signature_algorithm EcKeyTypeSignatureAlgorithm
Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.

EcKeyTypeResponse

SignatureAlgorithm string
Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
SignatureAlgorithm string
Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
signatureAlgorithm string
Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
signature_algorithm str
Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.

EcKeyTypeSignatureAlgorithm

EcSignatureAlgorithmUnspecified
EC_SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified. Signifies that any signature algorithm may be used.
EcdsaP256
ECDSA_P256Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
EcdsaP384
ECDSA_P384Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
Eddsa25519
EDDSA_25519Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
EcKeyTypeSignatureAlgorithmEcSignatureAlgorithmUnspecified
EC_SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified. Signifies that any signature algorithm may be used.
EcKeyTypeSignatureAlgorithmEcdsaP256
ECDSA_P256Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
EcKeyTypeSignatureAlgorithmEcdsaP384
ECDSA_P384Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
EcKeyTypeSignatureAlgorithmEddsa25519
EDDSA_25519Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
EcSignatureAlgorithmUnspecified
EC_SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified. Signifies that any signature algorithm may be used.
EcdsaP256
ECDSA_P256Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
EcdsaP384
ECDSA_P384Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
Eddsa25519
EDDSA_25519Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
EC_SIGNATURE_ALGORITHM_UNSPECIFIED
EC_SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified. Signifies that any signature algorithm may be used.
ECDSA_P256
ECDSA_P256Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
ECDSA_P384
ECDSA_P384Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
EDDSA25519
EDDSA_25519Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.

Expr

Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string
Textual representation of an expression in Common Expression Language syntax.
Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string
Textual representation of an expression in Common Expression Language syntax.
Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression string
Textual representation of an expression in Common Expression Language syntax.
location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description str
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression str
Textual representation of an expression in Common Expression Language syntax.
location str
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title str
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

ExprResponse

Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string
Textual representation of an expression in Common Expression Language syntax.
Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string
Textual representation of an expression in Common Expression Language syntax.
Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression string
Textual representation of an expression in Common Expression Language syntax.
location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description str
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression str
Textual representation of an expression in Common Expression Language syntax.
location str
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title str
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

ExtendedKeyUsageOptions

ClientAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
CodeSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
EmailProtection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
OcspSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
ServerAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
TimeStamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
ClientAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
CodeSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
EmailProtection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
OcspSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
ServerAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
TimeStamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
clientAuth boolean
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
codeSigning boolean
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
emailProtection boolean
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
ocspSigning boolean
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
serverAuth boolean
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
timeStamping boolean
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
client_auth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
code_signing bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
email_protection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
ocsp_signing bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
server_auth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
time_stamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.

ExtendedKeyUsageOptionsResponse

ClientAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
CodeSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
EmailProtection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
OcspSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
ServerAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
TimeStamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
ClientAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
CodeSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
EmailProtection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
OcspSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
ServerAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
TimeStamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
clientAuth boolean
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
codeSigning boolean
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
emailProtection boolean
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
ocspSigning boolean
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
serverAuth boolean
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
timeStamping boolean
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
client_auth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
code_signing bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
email_protection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
ocsp_signing bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
server_auth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
time_stamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.

IssuanceModes

AllowConfigBasedIssuance bool
Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
AllowCsrBasedIssuance bool
Optional. When true, allows callers to create Certificates by specifying a CSR.
AllowConfigBasedIssuance bool
Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
AllowCsrBasedIssuance bool
Optional. When true, allows callers to create Certificates by specifying a CSR.
allowConfigBasedIssuance boolean
Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
allowCsrBasedIssuance boolean
Optional. When true, allows callers to create Certificates by specifying a CSR.
allow_config_based_issuance bool
Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
allow_csr_based_issuance bool
Optional. When true, allows callers to create Certificates by specifying a CSR.

IssuanceModesResponse

AllowConfigBasedIssuance bool
Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
AllowCsrBasedIssuance bool
Optional. When true, allows callers to create Certificates by specifying a CSR.
AllowConfigBasedIssuance bool
Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
AllowCsrBasedIssuance bool
Optional. When true, allows callers to create Certificates by specifying a CSR.
allowConfigBasedIssuance boolean
Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
allowCsrBasedIssuance boolean
Optional. When true, allows callers to create Certificates by specifying a CSR.
allow_config_based_issuance bool
Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
allow_csr_based_issuance bool
Optional. When true, allows callers to create Certificates by specifying a CSR.

IssuancePolicy

AllowedIssuanceModes Pulumi.GoogleNative.Privateca.V1.Inputs.IssuanceModes
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
AllowedKeyTypes List<Pulumi.GoogleNative.Privateca.V1.Inputs.AllowedKeyType>
Optional. If any AllowedKeyType is specified, then the certificate request’s public key must match one of the key types listed here. Otherwise, any key may be used.
BaselineValues Pulumi.GoogleNative.Privateca.V1.Inputs.X509Parameters
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
IdentityConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateIdentityConstraints
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate’s identity.
MaximumLifetime string
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
PassthroughExtensions Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateExtensionConstraints
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don’t appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don’t appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool’s baseline_values.
AllowedIssuanceModes IssuanceModes
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
AllowedKeyTypes []AllowedKeyType
Optional. If any AllowedKeyType is specified, then the certificate request’s public key must match one of the key types listed here. Otherwise, any key may be used.
BaselineValues X509Parameters
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
IdentityConstraints CertificateIdentityConstraints
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate’s identity.
MaximumLifetime string
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
PassthroughExtensions CertificateExtensionConstraints
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don’t appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don’t appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool’s baseline_values.
allowedIssuanceModes IssuanceModes
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowedKeyTypes AllowedKeyType[]
Optional. If any AllowedKeyType is specified, then the certificate request’s public key must match one of the key types listed here. Otherwise, any key may be used.
baselineValues X509Parameters
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
identityConstraints CertificateIdentityConstraints
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate’s identity.
maximumLifetime string
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
passthroughExtensions CertificateExtensionConstraints
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don’t appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don’t appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool’s baseline_values.
allowed_issuance_modes IssuanceModes
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowed_key_types Sequence[AllowedKeyType]
Optional. If any AllowedKeyType is specified, then the certificate request’s public key must match one of the key types listed here. Otherwise, any key may be used.
baseline_values X509Parameters
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
identity_constraints CertificateIdentityConstraints
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate’s identity.
maximum_lifetime str
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
passthrough_extensions CertificateExtensionConstraints
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don’t appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don’t appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool’s baseline_values.

IssuancePolicyResponse

AllowedIssuanceModes Pulumi.GoogleNative.Privateca.V1.Inputs.IssuanceModesResponse
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
AllowedKeyTypes List<Pulumi.GoogleNative.Privateca.V1.Inputs.AllowedKeyTypeResponse>
Optional. If any AllowedKeyType is specified, then the certificate request’s public key must match one of the key types listed here. Otherwise, any key may be used.
BaselineValues Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
IdentityConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateIdentityConstraintsResponse
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate’s identity.
MaximumLifetime string
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
PassthroughExtensions Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateExtensionConstraintsResponse
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don’t appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don’t appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool’s baseline_values.
AllowedIssuanceModes IssuanceModesResponse
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
AllowedKeyTypes []AllowedKeyTypeResponse
Optional. If any AllowedKeyType is specified, then the certificate request’s public key must match one of the key types listed here. Otherwise, any key may be used.
BaselineValues X509ParametersResponse
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
IdentityConstraints CertificateIdentityConstraintsResponse
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate’s identity.
MaximumLifetime string
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
PassthroughExtensions CertificateExtensionConstraintsResponse
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don’t appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don’t appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool’s baseline_values.
allowedIssuanceModes IssuanceModesResponse
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowedKeyTypes AllowedKeyTypeResponse[]
Optional. If any AllowedKeyType is specified, then the certificate request’s public key must match one of the key types listed here. Otherwise, any key may be used.
baselineValues X509ParametersResponse
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
identityConstraints CertificateIdentityConstraintsResponse
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate’s identity.
maximumLifetime string
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
passthroughExtensions CertificateExtensionConstraintsResponse
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don’t appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don’t appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool’s baseline_values.
allowed_issuance_modes IssuanceModesResponse
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowed_key_types Sequence[AllowedKeyTypeResponse]
Optional. If any AllowedKeyType is specified, then the certificate request’s public key must match one of the key types listed here. Otherwise, any key may be used.
baseline_values X509ParametersResponse
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
identity_constraints CertificateIdentityConstraintsResponse
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate’s identity.
maximum_lifetime str
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
passthrough_extensions CertificateExtensionConstraintsResponse
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don’t appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don’t appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool’s baseline_values.

KeyUsage

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptions
Describes high-level ways in which a key may be used.
ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptions
Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
BaseKeyUsage KeyUsageOptions
Describes high-level ways in which a key may be used.
ExtendedKeyUsage ExtendedKeyUsageOptions
Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []ObjectId
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
baseKeyUsage KeyUsageOptions
Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptions
Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages ObjectId[]
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
base_key_usage KeyUsageOptions
Describes high-level ways in which a key may be used.
extended_key_usage ExtendedKeyUsageOptions
Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[ObjectId]
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

KeyUsageOptions

CertSign bool
The key may be used to sign certificates.
ContentCommitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
CrlSign bool
The key may be used sign certificate revocation lists.
DataEncipherment bool
The key may be used to encipher data.
DecipherOnly bool
The key may be used to decipher only.
DigitalSignature bool
The key may be used for digital signatures.
EncipherOnly bool
The key may be used to encipher only.
KeyAgreement bool
The key may be used in a key agreement protocol.
KeyEncipherment bool
The key may be used to encipher other keys.
CertSign bool
The key may be used to sign certificates.
ContentCommitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
CrlSign bool
The key may be used sign certificate revocation lists.
DataEncipherment bool
The key may be used to encipher data.
DecipherOnly bool
The key may be used to decipher only.
DigitalSignature bool
The key may be used for digital signatures.
EncipherOnly bool
The key may be used to encipher only.
KeyAgreement bool
The key may be used in a key agreement protocol.
KeyEncipherment bool
The key may be used to encipher other keys.
certSign boolean
The key may be used to sign certificates.
contentCommitment boolean
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
crlSign boolean
The key may be used sign certificate revocation lists.
dataEncipherment boolean
The key may be used to encipher data.
decipherOnly boolean
The key may be used to decipher only.
digitalSignature boolean
The key may be used for digital signatures.
encipherOnly boolean
The key may be used to encipher only.
keyAgreement boolean
The key may be used in a key agreement protocol.
keyEncipherment boolean
The key may be used to encipher other keys.
cert_sign bool
The key may be used to sign certificates.
content_commitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
crl_sign bool
The key may be used sign certificate revocation lists.
data_encipherment bool
The key may be used to encipher data.
decipher_only bool
The key may be used to decipher only.
digital_signature bool
The key may be used for digital signatures.
encipher_only bool
The key may be used to encipher only.
key_agreement bool
The key may be used in a key agreement protocol.
key_encipherment bool
The key may be used to encipher other keys.

KeyUsageOptionsResponse

CertSign bool
The key may be used to sign certificates.
ContentCommitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
CrlSign bool
The key may be used sign certificate revocation lists.
DataEncipherment bool
The key may be used to encipher data.
DecipherOnly bool
The key may be used to decipher only.
DigitalSignature bool
The key may be used for digital signatures.
EncipherOnly bool
The key may be used to encipher only.
KeyAgreement bool
The key may be used in a key agreement protocol.
KeyEncipherment bool
The key may be used to encipher other keys.
CertSign bool
The key may be used to sign certificates.
ContentCommitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
CrlSign bool
The key may be used sign certificate revocation lists.
DataEncipherment bool
The key may be used to encipher data.
DecipherOnly bool
The key may be used to decipher only.
DigitalSignature bool
The key may be used for digital signatures.
EncipherOnly bool
The key may be used to encipher only.
KeyAgreement bool
The key may be used in a key agreement protocol.
KeyEncipherment bool
The key may be used to encipher other keys.
certSign boolean
The key may be used to sign certificates.
contentCommitment boolean
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
crlSign boolean
The key may be used sign certificate revocation lists.
dataEncipherment boolean
The key may be used to encipher data.
decipherOnly boolean
The key may be used to decipher only.
digitalSignature boolean
The key may be used for digital signatures.
encipherOnly boolean
The key may be used to encipher only.
keyAgreement boolean
The key may be used in a key agreement protocol.
keyEncipherment boolean
The key may be used to encipher other keys.
cert_sign bool
The key may be used to sign certificates.
content_commitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
crl_sign bool
The key may be used sign certificate revocation lists.
data_encipherment bool
The key may be used to encipher data.
decipher_only bool
The key may be used to decipher only.
digital_signature bool
The key may be used for digital signatures.
encipher_only bool
The key may be used to encipher only.
key_agreement bool
The key may be used in a key agreement protocol.
key_encipherment bool
The key may be used to encipher other keys.

KeyUsageResponse

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
BaseKeyUsage KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
ExtendedKeyUsage ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []ObjectIdResponse
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
baseKeyUsage KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages ObjectIdResponse[]
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
base_key_usage KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
extended_key_usage ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[ObjectIdResponse]
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

ObjectId

ObjectIdPath List<int>
The parts of an OID path. The most significant parts of the path come first.
ObjectIdPath []int
The parts of an OID path. The most significant parts of the path come first.
objectIdPath number[]
The parts of an OID path. The most significant parts of the path come first.
object_id_path Sequence[int]
The parts of an OID path. The most significant parts of the path come first.

ObjectIdResponse

ObjectIdPath List<int>
The parts of an OID path. The most significant parts of the path come first.
ObjectIdPath []int
The parts of an OID path. The most significant parts of the path come first.
objectIdPath number[]
The parts of an OID path. The most significant parts of the path come first.
object_id_path Sequence[int]
The parts of an OID path. The most significant parts of the path come first.

PublishingOptions

PublishCaCert bool
Optional. When true, publishes each CertificateAuthority’s CA certificate and includes its URL in the “Authority Information Access” X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
PublishCrl bool
Optional. When true, publishes each CertificateAuthority’s CRL and includes its URL in the “CRL Distribution Points” X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
PublishCaCert bool
Optional. When true, publishes each CertificateAuthority’s CA certificate and includes its URL in the “Authority Information Access” X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
PublishCrl bool
Optional. When true, publishes each CertificateAuthority’s CRL and includes its URL in the “CRL Distribution Points” X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
publishCaCert boolean
Optional. When true, publishes each CertificateAuthority’s CA certificate and includes its URL in the “Authority Information Access” X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
publishCrl boolean
Optional. When true, publishes each CertificateAuthority’s CRL and includes its URL in the “CRL Distribution Points” X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
publish_ca_cert bool
Optional. When true, publishes each CertificateAuthority’s CA certificate and includes its URL in the “Authority Information Access” X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
publish_crl bool
Optional. When true, publishes each CertificateAuthority’s CRL and includes its URL in the “CRL Distribution Points” X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

PublishingOptionsResponse

PublishCaCert bool
Optional. When true, publishes each CertificateAuthority’s CA certificate and includes its URL in the “Authority Information Access” X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
PublishCrl bool
Optional. When true, publishes each CertificateAuthority’s CRL and includes its URL in the “CRL Distribution Points” X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
PublishCaCert bool
Optional. When true, publishes each CertificateAuthority’s CA certificate and includes its URL in the “Authority Information Access” X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
PublishCrl bool
Optional. When true, publishes each CertificateAuthority’s CRL and includes its URL in the “CRL Distribution Points” X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
publishCaCert boolean
Optional. When true, publishes each CertificateAuthority’s CA certificate and includes its URL in the “Authority Information Access” X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
publishCrl boolean
Optional. When true, publishes each CertificateAuthority’s CRL and includes its URL in the “CRL Distribution Points” X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
publish_ca_cert bool
Optional. When true, publishes each CertificateAuthority’s CA certificate and includes its URL in the “Authority Information Access” X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
publish_crl bool
Optional. When true, publishes each CertificateAuthority’s CRL and includes its URL in the “CRL Distribution Points” X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

RsaKeyType

MaxModulusSize string
Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
MinModulusSize string
Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
MaxModulusSize string
Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
MinModulusSize string
Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
maxModulusSize string
Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
minModulusSize string
Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
max_modulus_size str
Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
min_modulus_size str
Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.

RsaKeyTypeResponse

MaxModulusSize string
Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
MinModulusSize string
Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
MaxModulusSize string
Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
MinModulusSize string
Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
maxModulusSize string
Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
minModulusSize string
Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
max_modulus_size str
Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
min_modulus_size str
Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.

X509Extension

ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId
The OID for this X.509 extension.
Value string
The value of this X.509 extension.
Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId ObjectId
The OID for this X.509 extension.
Value string
The value of this X.509 extension.
Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectId
The OID for this X.509 extension.
value string
The value of this X.509 extension.
critical boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
object_id ObjectId
The OID for this X.509 extension.
value str
The value of this X.509 extension.
critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

X509ExtensionResponse

Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse
The OID for this X.509 extension.
Value string
The value of this X.509 extension.
Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId ObjectIdResponse
The OID for this X.509 extension.
Value string
The value of this X.509 extension.
critical boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectIdResponse
The OID for this X.509 extension.
value string
The value of this X.509 extension.
critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
object_id ObjectIdResponse
The OID for this X.509 extension.
value str
The value of this X.509 extension.

X509Parameters

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509Extension>
Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptions
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsage
Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
AdditionalExtensions []X509Extension
Optional. Describes custom X.509 extensions.
AiaOcspServers []string
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
CaOptions CaOptions
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage KeyUsage
Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds []ObjectId
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additionalExtensions X509Extension[]
Optional. Describes custom X.509 extensions.
aiaOcspServers string[]
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
caOptions CaOptions
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage KeyUsage
Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds ObjectId[]
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additional_extensions Sequence[X509Extension]
Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
ca_options CaOptions
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
key_usage KeyUsage
Optional. Indicates the intended use for keys that correspond to a certificate.
policy_ids Sequence[ObjectId]
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

X509ParametersResponse

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>
Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
AdditionalExtensions []X509ExtensionResponse
Optional. Describes custom X.509 extensions.
AiaOcspServers []string
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
CaOptions CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds []ObjectIdResponse
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additionalExtensions X509ExtensionResponse[]
Optional. Describes custom X.509 extensions.
aiaOcspServers string[]
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
caOptions CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds ObjectIdResponse[]
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additional_extensions Sequence[X509ExtensionResponse]
Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
ca_options CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
key_usage KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
policy_ids Sequence[ObjectIdResponse]
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

Package Details

Repository
https://github.com/pulumi/pulumi-google-native
License
Apache-2.0