Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.privateca/v1.CaPool
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Create a CaPool. Auto-naming is currently not supported for this resource.
Create CaPool Resource
new CaPool(name: string, args: CaPoolArgs, opts?: CustomResourceOptions);
@overload
def CaPool(resource_name: str,
opts: Optional[ResourceOptions] = None,
ca_pool_id: Optional[str] = None,
issuance_policy: Optional[IssuancePolicyArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
project: Optional[str] = None,
publishing_options: Optional[PublishingOptionsArgs] = None,
request_id: Optional[str] = None,
tier: Optional[CaPoolTier] = None)
@overload
def CaPool(resource_name: str,
args: CaPoolArgs,
opts: Optional[ResourceOptions] = None)
func NewCaPool(ctx *Context, name string, args CaPoolArgs, opts ...ResourceOption) (*CaPool, error)
public CaPool(string name, CaPoolArgs args, CustomResourceOptions? opts = null)
public CaPool(String name, CaPoolArgs args)
public CaPool(String name, CaPoolArgs args, CustomResourceOptions options)
type: google-native:privateca/v1:CaPool
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CaPoolArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CaPoolArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CaPoolArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CaPoolArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CaPoolArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CaPool Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CaPool resource accepts the following input properties:
- Ca
Pool stringId Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- Tier
Pulumi.
Google Native. Privateca. V1. Ca Pool Tier Immutable. The Tier of this CaPool.
- Issuance
Policy Pulumi.Google Native. Privateca. V1. Inputs. Issuance Policy Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- Labels Dictionary<string, string>
Optional. Labels with user-defined metadata.
- Location string
- Project string
- Publishing
Options Pulumi.Google Native. Privateca. V1. Inputs. Publishing Options Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- Request
Id string Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- Ca
Pool stringId Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- Tier
Ca
Pool Tier Immutable. The Tier of this CaPool.
- Issuance
Policy IssuancePolicy Args Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- Labels map[string]string
Optional. Labels with user-defined metadata.
- Location string
- Project string
- Publishing
Options PublishingOptions Args Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- Request
Id string Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- ca
Pool StringId Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- tier
Ca
Pool Tier Immutable. The Tier of this CaPool.
- issuance
Policy IssuancePolicy Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- labels Map<String,String>
Optional. Labels with user-defined metadata.
- location String
- project String
- publishing
Options PublishingOptions Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- request
Id String Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- ca
Pool stringId Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- tier
Ca
Pool Tier Immutable. The Tier of this CaPool.
- issuance
Policy IssuancePolicy Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- labels {[key: string]: string}
Optional. Labels with user-defined metadata.
- location string
- project string
- publishing
Options PublishingOptions Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- request
Id string Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- ca_
pool_ strid Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- tier
Ca
Pool Tier Immutable. The Tier of this CaPool.
- issuance_
policy IssuancePolicy Args Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- labels Mapping[str, str]
Optional. Labels with user-defined metadata.
- location str
- project str
- publishing_
options PublishingOptions Args Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- request_
id str Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- ca
Pool StringId Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- tier "TIER_UNSPECIFIED" | "ENTERPRISE" | "DEVOPS"
Immutable. The Tier of this CaPool.
- issuance
Policy Property Map Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.
- labels Map<String>
Optional. Labels with user-defined metadata.
- location String
- project String
- publishing
Options Property Map Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.
- request
Id String Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
Outputs
All input properties are implicitly available as output properties. Additionally, the CaPool resource produces the following output properties:
Supporting Types
AllowedKeyType, AllowedKeyTypeArgs
- Elliptic
Curve Pulumi.Google Native. Privateca. V1. Inputs. Ec Key Type Represents an allowed Elliptic Curve key type.
- Rsa
Pulumi.
Google Native. Privateca. V1. Inputs. Rsa Key Type Represents an allowed RSA key type.
- Elliptic
Curve EcKey Type Represents an allowed Elliptic Curve key type.
- Rsa
Rsa
Key Type Represents an allowed RSA key type.
- elliptic
Curve EcKey Type Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type Represents an allowed RSA key type.
- elliptic
Curve EcKey Type Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type Represents an allowed RSA key type.
- elliptic_
curve EcKey Type Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type Represents an allowed RSA key type.
- elliptic
Curve Property Map Represents an allowed Elliptic Curve key type.
- rsa Property Map
Represents an allowed RSA key type.
AllowedKeyTypeResponse, AllowedKeyTypeResponseArgs
- Elliptic
Curve Pulumi.Google Native. Privateca. V1. Inputs. Ec Key Type Response Represents an allowed Elliptic Curve key type.
- Rsa
Pulumi.
Google Native. Privateca. V1. Inputs. Rsa Key Type Response Represents an allowed RSA key type.
- Elliptic
Curve EcKey Type Response Represents an allowed Elliptic Curve key type.
- Rsa
Rsa
Key Type Response Represents an allowed RSA key type.
- elliptic
Curve EcKey Type Response Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type Response Represents an allowed RSA key type.
- elliptic
Curve EcKey Type Response Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type Response Represents an allowed RSA key type.
- elliptic_
curve EcKey Type Response Represents an allowed Elliptic Curve key type.
- rsa
Rsa
Key Type Response Represents an allowed RSA key type.
- elliptic
Curve Property Map Represents an allowed Elliptic Curve key type.
- rsa Property Map
Represents an allowed RSA key type.
CaOptions, CaOptionsArgs
- Is
Ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CaOptionsResponse, CaOptionsResponseArgs
- Is
Ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CaPoolTier, CaPoolTierArgs
- Tier
Unspecified - TIER_UNSPECIFIED
Not specified.
- Enterprise
- ENTERPRISE
Enterprise tier.
- Devops
- DEVOPS
DevOps tier.
- Ca
Pool Tier Tier Unspecified - TIER_UNSPECIFIED
Not specified.
- Ca
Pool Tier Enterprise - ENTERPRISE
Enterprise tier.
- Ca
Pool Tier Devops - DEVOPS
DevOps tier.
- Tier
Unspecified - TIER_UNSPECIFIED
Not specified.
- Enterprise
- ENTERPRISE
Enterprise tier.
- Devops
- DEVOPS
DevOps tier.
- Tier
Unspecified - TIER_UNSPECIFIED
Not specified.
- Enterprise
- ENTERPRISE
Enterprise tier.
- Devops
- DEVOPS
DevOps tier.
- TIER_UNSPECIFIED
- TIER_UNSPECIFIED
Not specified.
- ENTERPRISE
- ENTERPRISE
Enterprise tier.
- DEVOPS
- DEVOPS
DevOps tier.
- "TIER_UNSPECIFIED"
- TIER_UNSPECIFIED
Not specified.
- "ENTERPRISE"
- ENTERPRISE
Enterprise tier.
- "DEVOPS"
- DEVOPS
DevOps tier.
CertificateExtensionConstraints, CertificateExtensionConstraintsArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id> Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions List<Pulumi.Google Native. Privateca. V1. Certificate Extension Constraints Known Extensions Item> Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- Additional
Extensions []ObjectId Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions []CertificateExtension Constraints Known Extensions Item Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<ObjectId> Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<CertificateExtension Constraints Known Extensions Item> Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions ObjectId[] Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions CertificateExtension Constraints Known Extensions Item[] Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional_
extensions Sequence[ObjectId] Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known_
extensions Sequence[CertificateExtension Constraints Known Extensions Item] Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<Property Map> Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<"KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED" | "BASE_KEY_USAGE" | "EXTENDED_KEY_USAGE" | "CA_OPTIONS" | "POLICY_IDS" | "AIA_OCSP_SERVERS" | "NAME_CONSTRAINTS"> Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
CertificateExtensionConstraintsKnownExtensionsItem, CertificateExtensionConstraintsKnownExtensionsItemArgs
- Known
Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
Not specified.
- Base
Key Usage - BASE_KEY_USAGE
Refers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Extended
Key Usage - EXTENDED_KEY_USAGE
Refers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Ca
Options - CA_OPTIONS
Refers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Policy
Ids - POLICY_IDS
Refers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Aia
Ocsp Servers - AIA_OCSP_SERVERS
Refers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Name
Constraints - NAME_CONSTRAINTS
Refers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- Certificate
Extension Constraints Known Extensions Item Known Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
Not specified.
- Certificate
Extension Constraints Known Extensions Item Base Key Usage - BASE_KEY_USAGE
Refers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Certificate
Extension Constraints Known Extensions Item Extended Key Usage - EXTENDED_KEY_USAGE
Refers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Certificate
Extension Constraints Known Extensions Item Ca Options - CA_OPTIONS
Refers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Certificate
Extension Constraints Known Extensions Item Policy Ids - POLICY_IDS
Refers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Certificate
Extension Constraints Known Extensions Item Aia Ocsp Servers - AIA_OCSP_SERVERS
Refers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Certificate
Extension Constraints Known Extensions Item Name Constraints - NAME_CONSTRAINTS
Refers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- Known
Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
Not specified.
- Base
Key Usage - BASE_KEY_USAGE
Refers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Extended
Key Usage - EXTENDED_KEY_USAGE
Refers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Ca
Options - CA_OPTIONS
Refers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Policy
Ids - POLICY_IDS
Refers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Aia
Ocsp Servers - AIA_OCSP_SERVERS
Refers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Name
Constraints - NAME_CONSTRAINTS
Refers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- Known
Certificate Extension Unspecified - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
Not specified.
- Base
Key Usage - BASE_KEY_USAGE
Refers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- Extended
Key Usage - EXTENDED_KEY_USAGE
Refers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- Ca
Options - CA_OPTIONS
Refers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- Policy
Ids - POLICY_IDS
Refers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- Aia
Ocsp Servers - AIA_OCSP_SERVERS
Refers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- Name
Constraints - NAME_CONSTRAINTS
Refers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
Not specified.
- BASE_KEY_USAGE
- BASE_KEY_USAGE
Refers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- EXTENDED_KEY_USAGE
- EXTENDED_KEY_USAGE
Refers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- CA_OPTIONS
- CA_OPTIONS
Refers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- POLICY_IDS
- POLICY_IDS
Refers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- AIA_OCSP_SERVERS
- AIA_OCSP_SERVERS
Refers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- NAME_CONSTRAINTS
- NAME_CONSTRAINTS
Refers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
- "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED"
- KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
Not specified.
- "BASE_KEY_USAGE"
- BASE_KEY_USAGE
Refers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
- "EXTENDED_KEY_USAGE"
- EXTENDED_KEY_USAGE
Refers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
- "CA_OPTIONS"
- CA_OPTIONS
Refers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
- "POLICY_IDS"
- POLICY_IDS
Refers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
- "AIA_OCSP_SERVERS"
- AIA_OCSP_SERVERS
Refers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
- "NAME_CONSTRAINTS"
- NAME_CONSTRAINTS
Refers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
CertificateExtensionConstraintsResponse, CertificateExtensionConstraintsResponseArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions List<string> Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- Additional
Extensions []ObjectId Response Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- Known
Extensions []string Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<ObjectId Response> Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<String> Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions ObjectId Response[] Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions string[] Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional_
extensions Sequence[ObjectId Response] Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known_
extensions Sequence[str] Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
- additional
Extensions List<Property Map> Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
- known
Extensions List<String> Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
CertificateIdentityConstraints, CertificateIdentityConstraintsArgs
- Allow
Subject boolAlt Names Passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression Pulumi.Google Native. Privateca. V1. Inputs. Expr Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- Allow
Subject boolAlt Names Passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression Expr Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Expr Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject booleanAlt Names Passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject booleanPassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Expr Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow_
subject_ boolalt_ names_ passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow_
subject_ boolpassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel_
expression Expr Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Property Map Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
CertificateIdentityConstraintsResponse, CertificateIdentityConstraintsResponseArgs
- Allow
Subject boolAlt Names Passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression Pulumi.Google Native. Privateca. V1. Inputs. Expr Response Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- Allow
Subject boolAlt Names Passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- Allow
Subject boolPassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- Cel
Expression ExprResponse Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression ExprResponse Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject booleanAlt Names Passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject booleanPassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression ExprResponse Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow_
subject_ boolalt_ names_ passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow_
subject_ boolpassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel_
expression ExprResponse Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
- allow
Subject BooleanAlt Names Passthrough If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
- allow
Subject BooleanPassthrough If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
- cel
Expression Property Map Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
EcKeyType, EcKeyTypeArgs
- Signature
Algorithm Pulumi.Google Native. Privateca. V1. Ec Key Type Signature Algorithm Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- Signature
Algorithm EcKey Type Signature Algorithm Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm EcKey Type Signature Algorithm Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm EcKey Type Signature Algorithm Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature_
algorithm EcKey Type Signature Algorithm Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm "EC_SIGNATURE_ALGORITHM_UNSPECIFIED" | "ECDSA_P256" | "ECDSA_P384" | "EDDSA_25519" Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
EcKeyTypeResponse, EcKeyTypeResponseArgs
- Signature
Algorithm string Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- Signature
Algorithm string Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm String Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm string Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature_
algorithm str Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
- signature
Algorithm String Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed.
EcKeyTypeSignatureAlgorithm, EcKeyTypeSignatureAlgorithmArgs
- Ec
Signature Algorithm Unspecified - EC_SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified. Signifies that any signature algorithm may be used.
- Ecdsa
P256 - ECDSA_P256
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- Ecdsa
P384 - ECDSA_P384
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- Eddsa25519
- EDDSA_25519
Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
- Ec
Key Type Signature Algorithm Ec Signature Algorithm Unspecified - EC_SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified. Signifies that any signature algorithm may be used.
- Ec
Key Type Signature Algorithm Ecdsa P256 - ECDSA_P256
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- Ec
Key Type Signature Algorithm Ecdsa P384 - ECDSA_P384
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- Ec
Key Type Signature Algorithm Eddsa25519 - EDDSA_25519
Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
- Ec
Signature Algorithm Unspecified - EC_SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified. Signifies that any signature algorithm may be used.
- Ecdsa
P256 - ECDSA_P256
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- Ecdsa
P384 - ECDSA_P384
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- Eddsa25519
- EDDSA_25519
Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
- Ec
Signature Algorithm Unspecified - EC_SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified. Signifies that any signature algorithm may be used.
- Ecdsa
P256 - ECDSA_P256
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- Ecdsa
P384 - ECDSA_P384
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- Eddsa25519
- EDDSA_25519
Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
- EC_SIGNATURE_ALGORITHM_UNSPECIFIED
- EC_SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified. Signifies that any signature algorithm may be used.
- ECDSA_P256
- ECDSA_P256
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- ECDSA_P384
- ECDSA_P384
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- EDDSA25519
- EDDSA_25519
Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
- "EC_SIGNATURE_ALGORITHM_UNSPECIFIED"
- EC_SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified. Signifies that any signature algorithm may be used.
- "ECDSA_P256"
- ECDSA_P256
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve.
- "ECDSA_P384"
- ECDSA_P384
Refers to the Elliptic Curve Digital Signature Algorithm over the NIST P-384 curve.
- "EDDSA_25519"
- EDDSA_25519
Refers to the Edwards-curve Digital Signature Algorithm over curve 25519, as described in RFC 8410.
Expr, ExprArgs
- Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
Textual representation of an expression in Common Expression Language syntax.
- Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
Textual representation of an expression in Common Expression Language syntax.
- Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
Textual representation of an expression in Common Expression Language syntax.
- location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
Textual representation of an expression in Common Expression Language syntax.
- location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
Textual representation of an expression in Common Expression Language syntax.
- location str
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
Textual representation of an expression in Common Expression Language syntax.
- location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ExprResponse, ExprResponseArgs
- Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
Textual representation of an expression in Common Expression Language syntax.
- Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
Textual representation of an expression in Common Expression Language syntax.
- Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
Textual representation of an expression in Common Expression Language syntax.
- location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
Textual representation of an expression in Common Expression Language syntax.
- location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
Textual representation of an expression in Common Expression Language syntax.
- location str
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
Textual representation of an expression in Common Expression Language syntax.
- location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ExtendedKeyUsageOptions, ExtendedKeyUsageOptionsArgs
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
ExtendedKeyUsageOptionsResponse, ExtendedKeyUsageOptionsResponseArgs
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
IssuanceModes, IssuanceModesArgs
- Allow
Config boolBased Issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- Allow
Csr boolBased Issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
- Allow
Config boolBased Issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- Allow
Csr boolBased Issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config BooleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr BooleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config booleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr booleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow_
config_ boolbased_ issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow_
csr_ boolbased_ issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config BooleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr BooleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
IssuanceModesResponse, IssuanceModesResponseArgs
- Allow
Config boolBased Issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- Allow
Csr boolBased Issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
- Allow
Config boolBased Issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- Allow
Csr boolBased Issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config BooleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr BooleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config booleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr booleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow_
config_ boolbased_ issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow_
csr_ boolbased_ issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
- allow
Config BooleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.
- allow
Csr BooleanBased Issuance Optional. When true, allows callers to create Certificates by specifying a CSR.
IssuancePolicy, IssuancePolicyArgs
- Allowed
Issuance Pulumi.Modes Google Native. Privateca. V1. Inputs. Issuance Modes Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- Allowed
Key List<Pulumi.Types Google Native. Privateca. V1. Inputs. Allowed Key Type> Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- Baseline
Values Pulumi.Google Native. Privateca. V1. Inputs. X509Parameters Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- Identity
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Certificate Identity Constraints Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- Maximum
Lifetime string Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Passthrough
Extensions Pulumi.Google Native. Privateca. V1. Inputs. Certificate Extension Constraints Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- Allowed
Issuance IssuanceModes Modes Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- Allowed
Key []AllowedTypes Key Type Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- Baseline
Values X509Parameters Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- Identity
Constraints CertificateIdentity Constraints Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- Maximum
Lifetime string Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Passthrough
Extensions CertificateExtension Constraints Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance IssuanceModes Modes Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key List<AllowedTypes Key Type> Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values X509Parameters Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints CertificateIdentity Constraints Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime String Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions CertificateExtension Constraints Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance IssuanceModes Modes Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key AllowedTypes Key Type[] Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values X509Parameters Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints CertificateIdentity Constraints Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime string Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions CertificateExtension Constraints Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed_
issuance_ Issuancemodes Modes Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed_
key_ Sequence[Allowedtypes Key Type] Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline_
values X509Parameters Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity_
constraints CertificateIdentity Constraints Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum_
lifetime str Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough_
extensions CertificateExtension Constraints Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance Property MapModes Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key List<Property Map>Types Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values Property Map Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints Property Map Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime String Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions Property Map Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
IssuancePolicyResponse, IssuancePolicyResponseArgs
- Allowed
Issuance Pulumi.Modes Google Native. Privateca. V1. Inputs. Issuance Modes Response Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- Allowed
Key List<Pulumi.Types Google Native. Privateca. V1. Inputs. Allowed Key Type Response> Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- Baseline
Values Pulumi.Google Native. Privateca. V1. Inputs. X509Parameters Response Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- Identity
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Certificate Identity Constraints Response Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- Maximum
Lifetime string Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Passthrough
Extensions Pulumi.Google Native. Privateca. V1. Inputs. Certificate Extension Constraints Response Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- Allowed
Issuance IssuanceModes Modes Response Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- Allowed
Key []AllowedTypes Key Type Response Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- Baseline
Values X509ParametersResponse Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- Identity
Constraints CertificateIdentity Constraints Response Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- Maximum
Lifetime string Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- Passthrough
Extensions CertificateExtension Constraints Response Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance IssuanceModes Modes Response Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key List<AllowedTypes Key Type Response> Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values X509ParametersResponse Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints CertificateIdentity Constraints Response Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime String Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions CertificateExtension Constraints Response Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance IssuanceModes Modes Response Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key AllowedTypes Key Type Response[] Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values X509ParametersResponse Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints CertificateIdentity Constraints Response Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime string Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions CertificateExtension Constraints Response Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed_
issuance_ Issuancemodes Modes Response Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed_
key_ Sequence[Allowedtypes Key Type Response] Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline_
values X509ParametersResponse Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity_
constraints CertificateIdentity Constraints Response Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum_
lifetime str Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough_
extensions CertificateExtension Constraints Response Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
- allowed
Issuance Property MapModes Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
- allowed
Key List<Property Map>Types Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
- baseline
Values Property Map Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
- identity
Constraints Property Map Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
- maximum
Lifetime String Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
- passthrough
Extensions Property Map Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
KeyUsage, KeyUsageArgs
- Base
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options Describes high-level ways in which a key may be used.
- Extended
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options Detailed scenarios in which a key may be used.
- Unknown
Extended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id> Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key KeyUsage Usage Options Describes high-level ways in which a key may be used.
- Extended
Key ExtendedUsage Key Usage Options Detailed scenarios in which a key may be used.
- Unknown
Extended []ObjectKey Usages Id Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Detailed scenarios in which a key may be used.
- unknown
Extended List<ObjectKey Usages Id> Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Detailed scenarios in which a key may be used.
- unknown
Extended ObjectKey Usages Id[] Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ Keyusage Usage Options Describes high-level ways in which a key may be used.
- extended_
key_ Extendedusage Key Usage Options Detailed scenarios in which a key may be used.
- unknown_
extended_ Sequence[Objectkey_ usages Id] Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Property MapUsage Describes high-level ways in which a key may be used.
- extended
Key Property MapUsage Detailed scenarios in which a key may be used.
- unknown
Extended List<Property Map>Key Usages Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
KeyUsageOptions, KeyUsageOptionsArgs
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
- cert
Sign boolean The key may be used to sign certificates.
- content
Commitment boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean The key may be used sign certificate revocation lists.
- data
Encipherment boolean The key may be used to encipher data.
- decipher
Only boolean The key may be used to decipher only.
- digital
Signature boolean The key may be used for digital signatures.
- encipher
Only boolean The key may be used to encipher only.
- key
Agreement boolean The key may be used in a key agreement protocol.
- key
Encipherment boolean The key may be used to encipher other keys.
- cert_
sign bool The key may be used to sign certificates.
- content_
commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool The key may be used sign certificate revocation lists.
- data_
encipherment bool The key may be used to encipher data.
- decipher_
only bool The key may be used to decipher only.
- digital_
signature bool The key may be used for digital signatures.
- encipher_
only bool The key may be used to encipher only.
- key_
agreement bool The key may be used in a key agreement protocol.
- key_
encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
KeyUsageOptionsResponse, KeyUsageOptionsResponseArgs
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
- cert
Sign boolean The key may be used to sign certificates.
- content
Commitment boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean The key may be used sign certificate revocation lists.
- data
Encipherment boolean The key may be used to encipher data.
- decipher
Only boolean The key may be used to decipher only.
- digital
Signature boolean The key may be used for digital signatures.
- encipher
Only boolean The key may be used to encipher only.
- key
Agreement boolean The key may be used in a key agreement protocol.
- key
Encipherment boolean The key may be used to encipher other keys.
- cert_
sign bool The key may be used to sign certificates.
- content_
commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool The key may be used sign certificate revocation lists.
- data_
encipherment bool The key may be used to encipher data.
- decipher_
only bool The key may be used to decipher only.
- digital_
signature bool The key may be used for digital signatures.
- encipher_
only bool The key may be used to encipher only.
- key_
agreement bool The key may be used in a key agreement protocol.
- key_
encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
KeyUsageResponse, KeyUsageResponseArgs
- Base
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options Response Describes high-level ways in which a key may be used.
- Extended
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options Response Detailed scenarios in which a key may be used.
- Unknown
Extended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id Response> Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key KeyUsage Usage Options Response Describes high-level ways in which a key may be used.
- Extended
Key ExtendedUsage Key Usage Options Response Detailed scenarios in which a key may be used.
- Unknown
Extended []ObjectKey Usages Id Response Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Response Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Response Detailed scenarios in which a key may be used.
- unknown
Extended List<ObjectKey Usages Id Response> Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Response Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Response Detailed scenarios in which a key may be used.
- unknown
Extended ObjectKey Usages Id Response[] Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ Keyusage Usage Options Response Describes high-level ways in which a key may be used.
- extended_
key_ Extendedusage Key Usage Options Response Detailed scenarios in which a key may be used.
- unknown_
extended_ Sequence[Objectkey_ usages Id Response] Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Property MapUsage Describes high-level ways in which a key may be used.
- extended
Key Property MapUsage Detailed scenarios in which a key may be used.
- unknown
Extended List<Property Map>Key Usages Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
NameConstraints, NameConstraintsArgs
- Critical bool
Indicates whether or not the name constraints are marked critical.
- Excluded
Dns List<string>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Excluded
Email List<string>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Excluded
Ip List<string>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris List<string> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- Permitted
Dns List<string>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Permitted
Email List<string>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Permitted
Ip List<string>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris List<string> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- Critical bool
Indicates whether or not the name constraints are marked critical.
- Excluded
Dns []stringNames Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Excluded
Email []stringAddresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Excluded
Ip []stringRanges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris []string Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- Permitted
Dns []stringNames Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Permitted
Email []stringAddresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Permitted
Ip []stringRanges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris []string Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email List<String>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip List<String>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns List<String>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email List<String>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip List<String>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns string[]Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email string[]Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip string[]Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris string[] Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns string[]Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email string[]Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip string[]Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris string[] Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical bool
Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ Sequence[str]names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded_
email_ Sequence[str]addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded_
ip_ Sequence[str]ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris Sequence[str] Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted_
dns_ Sequence[str]names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted_
email_ Sequence[str]addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted_
ip_ Sequence[str]ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris Sequence[str] Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email List<String>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip List<String>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns List<String>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email List<String>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip List<String>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
NameConstraintsResponse, NameConstraintsResponseArgs
- Critical bool
Indicates whether or not the name constraints are marked critical.
- Excluded
Dns List<string>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Excluded
Email List<string>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Excluded
Ip List<string>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris List<string> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- Permitted
Dns List<string>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Permitted
Email List<string>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Permitted
Ip List<string>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris List<string> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- Critical bool
Indicates whether or not the name constraints are marked critical.
- Excluded
Dns []stringNames Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Excluded
Email []stringAddresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Excluded
Ip []stringRanges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris []string Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- Permitted
Dns []stringNames Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Permitted
Email []stringAddresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Permitted
Ip []stringRanges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris []string Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email List<String>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip List<String>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns List<String>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email List<String>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip List<String>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns string[]Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email string[]Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip string[]Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris string[] Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns string[]Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email string[]Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip string[]Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris string[] Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical bool
Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ Sequence[str]names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded_
email_ Sequence[str]addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded_
ip_ Sequence[str]ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris Sequence[str] Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted_
dns_ Sequence[str]names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted_
email_ Sequence[str]addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted_
ip_ Sequence[str]ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris Sequence[str] Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email List<String>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip List<String>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns List<String>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email List<String>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip List<String>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
ObjectId, ObjectIdArgs
- Object
Id List<int>Path The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPath The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Path The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Path The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]path The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Path The parts of an OID path. The most significant parts of the path come first.
ObjectIdResponse, ObjectIdResponseArgs
- Object
Id List<int>Path The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPath The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Path The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Path The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]path The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Path The parts of an OID path. The most significant parts of the path come first.
PublishingOptions, PublishingOptionsArgs
- Encoding
Format Pulumi.Google Native. Privateca. V1. Publishing Options Encoding Format Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- Publish
Ca boolCert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- Publish
Crl bool Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- Encoding
Format PublishingOptions Encoding Format Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- Publish
Ca boolCert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- Publish
Crl bool Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format PublishingOptions Encoding Format Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca BooleanCert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl Boolean Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format PublishingOptions Encoding Format Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca booleanCert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl boolean Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding_
format PublishingOptions Encoding Format Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish_
ca_ boolcert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish_
crl bool Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format "ENCODING_FORMAT_UNSPECIFIED" | "PEM" | "DER" Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca BooleanCert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl Boolean Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
PublishingOptionsEncodingFormat, PublishingOptionsEncodingFormatArgs
- Encoding
Format Unspecified - ENCODING_FORMAT_UNSPECIFIED
Not specified. By default, PEM format will be used.
- Pem
- PEM
The CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- Der
- DER
The CertificateAuthority's CA certificate and CRLs will be published in DER format.
- Publishing
Options Encoding Format Encoding Format Unspecified - ENCODING_FORMAT_UNSPECIFIED
Not specified. By default, PEM format will be used.
- Publishing
Options Encoding Format Pem - PEM
The CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- Publishing
Options Encoding Format Der - DER
The CertificateAuthority's CA certificate and CRLs will be published in DER format.
- Encoding
Format Unspecified - ENCODING_FORMAT_UNSPECIFIED
Not specified. By default, PEM format will be used.
- Pem
- PEM
The CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- Der
- DER
The CertificateAuthority's CA certificate and CRLs will be published in DER format.
- Encoding
Format Unspecified - ENCODING_FORMAT_UNSPECIFIED
Not specified. By default, PEM format will be used.
- Pem
- PEM
The CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- Der
- DER
The CertificateAuthority's CA certificate and CRLs will be published in DER format.
- ENCODING_FORMAT_UNSPECIFIED
- ENCODING_FORMAT_UNSPECIFIED
Not specified. By default, PEM format will be used.
- PEM
- PEM
The CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- DER
- DER
The CertificateAuthority's CA certificate and CRLs will be published in DER format.
- "ENCODING_FORMAT_UNSPECIFIED"
- ENCODING_FORMAT_UNSPECIFIED
Not specified. By default, PEM format will be used.
- "PEM"
- PEM
The CertificateAuthority's CA certificate and CRLs will be published in PEM format.
- "DER"
- DER
The CertificateAuthority's CA certificate and CRLs will be published in DER format.
PublishingOptionsResponse, PublishingOptionsResponseArgs
- Encoding
Format string Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- Publish
Ca boolCert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- Publish
Crl bool Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- Encoding
Format string Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- Publish
Ca boolCert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- Publish
Crl bool Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format String Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca BooleanCert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl Boolean Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format string Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca booleanCert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl boolean Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding_
format str Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish_
ca_ boolcert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish_
crl bool Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- encoding
Format String Optional. Specifies the encoding format of each CertificateAuthority's CA certificate and CRLs. If this is omitted, CA certificates and CRLs will be published in PEM.
- publish
Ca BooleanCert Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.
- publish
Crl Boolean Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
RsaKeyType, RsaKeyTypeArgs
- Max
Modulus stringSize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- Min
Modulus stringSize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- Max
Modulus stringSize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- Min
Modulus stringSize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus StringSize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus StringSize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus stringSize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus stringSize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max_
modulus_ strsize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min_
modulus_ strsize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus StringSize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus StringSize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
RsaKeyTypeResponse, RsaKeyTypeResponseArgs
- Max
Modulus stringSize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- Min
Modulus stringSize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- Max
Modulus stringSize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- Min
Modulus stringSize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus StringSize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus StringSize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus stringSize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus stringSize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max_
modulus_ strsize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min_
modulus_ strsize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
- max
Modulus StringSize Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.
- min
Modulus StringSize Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.
X509Extension, X509ExtensionArgs
- Object
Id Pulumi.Google Native. Privateca. V1. Inputs. Object Id The OID for this X.509 extension.
- Value string
The value of this X.509 extension.
- Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map The OID for this X.509 extension.
- value String
The value of this X.509 extension.
- critical Boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
X509ExtensionResponse, X509ExtensionResponseArgs
- Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response The OID for this X.509 extension.
- Value string
The value of this X.509 extension.
- Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id ObjectId Response The OID for this X.509 extension.
- Value string
The value of this X.509 extension.
- critical Boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id ObjectId Response The OID for this X.509 extension.
- value String
The value of this X.509 extension.
- critical boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id ObjectId Response The OID for this X.509 extension.
- value string
The value of this X.509 extension.
- critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
id ObjectId Response The OID for this X.509 extension.
- value str
The value of this X.509 extension.
- critical Boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map The OID for this X.509 extension.
- value String
The value of this X.509 extension.
X509Parameters, X509ParametersArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension> Optional. Describes custom X.509 extensions.
- Aia
Ocsp List<string>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options Pulumi.Google Native. Privateca. V1. Inputs. Ca Options Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints Optional. Describes the X.509 name constraints extension.
- Policy
Ids List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []X509Extension Optional. Describes custom X.509 extensions.
- Aia
Ocsp []stringServers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CaOptions Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage KeyUsage Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints NameConstraints Optional. Describes the X.509 name constraints extension.
- Policy
Ids []ObjectId Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<X509Extension> Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Optional. Describes the X.509 name constraints extension.
- policy
Ids List<ObjectId> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions X509Extension[] Optional. Describes custom X.509 extensions.
- aia
Ocsp string[]Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Optional. Describes the X.509 name constraints extension.
- policy
Ids ObjectId[] Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[X509Extension] Optional. Describes custom X.509 extensions.
- aia_
ocsp_ Sequence[str]servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CaOptions Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage KeyUsage Optional. Indicates the intended use for keys that correspond to a certificate.
- name_
constraints NameConstraints Optional. Describes the X.509 name constraints extension.
- policy_
ids Sequence[ObjectId] Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage Property Map Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints Property Map Optional. Describes the X.509 name constraints extension.
- policy
Ids List<Property Map> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
X509ParametersResponse, X509ParametersResponseArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> Optional. Describes custom X.509 extensions.
- Aia
Ocsp List<string>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options Pulumi.Google Native. Privateca. V1. Inputs. Ca Options Response Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage Response Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints Response Optional. Describes the X.509 name constraints extension.
- Policy
Ids List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []X509ExtensionResponse Optional. Describes custom X.509 extensions.
- Aia
Ocsp []stringServers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CaOptions Response Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage KeyUsage Response Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints NameConstraints Response Optional. Describes the X.509 name constraints extension.
- Policy
Ids []ObjectId Response Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<X509ExtensionResponse> Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Response Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Response Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Response Optional. Describes the X.509 name constraints extension.
- policy
Ids List<ObjectId Response> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions X509ExtensionResponse[] Optional. Describes custom X.509 extensions.
- aia
Ocsp string[]Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Response Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Response Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Response Optional. Describes the X.509 name constraints extension.
- policy
Ids ObjectId Response[] Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[X509ExtensionResponse] Optional. Describes custom X.509 extensions.
- aia_
ocsp_ Sequence[str]servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CaOptions Response Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage KeyUsage Response Optional. Indicates the intended use for keys that correspond to a certificate.
- name_
constraints NameConstraints Response Optional. Describes the X.509 name constraints extension.
- policy_
ids Sequence[ObjectId Response] Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage Property Map Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints Property Map Optional. Describes the X.509 name constraints extension.
- policy
Ids List<Property Map> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.