Welcome to Pulumi Registry, your window into the cloud. Read the announcement.

Google Native

v0.9.0 published on Wednesday, Nov 24, 2021 by Pulumi

Certificate

Create a new Certificate in a given Project, Location from a particular CaPool. Auto-naming is currently not supported for this resource. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Create a Certificate Resource

new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                ca_pool_id: Optional[str] = None,
                certificate_id: Optional[str] = None,
                certificate_template: Optional[str] = None,
                config: Optional[CertificateConfigArgs] = None,
                issuing_certificate_authority_id: Optional[str] = None,
                labels: Optional[Mapping[str, str]] = None,
                lifetime: Optional[str] = None,
                location: Optional[str] = None,
                pem_csr: Optional[str] = None,
                project: Optional[str] = None,
                request_id: Optional[str] = None,
                subject_mode: Optional[CertificateSubjectMode] = None,
                validate_only: Optional[str] = None)
@overload
def Certificate(resource_name: str,
                args: CertificateArgs,
                opts: Optional[ResourceOptions] = None)
func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Certificate resource accepts the following input properties:

CaPoolId string
Lifetime string
Immutable. The desired lifetime of a certificate. Used to create the “not_before_time” and “not_after_time” fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
CertificateId string
CertificateTemplate string
Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format projects//locations//certificateTemplates/*. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
Config Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateConfigArgs
Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
IssuingCertificateAuthorityId string
Labels Dictionary<string, string>
Optional. Labels with user-defined metadata.
Location string
PemCsr string
Immutable. A pem-encoded X.509 certificate signing request (CSR).
Project string
RequestId string
SubjectMode Pulumi.GoogleNative.Privateca.V1.CertificateSubjectMode
Immutable. Specifies how the Certificate’s identity fields are to be decided. If this is omitted, the DEFAULT subject mode will be used.
ValidateOnly string
CaPoolId string
Lifetime string
Immutable. The desired lifetime of a certificate. Used to create the “not_before_time” and “not_after_time” fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
CertificateId string
CertificateTemplate string
Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format projects//locations//certificateTemplates/*. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
Config CertificateConfigArgs
Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
IssuingCertificateAuthorityId string
Labels map[string]string
Optional. Labels with user-defined metadata.
Location string
PemCsr string
Immutable. A pem-encoded X.509 certificate signing request (CSR).
Project string
RequestId string
SubjectMode CertificateSubjectMode
Immutable. Specifies how the Certificate’s identity fields are to be decided. If this is omitted, the DEFAULT subject mode will be used.
ValidateOnly string
caPoolId string
lifetime string
Immutable. The desired lifetime of a certificate. Used to create the “not_before_time” and “not_after_time” fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
certificateId string
certificateTemplate string
Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format projects//locations//certificateTemplates/*. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
config CertificateConfigArgs
Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
issuingCertificateAuthorityId string
labels {[key: string]: string}
Optional. Labels with user-defined metadata.
location string
pemCsr string
Immutable. A pem-encoded X.509 certificate signing request (CSR).
project string
requestId string
subjectMode CertificateSubjectMode
Immutable. Specifies how the Certificate’s identity fields are to be decided. If this is omitted, the DEFAULT subject mode will be used.
validateOnly string
ca_pool_id str
lifetime str
Immutable. The desired lifetime of a certificate. Used to create the “not_before_time” and “not_after_time” fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
certificate_id str
certificate_template str
Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format projects//locations//certificateTemplates/*. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
config CertificateConfigArgs
Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
issuing_certificate_authority_id str
labels Mapping[str, str]
Optional. Labels with user-defined metadata.
location str
pem_csr str
Immutable. A pem-encoded X.509 certificate signing request (CSR).
project str
request_id str
subject_mode CertificateSubjectMode
Immutable. Specifies how the Certificate’s identity fields are to be decided. If this is omitted, the DEFAULT subject mode will be used.
validate_only str

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

CertificateDescription Pulumi.GoogleNative.Privateca.V1.Outputs.CertificateDescriptionResponse
A structured description of the issued X.509 certificate.
CreateTime string
The time at which this Certificate was created.
Id string
The provider-assigned unique ID for this managed resource.
IssuerCertificateAuthority string
The resource name of the issuing CertificateAuthority in the format projects//locations//caPools//certificateAuthorities/.
Name string
The resource name for this Certificate in the format projects//locations//caPools//certificates/.
PemCertificate string
The pem-encoded, signed X.509 certificate.
PemCertificateChain List<string>
The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
RevocationDetails Pulumi.GoogleNative.Privateca.V1.Outputs.RevocationDetailsResponse
Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
UpdateTime string
The time at which this Certificate was updated.
CertificateDescription CertificateDescriptionResponse
A structured description of the issued X.509 certificate.
CreateTime string
The time at which this Certificate was created.
Id string
The provider-assigned unique ID for this managed resource.
IssuerCertificateAuthority string
The resource name of the issuing CertificateAuthority in the format projects//locations//caPools//certificateAuthorities/.
Name string
The resource name for this Certificate in the format projects//locations//caPools//certificates/.
PemCertificate string
The pem-encoded, signed X.509 certificate.
PemCertificateChain []string
The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
RevocationDetails RevocationDetailsResponse
Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
UpdateTime string
The time at which this Certificate was updated.
certificateDescription CertificateDescriptionResponse
A structured description of the issued X.509 certificate.
createTime string
The time at which this Certificate was created.
id string
The provider-assigned unique ID for this managed resource.
issuerCertificateAuthority string
The resource name of the issuing CertificateAuthority in the format projects//locations//caPools//certificateAuthorities/.
name string
The resource name for this Certificate in the format projects//locations//caPools//certificates/.
pemCertificate string
The pem-encoded, signed X.509 certificate.
pemCertificateChain string[]
The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
revocationDetails RevocationDetailsResponse
Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
updateTime string
The time at which this Certificate was updated.
certificate_description CertificateDescriptionResponse
A structured description of the issued X.509 certificate.
create_time str
The time at which this Certificate was created.
id str
The provider-assigned unique ID for this managed resource.
issuer_certificate_authority str
The resource name of the issuing CertificateAuthority in the format projects//locations//caPools//certificateAuthorities/.
name str
The resource name for this Certificate in the format projects//locations//caPools//certificates/.
pem_certificate str
The pem-encoded, signed X.509 certificate.
pem_certificate_chain Sequence[str]
The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
revocation_details RevocationDetailsResponse
Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
update_time str
The time at which this Certificate was updated.

Supporting Types

CaOptions

IsCa bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
IsCa bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
isCa boolean
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
is_ca bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CaOptionsResponse

IsCa bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
IsCa bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
isCa boolean
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
is_ca bool
Optional. Refers to the “CA” X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CertificateConfig

SubjectConfig Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectConfig
Specifies some of the values in a certificate that are related to the subject.
X509Config Pulumi.GoogleNative.Privateca.V1.Inputs.X509Parameters
Describes how some of the technical X.509 fields in a certificate should be populated.
PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKey
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
SubjectConfig SubjectConfig
Specifies some of the values in a certificate that are related to the subject.
X509Config X509Parameters
Describes how some of the technical X.509 fields in a certificate should be populated.
PublicKey PublicKey
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subjectConfig SubjectConfig
Specifies some of the values in a certificate that are related to the subject.
x509Config X509Parameters
Describes how some of the technical X.509 fields in a certificate should be populated.
publicKey PublicKey
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subject_config SubjectConfig
Specifies some of the values in a certificate that are related to the subject.
x509_config X509Parameters
Describes how some of the technical X.509 fields in a certificate should be populated.
public_key PublicKey
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

CertificateConfigResponse

PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKeyResponse
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
SubjectConfig Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectConfigResponse
Specifies some of the values in a certificate that are related to the subject.
X509Config Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse
Describes how some of the technical X.509 fields in a certificate should be populated.
PublicKey PublicKeyResponse
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
SubjectConfig SubjectConfigResponse
Specifies some of the values in a certificate that are related to the subject.
X509Config X509ParametersResponse
Describes how some of the technical X.509 fields in a certificate should be populated.
publicKey PublicKeyResponse
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subjectConfig SubjectConfigResponse
Specifies some of the values in a certificate that are related to the subject.
x509Config X509ParametersResponse
Describes how some of the technical X.509 fields in a certificate should be populated.
public_key PublicKeyResponse
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subject_config SubjectConfigResponse
Specifies some of the values in a certificate that are related to the subject.
x509_config X509ParametersResponse
Describes how some of the technical X.509 fields in a certificate should be populated.

CertificateDescriptionResponse

AiaIssuingCertificateUrls List<string>
Describes lists of issuer CA certificate URLs that appear in the “Authority Information Access” extension in the certificate.
AuthorityKeyId Pulumi.GoogleNative.Privateca.V1.Inputs.KeyIdResponse
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
CertFingerprint Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateFingerprintResponse
The hash of the x.509 certificate.
CrlDistributionPoints List<string>
Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKeyResponse
The public key that corresponds to an issued certificate.
SubjectDescription Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectDescriptionResponse
Describes some of the values in a certificate that are related to the subject and lifetime.
SubjectKeyId Pulumi.GoogleNative.Privateca.V1.Inputs.KeyIdResponse
Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
X509Description Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse
Describes some of the technical X.509 fields in a certificate.
AiaIssuingCertificateUrls []string
Describes lists of issuer CA certificate URLs that appear in the “Authority Information Access” extension in the certificate.
AuthorityKeyId KeyIdResponse
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
CertFingerprint CertificateFingerprintResponse
The hash of the x.509 certificate.
CrlDistributionPoints []string
Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
PublicKey PublicKeyResponse
The public key that corresponds to an issued certificate.
SubjectDescription SubjectDescriptionResponse
Describes some of the values in a certificate that are related to the subject and lifetime.
SubjectKeyId KeyIdResponse
Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
X509Description X509ParametersResponse
Describes some of the technical X.509 fields in a certificate.
aiaIssuingCertificateUrls string[]
Describes lists of issuer CA certificate URLs that appear in the “Authority Information Access” extension in the certificate.
authorityKeyId KeyIdResponse
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
certFingerprint CertificateFingerprintResponse
The hash of the x.509 certificate.
crlDistributionPoints string[]
Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
publicKey PublicKeyResponse
The public key that corresponds to an issued certificate.
subjectDescription SubjectDescriptionResponse
Describes some of the values in a certificate that are related to the subject and lifetime.
subjectKeyId KeyIdResponse
Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
x509Description X509ParametersResponse
Describes some of the technical X.509 fields in a certificate.
aia_issuing_certificate_urls Sequence[str]
Describes lists of issuer CA certificate URLs that appear in the “Authority Information Access” extension in the certificate.
authority_key_id KeyIdResponse
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
cert_fingerprint CertificateFingerprintResponse
The hash of the x.509 certificate.
crl_distribution_points Sequence[str]
Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
public_key PublicKeyResponse
The public key that corresponds to an issued certificate.
subject_description SubjectDescriptionResponse
Describes some of the values in a certificate that are related to the subject and lifetime.
subject_key_id KeyIdResponse
Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
x509_description X509ParametersResponse
Describes some of the technical X.509 fields in a certificate.

CertificateFingerprintResponse

Sha256Hash string
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
Sha256Hash string
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
sha256Hash string
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
sha256_hash str
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

CertificateSubjectMode

SubjectRequestModeUnspecified
SUBJECT_REQUEST_MODE_UNSPECIFIEDNot specified.
Default
DEFAULTThe default mode used in most cases. Indicates that the certificate’s Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission.
ReflectedSpiffe
REFLECTED_SPIFFEA mode reserved for special cases. Indicates that the certificate should have one or more SPIFFE SubjectAltNames set by the service based on the caller’s identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.
CertificateSubjectModeSubjectRequestModeUnspecified
SUBJECT_REQUEST_MODE_UNSPECIFIEDNot specified.
CertificateSubjectModeDefault
DEFAULTThe default mode used in most cases. Indicates that the certificate’s Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission.
CertificateSubjectModeReflectedSpiffe
REFLECTED_SPIFFEA mode reserved for special cases. Indicates that the certificate should have one or more SPIFFE SubjectAltNames set by the service based on the caller’s identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.
SubjectRequestModeUnspecified
SUBJECT_REQUEST_MODE_UNSPECIFIEDNot specified.
Default
DEFAULTThe default mode used in most cases. Indicates that the certificate’s Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission.
ReflectedSpiffe
REFLECTED_SPIFFEA mode reserved for special cases. Indicates that the certificate should have one or more SPIFFE SubjectAltNames set by the service based on the caller’s identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.
SUBJECT_REQUEST_MODE_UNSPECIFIED
SUBJECT_REQUEST_MODE_UNSPECIFIEDNot specified.
DEFAULT
DEFAULTThe default mode used in most cases. Indicates that the certificate’s Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission.
REFLECTED_SPIFFE
REFLECTED_SPIFFEA mode reserved for special cases. Indicates that the certificate should have one or more SPIFFE SubjectAltNames set by the service based on the caller’s identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.

ExtendedKeyUsageOptions

ClientAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
CodeSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
EmailProtection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
OcspSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
ServerAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
TimeStamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
ClientAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
CodeSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
EmailProtection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
OcspSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
ServerAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
TimeStamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
clientAuth boolean
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
codeSigning boolean
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
emailProtection boolean
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
ocspSigning boolean
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
serverAuth boolean
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
timeStamping boolean
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
client_auth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
code_signing bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
email_protection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
ocsp_signing bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
server_auth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
time_stamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.

ExtendedKeyUsageOptionsResponse

ClientAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
CodeSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
EmailProtection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
OcspSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
ServerAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
TimeStamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
ClientAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
CodeSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
EmailProtection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
OcspSigning bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
ServerAuth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
TimeStamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
clientAuth boolean
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
codeSigning boolean
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
emailProtection boolean
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
ocspSigning boolean
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
serverAuth boolean
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
timeStamping boolean
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
client_auth bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
code_signing bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
email_protection bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
ocsp_signing bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
server_auth bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
time_stamping bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.

KeyIdResponse

KeyId string
Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
KeyId string
Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
keyId string
Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
key_id str
Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

KeyUsage

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptions
Describes high-level ways in which a key may be used.
ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptions
Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
BaseKeyUsage KeyUsageOptions
Describes high-level ways in which a key may be used.
ExtendedKeyUsage ExtendedKeyUsageOptions
Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []ObjectId
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
baseKeyUsage KeyUsageOptions
Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptions
Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages ObjectId[]
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
base_key_usage KeyUsageOptions
Describes high-level ways in which a key may be used.
extended_key_usage ExtendedKeyUsageOptions
Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[ObjectId]
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

KeyUsageOptions

CertSign bool
The key may be used to sign certificates.
ContentCommitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
CrlSign bool
The key may be used sign certificate revocation lists.
DataEncipherment bool
The key may be used to encipher data.
DecipherOnly bool
The key may be used to decipher only.
DigitalSignature bool
The key may be used for digital signatures.
EncipherOnly bool
The key may be used to encipher only.
KeyAgreement bool
The key may be used in a key agreement protocol.
KeyEncipherment bool
The key may be used to encipher other keys.
CertSign bool
The key may be used to sign certificates.
ContentCommitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
CrlSign bool
The key may be used sign certificate revocation lists.
DataEncipherment bool
The key may be used to encipher data.
DecipherOnly bool
The key may be used to decipher only.
DigitalSignature bool
The key may be used for digital signatures.
EncipherOnly bool
The key may be used to encipher only.
KeyAgreement bool
The key may be used in a key agreement protocol.
KeyEncipherment bool
The key may be used to encipher other keys.
certSign boolean
The key may be used to sign certificates.
contentCommitment boolean
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
crlSign boolean
The key may be used sign certificate revocation lists.
dataEncipherment boolean
The key may be used to encipher data.
decipherOnly boolean
The key may be used to decipher only.
digitalSignature boolean
The key may be used for digital signatures.
encipherOnly boolean
The key may be used to encipher only.
keyAgreement boolean
The key may be used in a key agreement protocol.
keyEncipherment boolean
The key may be used to encipher other keys.
cert_sign bool
The key may be used to sign certificates.
content_commitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
crl_sign bool
The key may be used sign certificate revocation lists.
data_encipherment bool
The key may be used to encipher data.
decipher_only bool
The key may be used to decipher only.
digital_signature bool
The key may be used for digital signatures.
encipher_only bool
The key may be used to encipher only.
key_agreement bool
The key may be used in a key agreement protocol.
key_encipherment bool
The key may be used to encipher other keys.

KeyUsageOptionsResponse

CertSign bool
The key may be used to sign certificates.
ContentCommitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
CrlSign bool
The key may be used sign certificate revocation lists.
DataEncipherment bool
The key may be used to encipher data.
DecipherOnly bool
The key may be used to decipher only.
DigitalSignature bool
The key may be used for digital signatures.
EncipherOnly bool
The key may be used to encipher only.
KeyAgreement bool
The key may be used in a key agreement protocol.
KeyEncipherment bool
The key may be used to encipher other keys.
CertSign bool
The key may be used to sign certificates.
ContentCommitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
CrlSign bool
The key may be used sign certificate revocation lists.
DataEncipherment bool
The key may be used to encipher data.
DecipherOnly bool
The key may be used to decipher only.
DigitalSignature bool
The key may be used for digital signatures.
EncipherOnly bool
The key may be used to encipher only.
KeyAgreement bool
The key may be used in a key agreement protocol.
KeyEncipherment bool
The key may be used to encipher other keys.
certSign boolean
The key may be used to sign certificates.
contentCommitment boolean
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
crlSign boolean
The key may be used sign certificate revocation lists.
dataEncipherment boolean
The key may be used to encipher data.
decipherOnly boolean
The key may be used to decipher only.
digitalSignature boolean
The key may be used for digital signatures.
encipherOnly boolean
The key may be used to encipher only.
keyAgreement boolean
The key may be used in a key agreement protocol.
keyEncipherment boolean
The key may be used to encipher other keys.
cert_sign bool
The key may be used to sign certificates.
content_commitment bool
The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
crl_sign bool
The key may be used sign certificate revocation lists.
data_encipherment bool
The key may be used to encipher data.
decipher_only bool
The key may be used to decipher only.
digital_signature bool
The key may be used for digital signatures.
encipher_only bool
The key may be used to encipher only.
key_agreement bool
The key may be used in a key agreement protocol.
key_encipherment bool
The key may be used to encipher other keys.

KeyUsageResponse

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
BaseKeyUsage KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
ExtendedKeyUsage ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []ObjectIdResponse
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
baseKeyUsage KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages ObjectIdResponse[]
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
base_key_usage KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
extended_key_usage ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[ObjectIdResponse]
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

ObjectId

ObjectIdPath List<int>
The parts of an OID path. The most significant parts of the path come first.
ObjectIdPath []int
The parts of an OID path. The most significant parts of the path come first.
objectIdPath number[]
The parts of an OID path. The most significant parts of the path come first.
object_id_path Sequence[int]
The parts of an OID path. The most significant parts of the path come first.

ObjectIdResponse

ObjectIdPath List<int>
The parts of an OID path. The most significant parts of the path come first.
ObjectIdPath []int
The parts of an OID path. The most significant parts of the path come first.
objectIdPath number[]
The parts of an OID path. The most significant parts of the path come first.
object_id_path Sequence[int]
The parts of an OID path. The most significant parts of the path come first.

PublicKey

Format Pulumi.GoogleNative.Privateca.V1.PublicKeyFormat
The format of the public key.
Key string
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
Format PublicKeyFormat
The format of the public key.
Key string
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
format PublicKeyFormat
The format of the public key.
key string
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
format PublicKeyFormat
The format of the public key.
key str
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

PublicKeyFormat

KeyFormatUnspecified
KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
Pem
PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
PublicKeyFormatKeyFormatUnspecified
KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
PublicKeyFormatPem
PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
KeyFormatUnspecified
KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
Pem
PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
KEY_FORMAT_UNSPECIFIED
KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
PEM
PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

PublicKeyResponse

Format string
The format of the public key.
Key string
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
Format string
The format of the public key.
Key string
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
format string
The format of the public key.
key string
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
format str
The format of the public key.
key str
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

RevocationDetailsResponse

RevocationState string
Indicates why a Certificate was revoked.
RevocationTime string
The time at which this Certificate was revoked.
RevocationState string
Indicates why a Certificate was revoked.
RevocationTime string
The time at which this Certificate was revoked.
revocationState string
Indicates why a Certificate was revoked.
revocationTime string
The time at which this Certificate was revoked.
revocation_state str
Indicates why a Certificate was revoked.
revocation_time str
The time at which this Certificate was revoked.

Subject

CommonName string
The “common name” of the subject.
CountryCode string
The country code of the subject.
Locality string
The locality or city of the subject.
Organization string
The organization of the subject.
OrganizationalUnit string
The organizational_unit of the subject.
PostalCode string
The postal code of the subject.
Province string
The province, territory, or regional state of the subject.
StreetAddress string
The street address of the subject.
CommonName string
The “common name” of the subject.
CountryCode string
The country code of the subject.
Locality string
The locality or city of the subject.
Organization string
The organization of the subject.
OrganizationalUnit string
The organizational_unit of the subject.
PostalCode string
The postal code of the subject.
Province string
The province, territory, or regional state of the subject.
StreetAddress string
The street address of the subject.
commonName string
The “common name” of the subject.
countryCode string
The country code of the subject.
locality string
The locality or city of the subject.
organization string
The organization of the subject.
organizationalUnit string
The organizational_unit of the subject.
postalCode string
The postal code of the subject.
province string
The province, territory, or regional state of the subject.
streetAddress string
The street address of the subject.
common_name str
The “common name” of the subject.
country_code str
The country code of the subject.
locality str
The locality or city of the subject.
organization str
The organization of the subject.
organizational_unit str
The organizational_unit of the subject.
postal_code str
The postal code of the subject.
province str
The province, territory, or regional state of the subject.
street_address str
The street address of the subject.

SubjectAltNames

CustomSans List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509Extension>
Contains additional subject alternative name values.
DnsNames List<string>
Contains only valid, fully-qualified host names.
EmailAddresses List<string>
Contains only valid RFC 2822 E-mail addresses.
IpAddresses List<string>
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris List<string>
Contains only valid RFC 3986 URIs.
CustomSans []X509Extension
Contains additional subject alternative name values.
DnsNames []string
Contains only valid, fully-qualified host names.
EmailAddresses []string
Contains only valid RFC 2822 E-mail addresses.
IpAddresses []string
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris []string
Contains only valid RFC 3986 URIs.
customSans X509Extension[]
Contains additional subject alternative name values.
dnsNames string[]
Contains only valid, fully-qualified host names.
emailAddresses string[]
Contains only valid RFC 2822 E-mail addresses.
ipAddresses string[]
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris string[]
Contains only valid RFC 3986 URIs.
custom_sans Sequence[X509Extension]
Contains additional subject alternative name values.
dns_names Sequence[str]
Contains only valid, fully-qualified host names.
email_addresses Sequence[str]
Contains only valid RFC 2822 E-mail addresses.
ip_addresses Sequence[str]
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris Sequence[str]
Contains only valid RFC 3986 URIs.

SubjectAltNamesResponse

CustomSans List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>
Contains additional subject alternative name values.
DnsNames List<string>
Contains only valid, fully-qualified host names.
EmailAddresses List<string>
Contains only valid RFC 2822 E-mail addresses.
IpAddresses List<string>
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris List<string>
Contains only valid RFC 3986 URIs.
CustomSans []X509ExtensionResponse
Contains additional subject alternative name values.
DnsNames []string
Contains only valid, fully-qualified host names.
EmailAddresses []string
Contains only valid RFC 2822 E-mail addresses.
IpAddresses []string
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris []string
Contains only valid RFC 3986 URIs.
customSans X509ExtensionResponse[]
Contains additional subject alternative name values.
dnsNames string[]
Contains only valid, fully-qualified host names.
emailAddresses string[]
Contains only valid RFC 2822 E-mail addresses.
ipAddresses string[]
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris string[]
Contains only valid RFC 3986 URIs.
custom_sans Sequence[X509ExtensionResponse]
Contains additional subject alternative name values.
dns_names Sequence[str]
Contains only valid, fully-qualified host names.
email_addresses Sequence[str]
Contains only valid RFC 2822 E-mail addresses.
ip_addresses Sequence[str]
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris Sequence[str]
Contains only valid RFC 3986 URIs.

SubjectConfig

Subject Pulumi.GoogleNative.Privateca.V1.Inputs.Subject
Contains distinguished name fields such as the common name, location and organization.
SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNames
Optional. The subject alternative name fields.
Subject Subject
Contains distinguished name fields such as the common name, location and organization.
SubjectAltName SubjectAltNames
Optional. The subject alternative name fields.
subject Subject
Contains distinguished name fields such as the common name, location and organization.
subjectAltName SubjectAltNames
Optional. The subject alternative name fields.
subject Subject
Contains distinguished name fields such as the common name, location and organization.
subject_alt_name SubjectAltNames
Optional. The subject alternative name fields.

SubjectConfigResponse

Subject Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectResponse
Contains distinguished name fields such as the common name, location and organization.
SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNamesResponse
Optional. The subject alternative name fields.
Subject SubjectResponse
Contains distinguished name fields such as the common name, location and organization.
SubjectAltName SubjectAltNamesResponse
Optional. The subject alternative name fields.
subject SubjectResponse
Contains distinguished name fields such as the common name, location and organization.
subjectAltName SubjectAltNamesResponse
Optional. The subject alternative name fields.
subject SubjectResponse
Contains distinguished name fields such as the common name, location and organization.
subject_alt_name SubjectAltNamesResponse
Optional. The subject alternative name fields.

SubjectDescriptionResponse

HexSerialNumber string
The serial number encoded in lowercase hexadecimal.
Lifetime string
For convenience, the actual lifetime of an issued certificate.
NotAfterTime string
The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to ‘not_before_time’ + ‘lifetime’ - 1 second.
NotBeforeTime string
The time at which the certificate becomes valid.
Subject Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectResponse
Contains distinguished name fields such as the common name, location and / organization.
SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNamesResponse
The subject alternative name fields.
HexSerialNumber string
The serial number encoded in lowercase hexadecimal.
Lifetime string
For convenience, the actual lifetime of an issued certificate.
NotAfterTime string
The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to ‘not_before_time’ + ‘lifetime’ - 1 second.
NotBeforeTime string
The time at which the certificate becomes valid.
Subject SubjectResponse
Contains distinguished name fields such as the common name, location and / organization.
SubjectAltName SubjectAltNamesResponse
The subject alternative name fields.
hexSerialNumber string
The serial number encoded in lowercase hexadecimal.
lifetime string
For convenience, the actual lifetime of an issued certificate.
notAfterTime string
The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to ‘not_before_time’ + ‘lifetime’ - 1 second.
notBeforeTime string
The time at which the certificate becomes valid.
subject SubjectResponse
Contains distinguished name fields such as the common name, location and / organization.
subjectAltName SubjectAltNamesResponse
The subject alternative name fields.
hex_serial_number str
The serial number encoded in lowercase hexadecimal.
lifetime str
For convenience, the actual lifetime of an issued certificate.
not_after_time str
The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to ‘not_before_time’ + ‘lifetime’ - 1 second.
not_before_time str
The time at which the certificate becomes valid.
subject SubjectResponse
Contains distinguished name fields such as the common name, location and / organization.
subject_alt_name SubjectAltNamesResponse
The subject alternative name fields.

SubjectResponse

CommonName string
The “common name” of the subject.
CountryCode string
The country code of the subject.
Locality string
The locality or city of the subject.
Organization string
The organization of the subject.
OrganizationalUnit string
The organizational_unit of the subject.
PostalCode string
The postal code of the subject.
Province string
The province, territory, or regional state of the subject.
StreetAddress string
The street address of the subject.
CommonName string
The “common name” of the subject.
CountryCode string
The country code of the subject.
Locality string
The locality or city of the subject.
Organization string
The organization of the subject.
OrganizationalUnit string
The organizational_unit of the subject.
PostalCode string
The postal code of the subject.
Province string
The province, territory, or regional state of the subject.
StreetAddress string
The street address of the subject.
commonName string
The “common name” of the subject.
countryCode string
The country code of the subject.
locality string
The locality or city of the subject.
organization string
The organization of the subject.
organizationalUnit string
The organizational_unit of the subject.
postalCode string
The postal code of the subject.
province string
The province, territory, or regional state of the subject.
streetAddress string
The street address of the subject.
common_name str
The “common name” of the subject.
country_code str
The country code of the subject.
locality str
The locality or city of the subject.
organization str
The organization of the subject.
organizational_unit str
The organizational_unit of the subject.
postal_code str
The postal code of the subject.
province str
The province, territory, or regional state of the subject.
street_address str
The street address of the subject.

X509Extension

ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId
The OID for this X.509 extension.
Value string
The value of this X.509 extension.
Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId ObjectId
The OID for this X.509 extension.
Value string
The value of this X.509 extension.
Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectId
The OID for this X.509 extension.
value string
The value of this X.509 extension.
critical boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
object_id ObjectId
The OID for this X.509 extension.
value str
The value of this X.509 extension.
critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

X509ExtensionResponse

Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse
The OID for this X.509 extension.
Value string
The value of this X.509 extension.
Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId ObjectIdResponse
The OID for this X.509 extension.
Value string
The value of this X.509 extension.
critical boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectIdResponse
The OID for this X.509 extension.
value string
The value of this X.509 extension.
critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
object_id ObjectIdResponse
The OID for this X.509 extension.
value str
The value of this X.509 extension.

X509Parameters

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509Extension>
Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptions
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsage
Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
AdditionalExtensions []X509Extension
Optional. Describes custom X.509 extensions.
AiaOcspServers []string
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
CaOptions CaOptions
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage KeyUsage
Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds []ObjectId
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additionalExtensions X509Extension[]
Optional. Describes custom X.509 extensions.
aiaOcspServers string[]
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
caOptions CaOptions
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage KeyUsage
Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds ObjectId[]
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additional_extensions Sequence[X509Extension]
Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
ca_options CaOptions
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
key_usage KeyUsage
Optional. Indicates the intended use for keys that correspond to a certificate.
policy_ids Sequence[ObjectId]
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

X509ParametersResponse

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>
Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
AdditionalExtensions []X509ExtensionResponse
Optional. Describes custom X.509 extensions.
AiaOcspServers []string
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
CaOptions CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds []ObjectIdResponse
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additionalExtensions X509ExtensionResponse[]
Optional. Describes custom X.509 extensions.
aiaOcspServers string[]
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
caOptions CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds ObjectIdResponse[]
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additional_extensions Sequence[X509ExtensionResponse]
Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
ca_options CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
key_usage KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
policy_ids Sequence[ObjectIdResponse]
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

Package Details

Repository
https://github.com/pulumi/pulumi-google-native
License
Apache-2.0