Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.privateca/v1.CertificateAuthority
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Create a new CertificateAuthority in a given Project and Location. Auto-naming is currently not supported for this resource.
Create CertificateAuthority Resource
new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: CustomResourceOptions);
@overload
def CertificateAuthority(resource_name: str,
opts: Optional[ResourceOptions] = None,
ca_pool_id: Optional[str] = None,
certificate_authority_id: Optional[str] = None,
config: Optional[CertificateConfigArgs] = None,
gcs_bucket: Optional[str] = None,
key_spec: Optional[KeyVersionSpecArgs] = None,
labels: Optional[Mapping[str, str]] = None,
lifetime: Optional[str] = None,
location: Optional[str] = None,
project: Optional[str] = None,
request_id: Optional[str] = None,
subordinate_config: Optional[SubordinateConfigArgs] = None,
type: Optional[CertificateAuthorityType] = None)
@overload
def CertificateAuthority(resource_name: str,
args: CertificateAuthorityArgs,
opts: Optional[ResourceOptions] = None)
func NewCertificateAuthority(ctx *Context, name string, args CertificateAuthorityArgs, opts ...ResourceOption) (*CertificateAuthority, error)
public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions? opts = null)
public CertificateAuthority(String name, CertificateAuthorityArgs args)
public CertificateAuthority(String name, CertificateAuthorityArgs args, CustomResourceOptions options)
type: google-native:privateca/v1:CertificateAuthority
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CertificateAuthority Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CertificateAuthority resource accepts the following input properties:
- Ca
Pool stringId - string
Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- Config
Pulumi.
Google Native. Privateca. V1. Inputs. Certificate Config Immutable. The config used to create a self-signed X.509 certificate or CSR.
- Key
Spec Pulumi.Google Native. Privateca. V1. Inputs. Key Version Spec Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- Lifetime string
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- Type
Pulumi.
Google Native. Privateca. V1. Certificate Authority Type Immutable. The Type of this CertificateAuthority.
- Gcs
Bucket string Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created.- Labels Dictionary<string, string>
Optional. Labels with user-defined metadata.
- Location string
- Project string
- Request
Id string Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- Subordinate
Config Pulumi.Google Native. Privateca. V1. Inputs. Subordinate Config Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- Ca
Pool stringId - string
Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- Config
Certificate
Config Args Immutable. The config used to create a self-signed X.509 certificate or CSR.
- Key
Spec KeyVersion Spec Args Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- Lifetime string
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- Type
Certificate
Authority Type Immutable. The Type of this CertificateAuthority.
- Gcs
Bucket string Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created.- Labels map[string]string
Optional. Labels with user-defined metadata.
- Location string
- Project string
- Request
Id string Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- Subordinate
Config SubordinateConfig Args Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- ca
Pool StringId - String
Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- config
Certificate
Config Immutable. The config used to create a self-signed X.509 certificate or CSR.
- key
Spec KeyVersion Spec Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- lifetime String
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- type
Certificate
Authority Type Immutable. The Type of this CertificateAuthority.
- gcs
Bucket String Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created.- labels Map<String,String>
Optional. Labels with user-defined metadata.
- location String
- project String
- request
Id String Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- subordinate
Config SubordinateConfig Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- ca
Pool stringId - string
Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- config
Certificate
Config Immutable. The config used to create a self-signed X.509 certificate or CSR.
- key
Spec KeyVersion Spec Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- lifetime string
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- type
Certificate
Authority Type Immutable. The Type of this CertificateAuthority.
- gcs
Bucket string Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created.- labels {[key: string]: string}
Optional. Labels with user-defined metadata.
- location string
- project string
- request
Id string Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- subordinate
Config SubordinateConfig Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- ca_
pool_ strid - str
Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- config
Certificate
Config Args Immutable. The config used to create a self-signed X.509 certificate or CSR.
- key_
spec KeyVersion Spec Args Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- lifetime str
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- type
Certificate
Authority Type Immutable. The Type of this CertificateAuthority.
- gcs_
bucket str Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created.- labels Mapping[str, str]
Optional. Labels with user-defined metadata.
- location str
- project str
- request_
id str Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- subordinate_
config SubordinateConfig Args Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- ca
Pool StringId - String
Required. It must be unique within a location and match the regular expression
[a-zA-Z0-9_-]{1,63}
- config Property Map
Immutable. The config used to create a self-signed X.509 certificate or CSR.
- key
Spec Property Map Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- lifetime String
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- type "TYPE_UNSPECIFIED" | "SELF_SIGNED" | "SUBORDINATE"
Immutable. The Type of this CertificateAuthority.
- gcs
Bucket String Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created.- labels Map<String>
Optional. Labels with user-defined metadata.
- location String
- project String
- request
Id String Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- subordinate
Config Property Map Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
Outputs
All input properties are implicitly available as output properties. Additionally, the CertificateAuthority resource produces the following output properties:
- Access
Urls Pulumi.Google Native. Privateca. V1. Outputs. Access Urls Response URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- Ca
Certificate List<Pulumi.Descriptions Google Native. Privateca. V1. Outputs. Certificate Description Response> A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- Create
Time string The time at which this CertificateAuthority was created.
- Delete
Time string The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- Expire
Time string The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- Pem
Ca List<string>Certificates This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- State string
The State for this CertificateAuthority.
- Tier string
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- Update
Time string The time at which this CertificateAuthority was last updated.
- Access
Urls AccessUrls Response URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- Ca
Certificate []CertificateDescriptions Description Response A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- Create
Time string The time at which this CertificateAuthority was created.
- Delete
Time string The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- Expire
Time string The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- Pem
Ca []stringCertificates This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- State string
The State for this CertificateAuthority.
- Tier string
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- Update
Time string The time at which this CertificateAuthority was last updated.
- access
Urls AccessUrls Response URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- ca
Certificate List<CertificateDescriptions Description Response> A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- create
Time String The time at which this CertificateAuthority was created.
- delete
Time String The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expire
Time String The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- id String
The provider-assigned unique ID for this managed resource.
- name String
The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem
Ca List<String>Certificates This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state String
The State for this CertificateAuthority.
- tier String
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- update
Time String The time at which this CertificateAuthority was last updated.
- access
Urls AccessUrls Response URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- ca
Certificate CertificateDescriptions Description Response[] A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- create
Time string The time at which this CertificateAuthority was created.
- delete
Time string The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expire
Time string The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- id string
The provider-assigned unique ID for this managed resource.
- name string
The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem
Ca string[]Certificates This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state string
The State for this CertificateAuthority.
- tier string
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- update
Time string The time at which this CertificateAuthority was last updated.
- access_
urls AccessUrls Response URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- ca_
certificate_ Sequence[Certificatedescriptions Description Response] A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- create_
time str The time at which this CertificateAuthority was created.
- delete_
time str The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expire_
time str The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- id str
The provider-assigned unique ID for this managed resource.
- name str
The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem_
ca_ Sequence[str]certificates This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state str
The State for this CertificateAuthority.
- tier str
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- update_
time str The time at which this CertificateAuthority was last updated.
- access
Urls Property Map URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- ca
Certificate List<Property Map>Descriptions A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- create
Time String The time at which this CertificateAuthority was created.
- delete
Time String The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expire
Time String The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- id String
The provider-assigned unique ID for this managed resource.
- name String
The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem
Ca List<String>Certificates This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state String
The State for this CertificateAuthority.
- tier String
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- update
Time String The time at which this CertificateAuthority was last updated.
Supporting Types
AccessUrlsResponse, AccessUrlsResponseArgs
- Ca
Certificate stringAccess Url The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- Crl
Access List<string>Urls The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- Ca
Certificate stringAccess Url The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- Crl
Access []stringUrls The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca
Certificate StringAccess Url The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl
Access List<String>Urls The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca
Certificate stringAccess Url The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl
Access string[]Urls The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca_
certificate_ straccess_ url The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl_
access_ Sequence[str]urls The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca
Certificate StringAccess Url The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl
Access List<String>Urls The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
CaOptions, CaOptionsArgs
- Is
Ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CaOptionsResponse, CaOptionsResponseArgs
- Is
Ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer intPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer IntegerPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer numberPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca bool Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ intpath_ length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca Boolean Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer NumberPath Length Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CertificateAuthorityType, CertificateAuthorityTypeArgs
- Type
Unspecified - TYPE_UNSPECIFIED
Not specified.
- Self
Signed - SELF_SIGNED
Self-signed CA.
- Subordinate
- SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
- Certificate
Authority Type Type Unspecified - TYPE_UNSPECIFIED
Not specified.
- Certificate
Authority Type Self Signed - SELF_SIGNED
Self-signed CA.
- Certificate
Authority Type Subordinate - SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
- Type
Unspecified - TYPE_UNSPECIFIED
Not specified.
- Self
Signed - SELF_SIGNED
Self-signed CA.
- Subordinate
- SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
- Type
Unspecified - TYPE_UNSPECIFIED
Not specified.
- Self
Signed - SELF_SIGNED
Self-signed CA.
- Subordinate
- SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
- TYPE_UNSPECIFIED
- TYPE_UNSPECIFIED
Not specified.
- SELF_SIGNED
- SELF_SIGNED
Self-signed CA.
- SUBORDINATE
- SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
- "TYPE_UNSPECIFIED"
- TYPE_UNSPECIFIED
Not specified.
- "SELF_SIGNED"
- SELF_SIGNED
Self-signed CA.
- "SUBORDINATE"
- SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
CertificateConfig, CertificateConfigArgs
- Subject
Config Pulumi.Google Native. Privateca. V1. Inputs. Subject Config Specifies some of the values in a certificate that are related to the subject.
- X509Config
Pulumi.
Google Native. Privateca. V1. Inputs. X509Parameters Describes how some of the technical X.509 fields in a certificate should be populated.
- Public
Key Pulumi.Google Native. Privateca. V1. Inputs. Public Key Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- Subject
Config SubjectConfig Specifies some of the values in a certificate that are related to the subject.
- X509Config X509Parameters
Describes how some of the technical X.509 fields in a certificate should be populated.
- Public
Key PublicKey Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config SubjectConfig Specifies some of the values in a certificate that are related to the subject.
- x509Config X509Parameters
Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key PublicKey Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config SubjectConfig Specifies some of the values in a certificate that are related to the subject.
- x509Config X509Parameters
Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key PublicKey Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject_
config SubjectConfig Specifies some of the values in a certificate that are related to the subject.
- x509_
config X509Parameters Describes how some of the technical X.509 fields in a certificate should be populated.
- public_
key PublicKey Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config Property Map Specifies some of the values in a certificate that are related to the subject.
- x509Config Property Map
Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key Property Map Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
CertificateConfigResponse, CertificateConfigResponseArgs
- Public
Key Pulumi.Google Native. Privateca. V1. Inputs. Public Key Response Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- Subject
Config Pulumi.Google Native. Privateca. V1. Inputs. Subject Config Response Specifies some of the values in a certificate that are related to the subject.
- X509Config
Pulumi.
Google Native. Privateca. V1. Inputs. X509Parameters Response Describes how some of the technical X.509 fields in a certificate should be populated.
- Public
Key PublicKey Response Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- Subject
Config SubjectConfig Response Specifies some of the values in a certificate that are related to the subject.
- X509Config
X509Parameters
Response Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key PublicKey Response Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config SubjectConfig Response Specifies some of the values in a certificate that are related to the subject.
- x509Config
X509Parameters
Response Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key PublicKey Response Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config SubjectConfig Response Specifies some of the values in a certificate that are related to the subject.
- x509Config
X509Parameters
Response Describes how some of the technical X.509 fields in a certificate should be populated.
- public_
key PublicKey Response Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject_
config SubjectConfig Response Specifies some of the values in a certificate that are related to the subject.
- x509_
config X509ParametersResponse Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key Property Map Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config Property Map Specifies some of the values in a certificate that are related to the subject.
- x509Config Property Map
Describes how some of the technical X.509 fields in a certificate should be populated.
CertificateDescriptionResponse, CertificateDescriptionResponseArgs
- Aia
Issuing List<string>Certificate Urls Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Pulumi.
Google Native. Privateca. V1. Inputs. Key Id Response Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- Cert
Fingerprint Pulumi.Google Native. Privateca. V1. Inputs. Certificate Fingerprint Response The hash of the x.509 certificate.
- Crl
Distribution List<string>Points Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- Public
Key Pulumi.Google Native. Privateca. V1. Inputs. Public Key Response The public key that corresponds to an issued certificate.
- Subject
Description Pulumi.Google Native. Privateca. V1. Inputs. Subject Description Response Describes some of the values in a certificate that are related to the subject and lifetime.
- Subject
Key Pulumi.Id Google Native. Privateca. V1. Inputs. Key Id Response Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- X509Description
Pulumi.
Google Native. Privateca. V1. Inputs. X509Parameters Response Describes some of the technical X.509 fields in a certificate.
- Aia
Issuing []stringCertificate Urls Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Key
Id Response Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- Cert
Fingerprint CertificateFingerprint Response The hash of the x.509 certificate.
- Crl
Distribution []stringPoints Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- Public
Key PublicKey Response The public key that corresponds to an issued certificate.
- Subject
Description SubjectDescription Response Describes some of the values in a certificate that are related to the subject and lifetime.
- Subject
Key KeyId Id Response Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- X509Description
X509Parameters
Response Describes some of the technical X.509 fields in a certificate.
- aia
Issuing List<String>Certificate Urls Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Key
Id Response Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert
Fingerprint CertificateFingerprint Response The hash of the x.509 certificate.
- crl
Distribution List<String>Points Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public
Key PublicKey Response The public key that corresponds to an issued certificate.
- subject
Description SubjectDescription Response Describes some of the values in a certificate that are related to the subject and lifetime.
- subject
Key KeyId Id Response Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description
X509Parameters
Response Describes some of the technical X.509 fields in a certificate.
- aia
Issuing string[]Certificate Urls Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Key
Id Response Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert
Fingerprint CertificateFingerprint Response The hash of the x.509 certificate.
- crl
Distribution string[]Points Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public
Key PublicKey Response The public key that corresponds to an issued certificate.
- subject
Description SubjectDescription Response Describes some of the values in a certificate that are related to the subject and lifetime.
- subject
Key KeyId Id Response Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description
X509Parameters
Response Describes some of the technical X.509 fields in a certificate.
- aia_
issuing_ Sequence[str]certificate_ urls Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Key
Id Response Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert_
fingerprint CertificateFingerprint Response The hash of the x.509 certificate.
- crl_
distribution_ Sequence[str]points Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public_
key PublicKey Response The public key that corresponds to an issued certificate.
- subject_
description SubjectDescription Response Describes some of the values in a certificate that are related to the subject and lifetime.
- subject_
key_ Keyid Id Response Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509_
description X509ParametersResponse Describes some of the technical X.509 fields in a certificate.
- aia
Issuing List<String>Certificate Urls Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Property Map
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert
Fingerprint Property Map The hash of the x.509 certificate.
- crl
Distribution List<String>Points Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public
Key Property Map The public key that corresponds to an issued certificate.
- subject
Description Property Map Describes some of the values in a certificate that are related to the subject and lifetime.
- subject
Key Property MapId Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description Property Map
Describes some of the technical X.509 fields in a certificate.
CertificateFingerprintResponse, CertificateFingerprintResponseArgs
- Sha256Hash string
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- Sha256Hash string
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash String
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash string
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256_
hash str The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash String
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
ExtendedKeyUsageOptions, ExtendedKeyUsageOptionsArgs
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
ExtendedKeyUsageOptionsResponse, ExtendedKeyUsageOptionsResponseArgs
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
KeyIdResponse, KeyIdResponseArgs
- Key
Id string Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- Key
Id string Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key
Id String Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key
Id string Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key_
id str Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key
Id String Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
KeyUsage, KeyUsageArgs
- Base
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options Describes high-level ways in which a key may be used.
- Extended
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options Detailed scenarios in which a key may be used.
- Unknown
Extended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id> Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key KeyUsage Usage Options Describes high-level ways in which a key may be used.
- Extended
Key ExtendedUsage Key Usage Options Detailed scenarios in which a key may be used.
- Unknown
Extended []ObjectKey Usages Id Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Detailed scenarios in which a key may be used.
- unknown
Extended List<ObjectKey Usages Id> Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Detailed scenarios in which a key may be used.
- unknown
Extended ObjectKey Usages Id[] Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ Keyusage Usage Options Describes high-level ways in which a key may be used.
- extended_
key_ Extendedusage Key Usage Options Detailed scenarios in which a key may be used.
- unknown_
extended_ Sequence[Objectkey_ usages Id] Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Property MapUsage Describes high-level ways in which a key may be used.
- extended
Key Property MapUsage Detailed scenarios in which a key may be used.
- unknown
Extended List<Property Map>Key Usages Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
KeyUsageOptions, KeyUsageOptionsArgs
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
- cert
Sign boolean The key may be used to sign certificates.
- content
Commitment boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean The key may be used sign certificate revocation lists.
- data
Encipherment boolean The key may be used to encipher data.
- decipher
Only boolean The key may be used to decipher only.
- digital
Signature boolean The key may be used for digital signatures.
- encipher
Only boolean The key may be used to encipher only.
- key
Agreement boolean The key may be used in a key agreement protocol.
- key
Encipherment boolean The key may be used to encipher other keys.
- cert_
sign bool The key may be used to sign certificates.
- content_
commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool The key may be used sign certificate revocation lists.
- data_
encipherment bool The key may be used to encipher data.
- decipher_
only bool The key may be used to decipher only.
- digital_
signature bool The key may be used for digital signatures.
- encipher_
only bool The key may be used to encipher only.
- key_
agreement bool The key may be used in a key agreement protocol.
- key_
encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
KeyUsageOptionsResponse, KeyUsageOptionsResponseArgs
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
- cert
Sign boolean The key may be used to sign certificates.
- content
Commitment boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean The key may be used sign certificate revocation lists.
- data
Encipherment boolean The key may be used to encipher data.
- decipher
Only boolean The key may be used to decipher only.
- digital
Signature boolean The key may be used for digital signatures.
- encipher
Only boolean The key may be used to encipher only.
- key
Agreement boolean The key may be used in a key agreement protocol.
- key
Encipherment boolean The key may be used to encipher other keys.
- cert_
sign bool The key may be used to sign certificates.
- content_
commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool The key may be used sign certificate revocation lists.
- data_
encipherment bool The key may be used to encipher data.
- decipher_
only bool The key may be used to decipher only.
- digital_
signature bool The key may be used for digital signatures.
- encipher_
only bool The key may be used to encipher only.
- key_
agreement bool The key may be used in a key agreement protocol.
- key_
encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
KeyUsageResponse, KeyUsageResponseArgs
- Base
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options Response Describes high-level ways in which a key may be used.
- Extended
Key Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options Response Detailed scenarios in which a key may be used.
- Unknown
Extended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id Response> Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key KeyUsage Usage Options Response Describes high-level ways in which a key may be used.
- Extended
Key ExtendedUsage Key Usage Options Response Detailed scenarios in which a key may be used.
- Unknown
Extended []ObjectKey Usages Id Response Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Response Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Response Detailed scenarios in which a key may be used.
- unknown
Extended List<ObjectKey Usages Id Response> Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key KeyUsage Usage Options Response Describes high-level ways in which a key may be used.
- extended
Key ExtendedUsage Key Usage Options Response Detailed scenarios in which a key may be used.
- unknown
Extended ObjectKey Usages Id Response[] Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ Keyusage Usage Options Response Describes high-level ways in which a key may be used.
- extended_
key_ Extendedusage Key Usage Options Response Detailed scenarios in which a key may be used.
- unknown_
extended_ Sequence[Objectkey_ usages Id Response] Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Property MapUsage Describes high-level ways in which a key may be used.
- extended
Key Property MapUsage Detailed scenarios in which a key may be used.
- unknown
Extended List<Property Map>Key Usages Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
KeyVersionSpec, KeyVersionSpecArgs
- Algorithm
Pulumi.
Google Native. Privateca. V1. Key Version Spec Algorithm The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- Cloud
Kms stringKey Version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- Algorithm
Key
Version Spec Algorithm The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- Cloud
Kms stringKey Version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm
Key
Version Spec Algorithm The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- cloud
Kms StringKey Version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm
Key
Version Spec Algorithm The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- cloud
Kms stringKey Version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm
Key
Version Spec Algorithm The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- cloud_
kms_ strkey_ version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm "SIGN_HASH_ALGORITHM_UNSPECIFIED" | "RSA_PSS_2048_SHA256" | "RSA_PSS_3072_SHA256" | "RSA_PSS_4096_SHA256" | "RSA_PKCS1_2048_SHA256" | "RSA_PKCS1_3072_SHA256" | "RSA_PKCS1_4096_SHA256" | "EC_P256_SHA256" | "EC_P384_SHA384"
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- cloud
Kms StringKey Version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
KeyVersionSpecAlgorithm, KeyVersionSpecAlgorithmArgs
- Sign
Hash Algorithm Unspecified - SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
- Rsa
Pss2048Sha256 - RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- Rsa
Pss3072Sha256 - RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- Rsa
Pss4096Sha256 - RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- Rsa
Pkcs12048Sha256 - RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- Rsa
Pkcs13072Sha256 - RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- Rsa
Pkcs14096Sha256 - RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- Ec
P256Sha256 - EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- Ec
P384Sha384 - EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
- Key
Version Spec Algorithm Sign Hash Algorithm Unspecified - SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
- Key
Version Spec Algorithm Rsa Pss2048Sha256 - RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- Key
Version Spec Algorithm Rsa Pss3072Sha256 - RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- Key
Version Spec Algorithm Rsa Pss4096Sha256 - RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- Key
Version Spec Algorithm Rsa Pkcs12048Sha256 - RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- Key
Version Spec Algorithm Rsa Pkcs13072Sha256 - RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- Key
Version Spec Algorithm Rsa Pkcs14096Sha256 - RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- Key
Version Spec Algorithm Ec P256Sha256 - EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- Key
Version Spec Algorithm Ec P384Sha384 - EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
- Sign
Hash Algorithm Unspecified - SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
- Rsa
Pss2048Sha256 - RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- Rsa
Pss3072Sha256 - RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- Rsa
Pss4096Sha256 - RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- Rsa
Pkcs12048Sha256 - RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- Rsa
Pkcs13072Sha256 - RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- Rsa
Pkcs14096Sha256 - RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- Ec
P256Sha256 - EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- Ec
P384Sha384 - EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
- Sign
Hash Algorithm Unspecified - SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
- Rsa
Pss2048Sha256 - RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- Rsa
Pss3072Sha256 - RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- Rsa
Pss4096Sha256 - RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- Rsa
Pkcs12048Sha256 - RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- Rsa
Pkcs13072Sha256 - RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- Rsa
Pkcs14096Sha256 - RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- Ec
P256Sha256 - EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- Ec
P384Sha384 - EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
- SIGN_HASH_ALGORITHM_UNSPECIFIED
- SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
- RSA_PSS2048_SHA256
- RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- RSA_PSS3072_SHA256
- RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- RSA_PSS4096_SHA256
- RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- RSA_PKCS12048_SHA256
- RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- RSA_PKCS13072_SHA256
- RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- RSA_PKCS14096_SHA256
- RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- EC_P256_SHA256
- EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- EC_P384_SHA384
- EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
- "SIGN_HASH_ALGORITHM_UNSPECIFIED"
- SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
- "RSA_PSS_2048_SHA256"
- RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- "RSA_PSS_3072_SHA256"
- RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- "RSA_PSS_4096_SHA256"
- RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- "RSA_PKCS1_2048_SHA256"
- RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- "RSA_PKCS1_3072_SHA256"
- RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- "RSA_PKCS1_4096_SHA256"
- RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- "EC_P256_SHA256"
- EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- "EC_P384_SHA384"
- EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
KeyVersionSpecResponse, KeyVersionSpecResponseArgs
- Algorithm string
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- Cloud
Kms stringKey Version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- Algorithm string
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- Cloud
Kms stringKey Version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm String
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- cloud
Kms StringKey Version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm string
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- cloud
Kms stringKey Version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm str
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- cloud_
kms_ strkey_ version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm String
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
.- cloud
Kms StringKey Version The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
NameConstraints, NameConstraintsArgs
- Critical bool
Indicates whether or not the name constraints are marked critical.
- Excluded
Dns List<string>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Excluded
Email List<string>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Excluded
Ip List<string>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris List<string> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- Permitted
Dns List<string>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Permitted
Email List<string>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Permitted
Ip List<string>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris List<string> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- Critical bool
Indicates whether or not the name constraints are marked critical.
- Excluded
Dns []stringNames Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Excluded
Email []stringAddresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Excluded
Ip []stringRanges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris []string Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- Permitted
Dns []stringNames Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Permitted
Email []stringAddresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Permitted
Ip []stringRanges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris []string Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email List<String>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip List<String>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns List<String>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email List<String>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip List<String>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns string[]Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email string[]Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip string[]Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris string[] Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns string[]Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email string[]Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip string[]Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris string[] Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical bool
Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ Sequence[str]names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded_
email_ Sequence[str]addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded_
ip_ Sequence[str]ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris Sequence[str] Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted_
dns_ Sequence[str]names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted_
email_ Sequence[str]addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted_
ip_ Sequence[str]ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris Sequence[str] Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email List<String>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip List<String>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns List<String>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email List<String>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip List<String>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
NameConstraintsResponse, NameConstraintsResponseArgs
- Critical bool
Indicates whether or not the name constraints are marked critical.
- Excluded
Dns List<string>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Excluded
Email List<string>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Excluded
Ip List<string>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris List<string> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- Permitted
Dns List<string>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Permitted
Email List<string>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Permitted
Ip List<string>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris List<string> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- Critical bool
Indicates whether or not the name constraints are marked critical.
- Excluded
Dns []stringNames Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Excluded
Email []stringAddresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Excluded
Ip []stringRanges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris []string Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- Permitted
Dns []stringNames Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- Permitted
Email []stringAddresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- Permitted
Ip []stringRanges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris []string Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email List<String>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip List<String>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns List<String>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email List<String>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip List<String>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns string[]Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email string[]Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip string[]Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris string[] Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns string[]Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email string[]Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip string[]Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris string[] Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical bool
Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ Sequence[str]names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded_
email_ Sequence[str]addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded_
ip_ Sequence[str]ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris Sequence[str] Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted_
dns_ Sequence[str]names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted_
email_ Sequence[str]addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted_
ip_ Sequence[str]ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris Sequence[str] Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical Boolean
Indicates whether or not the name constraints are marked critical.
- excluded
Dns List<String>Names Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- excluded
Email List<String>Addresses Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- excluded
Ip List<String>Ranges Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris List<String> Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)- permitted
Dns List<String>Names Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not.- permitted
Email List<String>Addresses Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain.- permitted
Ip List<String>Ranges Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris List<String> Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
ObjectId, ObjectIdArgs
- Object
Id List<int>Path The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPath The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Path The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Path The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]path The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Path The parts of an OID path. The most significant parts of the path come first.
ObjectIdResponse, ObjectIdResponseArgs
- Object
Id List<int>Path The parts of an OID path. The most significant parts of the path come first.
- Object
Id []intPath The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Integer>Path The parts of an OID path. The most significant parts of the path come first.
- object
Id number[]Path The parts of an OID path. The most significant parts of the path come first.
- object_
id_ Sequence[int]path The parts of an OID path. The most significant parts of the path come first.
- object
Id List<Number>Path The parts of an OID path. The most significant parts of the path come first.
PublicKey, PublicKeyArgs
- Format
Pulumi.
Google Native. Privateca. V1. Public Key Format The format of the public key.
- Key string
A public key. The padding and encoding must match with the
KeyFormat
value specified for theformat
field.
- Format
Public
Key Format The format of the public key.
- Key string
A public key. The padding and encoding must match with the
KeyFormat
value specified for theformat
field.
- format
Public
Key Format The format of the public key.
- key String
A public key. The padding and encoding must match with the
KeyFormat
value specified for theformat
field.
- format
Public
Key Format The format of the public key.
- key string
A public key. The padding and encoding must match with the
KeyFormat
value specified for theformat
field.
- format
Public
Key Format The format of the public key.
- key str
A public key. The padding and encoding must match with the
KeyFormat
value specified for theformat
field.
- format "KEY_FORMAT_UNSPECIFIED" | "PEM"
The format of the public key.
- key String
A public key. The padding and encoding must match with the
KeyFormat
value specified for theformat
field.
PublicKeyFormat, PublicKeyFormatArgs
- Key
Format Unspecified - KEY_FORMAT_UNSPECIFIED
Default unspecified value.
- Pem
- PEM
The key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
- Public
Key Format Key Format Unspecified - KEY_FORMAT_UNSPECIFIED
Default unspecified value.
- Public
Key Format Pem - PEM
The key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
- Key
Format Unspecified - KEY_FORMAT_UNSPECIFIED
Default unspecified value.
- Pem
- PEM
The key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
- Key
Format Unspecified - KEY_FORMAT_UNSPECIFIED
Default unspecified value.
- Pem
- PEM
The key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
- KEY_FORMAT_UNSPECIFIED
- KEY_FORMAT_UNSPECIFIED
Default unspecified value.
- PEM
- PEM
The key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
- "KEY_FORMAT_UNSPECIFIED"
- KEY_FORMAT_UNSPECIFIED
Default unspecified value.
- "PEM"
- PEM
The key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
PublicKeyResponse, PublicKeyResponseArgs
Subject, SubjectArgs
- Common
Name string The "common name" of the subject.
- Country
Code string The country code of the subject.
- Locality string
The locality or city of the subject.
- Organization string
The organization of the subject.
- Organizational
Unit string The organizational_unit of the subject.
- Postal
Code string The postal code of the subject.
- Province string
The province, territory, or regional state of the subject.
- Street
Address string The street address of the subject.
- Common
Name string The "common name" of the subject.
- Country
Code string The country code of the subject.
- Locality string
The locality or city of the subject.
- Organization string
The organization of the subject.
- Organizational
Unit string The organizational_unit of the subject.
- Postal
Code string The postal code of the subject.
- Province string
The province, territory, or regional state of the subject.
- Street
Address string The street address of the subject.
- common
Name String The "common name" of the subject.
- country
Code String The country code of the subject.
- locality String
The locality or city of the subject.
- organization String
The organization of the subject.
- organizational
Unit String The organizational_unit of the subject.
- postal
Code String The postal code of the subject.
- province String
The province, territory, or regional state of the subject.
- street
Address String The street address of the subject.
- common
Name string The "common name" of the subject.
- country
Code string The country code of the subject.
- locality string
The locality or city of the subject.
- organization string
The organization of the subject.
- organizational
Unit string The organizational_unit of the subject.
- postal
Code string The postal code of the subject.
- province string
The province, territory, or regional state of the subject.
- street
Address string The street address of the subject.
- common_
name str The "common name" of the subject.
- country_
code str The country code of the subject.
- locality str
The locality or city of the subject.
- organization str
The organization of the subject.
- organizational_
unit str The organizational_unit of the subject.
- postal_
code str The postal code of the subject.
- province str
The province, territory, or regional state of the subject.
- street_
address str The street address of the subject.
- common
Name String The "common name" of the subject.
- country
Code String The country code of the subject.
- locality String
The locality or city of the subject.
- organization String
The organization of the subject.
- organizational
Unit String The organizational_unit of the subject.
- postal
Code String The postal code of the subject.
- province String
The province, territory, or regional state of the subject.
- street
Address String The street address of the subject.
SubjectAltNames, SubjectAltNamesArgs
- Custom
Sans List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension> Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- Dns
Names List<string> Contains only valid, fully-qualified host names.
- Email
Addresses List<string> Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses List<string> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris List<string>
Contains only valid RFC 3986 URIs.
- Custom
Sans []X509Extension Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- Dns
Names []string Contains only valid, fully-qualified host names.
- Email
Addresses []string Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses []string Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris []string
Contains only valid RFC 3986 URIs.
- custom
Sans List<X509Extension> Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- dns
Names List<String> Contains only valid, fully-qualified host names.
- email
Addresses List<String> Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
Contains only valid RFC 3986 URIs.
- custom
Sans X509Extension[] Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- dns
Names string[] Contains only valid, fully-qualified host names.
- email
Addresses string[] Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses string[] Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris string[]
Contains only valid RFC 3986 URIs.
- custom_
sans Sequence[X509Extension] Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- dns_
names Sequence[str] Contains only valid, fully-qualified host names.
- email_
addresses Sequence[str] Contains only valid RFC 2822 E-mail addresses.
- ip_
addresses Sequence[str] Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris Sequence[str]
Contains only valid RFC 3986 URIs.
- custom
Sans List<Property Map> Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- dns
Names List<String> Contains only valid, fully-qualified host names.
- email
Addresses List<String> Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
Contains only valid RFC 3986 URIs.
SubjectAltNamesResponse, SubjectAltNamesResponseArgs
- Custom
Sans List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- Dns
Names List<string> Contains only valid, fully-qualified host names.
- Email
Addresses List<string> Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses List<string> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris List<string>
Contains only valid RFC 3986 URIs.
- Custom
Sans []X509ExtensionResponse Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- Dns
Names []string Contains only valid, fully-qualified host names.
- Email
Addresses []string Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses []string Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris []string
Contains only valid RFC 3986 URIs.
- custom
Sans List<X509ExtensionResponse> Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- dns
Names List<String> Contains only valid, fully-qualified host names.
- email
Addresses List<String> Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
Contains only valid RFC 3986 URIs.
- custom
Sans X509ExtensionResponse[] Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- dns
Names string[] Contains only valid, fully-qualified host names.
- email
Addresses string[] Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses string[] Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris string[]
Contains only valid RFC 3986 URIs.
- custom_
sans Sequence[X509ExtensionResponse] Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- dns_
names Sequence[str] Contains only valid, fully-qualified host names.
- email_
addresses Sequence[str] Contains only valid RFC 2822 E-mail addresses.
- ip_
addresses Sequence[str] Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris Sequence[str]
Contains only valid RFC 3986 URIs.
- custom
Sans List<Property Map> Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String.- dns
Names List<String> Contains only valid, fully-qualified host names.
- email
Addresses List<String> Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
Contains only valid RFC 3986 URIs.
SubjectConfig, SubjectConfigArgs
- Subject
Pulumi.
Google Native. Privateca. V1. Inputs. Subject Contains distinguished name fields such as the common name, location and organization.
- Subject
Alt Pulumi.Name Google Native. Privateca. V1. Inputs. Subject Alt Names Optional. The subject alternative name fields.
- Subject Subject
Contains distinguished name fields such as the common name, location and organization.
- Subject
Alt SubjectName Alt Names Optional. The subject alternative name fields.
- subject Subject
Contains distinguished name fields such as the common name, location and organization.
- subject
Alt SubjectName Alt Names Optional. The subject alternative name fields.
- subject Subject
Contains distinguished name fields such as the common name, location and organization.
- subject
Alt SubjectName Alt Names Optional. The subject alternative name fields.
- subject Subject
Contains distinguished name fields such as the common name, location and organization.
- subject_
alt_ Subjectname Alt Names Optional. The subject alternative name fields.
- subject Property Map
Contains distinguished name fields such as the common name, location and organization.
- subject
Alt Property MapName Optional. The subject alternative name fields.
SubjectConfigResponse, SubjectConfigResponseArgs
- Subject
Pulumi.
Google Native. Privateca. V1. Inputs. Subject Response Contains distinguished name fields such as the common name, location and organization.
- Subject
Alt Pulumi.Name Google Native. Privateca. V1. Inputs. Subject Alt Names Response Optional. The subject alternative name fields.
- Subject
Subject
Response Contains distinguished name fields such as the common name, location and organization.
- Subject
Alt SubjectName Alt Names Response Optional. The subject alternative name fields.
- subject
Subject
Response Contains distinguished name fields such as the common name, location and organization.
- subject
Alt SubjectName Alt Names Response Optional. The subject alternative name fields.
- subject
Subject
Response Contains distinguished name fields such as the common name, location and organization.
- subject
Alt SubjectName Alt Names Response Optional. The subject alternative name fields.
- subject
Subject
Response Contains distinguished name fields such as the common name, location and organization.
- subject_
alt_ Subjectname Alt Names Response Optional. The subject alternative name fields.
- subject Property Map
Contains distinguished name fields such as the common name, location and organization.
- subject
Alt Property MapName Optional. The subject alternative name fields.
SubjectDescriptionResponse, SubjectDescriptionResponseArgs
- Hex
Serial stringNumber The serial number encoded in lowercase hexadecimal.
- Lifetime string
For convenience, the actual lifetime of an issued certificate.
- Not
After stringTime The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- Not
Before stringTime The time at which the certificate becomes valid.
- Subject
Pulumi.
Google Native. Privateca. V1. Inputs. Subject Response Contains distinguished name fields such as the common name, location and / organization.
- Subject
Alt Pulumi.Name Google Native. Privateca. V1. Inputs. Subject Alt Names Response The subject alternative name fields.
- Hex
Serial stringNumber The serial number encoded in lowercase hexadecimal.
- Lifetime string
For convenience, the actual lifetime of an issued certificate.
- Not
After stringTime The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- Not
Before stringTime The time at which the certificate becomes valid.
- Subject
Subject
Response Contains distinguished name fields such as the common name, location and / organization.
- Subject
Alt SubjectName Alt Names Response The subject alternative name fields.
- hex
Serial StringNumber The serial number encoded in lowercase hexadecimal.
- lifetime String
For convenience, the actual lifetime of an issued certificate.
- not
After StringTime The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not
Before StringTime The time at which the certificate becomes valid.
- subject
Subject
Response Contains distinguished name fields such as the common name, location and / organization.
- subject
Alt SubjectName Alt Names Response The subject alternative name fields.
- hex
Serial stringNumber The serial number encoded in lowercase hexadecimal.
- lifetime string
For convenience, the actual lifetime of an issued certificate.
- not
After stringTime The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not
Before stringTime The time at which the certificate becomes valid.
- subject
Subject
Response Contains distinguished name fields such as the common name, location and / organization.
- subject
Alt SubjectName Alt Names Response The subject alternative name fields.
- hex_
serial_ strnumber The serial number encoded in lowercase hexadecimal.
- lifetime str
For convenience, the actual lifetime of an issued certificate.
- not_
after_ strtime The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not_
before_ strtime The time at which the certificate becomes valid.
- subject
Subject
Response Contains distinguished name fields such as the common name, location and / organization.
- subject_
alt_ Subjectname Alt Names Response The subject alternative name fields.
- hex
Serial StringNumber The serial number encoded in lowercase hexadecimal.
- lifetime String
For convenience, the actual lifetime of an issued certificate.
- not
After StringTime The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not
Before StringTime The time at which the certificate becomes valid.
- subject Property Map
Contains distinguished name fields such as the common name, location and / organization.
- subject
Alt Property MapName The subject alternative name fields.
SubjectResponse, SubjectResponseArgs
- Common
Name string The "common name" of the subject.
- Country
Code string The country code of the subject.
- Locality string
The locality or city of the subject.
- Organization string
The organization of the subject.
- Organizational
Unit string The organizational_unit of the subject.
- Postal
Code string The postal code of the subject.
- Province string
The province, territory, or regional state of the subject.
- Street
Address string The street address of the subject.
- Common
Name string The "common name" of the subject.
- Country
Code string The country code of the subject.
- Locality string
The locality or city of the subject.
- Organization string
The organization of the subject.
- Organizational
Unit string The organizational_unit of the subject.
- Postal
Code string The postal code of the subject.
- Province string
The province, territory, or regional state of the subject.
- Street
Address string The street address of the subject.
- common
Name String The "common name" of the subject.
- country
Code String The country code of the subject.
- locality String
The locality or city of the subject.
- organization String
The organization of the subject.
- organizational
Unit String The organizational_unit of the subject.
- postal
Code String The postal code of the subject.
- province String
The province, territory, or regional state of the subject.
- street
Address String The street address of the subject.
- common
Name string The "common name" of the subject.
- country
Code string The country code of the subject.
- locality string
The locality or city of the subject.
- organization string
The organization of the subject.
- organizational
Unit string The organizational_unit of the subject.
- postal
Code string The postal code of the subject.
- province string
The province, territory, or regional state of the subject.
- street
Address string The street address of the subject.
- common_
name str The "common name" of the subject.
- country_
code str The country code of the subject.
- locality str
The locality or city of the subject.
- organization str
The organization of the subject.
- organizational_
unit str The organizational_unit of the subject.
- postal_
code str The postal code of the subject.
- province str
The province, territory, or regional state of the subject.
- street_
address str The street address of the subject.
- common
Name String The "common name" of the subject.
- country
Code String The country code of the subject.
- locality String
The locality or city of the subject.
- organization String
The organization of the subject.
- organizational
Unit String The organizational_unit of the subject.
- postal
Code String The postal code of the subject.
- province String
The province, territory, or regional state of the subject.
- street
Address String The street address of the subject.
SubordinateConfig, SubordinateConfigArgs
- string
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- Pem
Issuer Pulumi.Chain Google Native. Privateca. V1. Inputs. Subordinate Config Chain Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- string
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- Pem
Issuer SubordinateChain Config Chain Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- String
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem
Issuer SubordinateChain Config Chain Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- string
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem
Issuer SubordinateChain Config Chain Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- str
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem_
issuer_ Subordinatechain Config Chain Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- String
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem
Issuer Property MapChain Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
SubordinateConfigChain, SubordinateConfigChainArgs
- Pem
Certificates List<string> Expected to be in leaf-to-root order according to RFC 5246.
- Pem
Certificates []string Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates List<String> Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates string[] Expected to be in leaf-to-root order according to RFC 5246.
- pem_
certificates Sequence[str] Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates List<String> Expected to be in leaf-to-root order according to RFC 5246.
SubordinateConfigChainResponse, SubordinateConfigChainResponseArgs
- Pem
Certificates List<string> Expected to be in leaf-to-root order according to RFC 5246.
- Pem
Certificates []string Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates List<String> Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates string[] Expected to be in leaf-to-root order according to RFC 5246.
- pem_
certificates Sequence[str] Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates List<String> Expected to be in leaf-to-root order according to RFC 5246.
SubordinateConfigResponse, SubordinateConfigResponseArgs
- string
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- Pem
Issuer Pulumi.Chain Google Native. Privateca. V1. Inputs. Subordinate Config Chain Response Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- string
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- Pem
Issuer SubordinateChain Config Chain Response Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- String
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem
Issuer SubordinateChain Config Chain Response Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- string
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem
Issuer SubordinateChain Config Chain Response Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- str
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem_
issuer_ Subordinatechain Config Chain Response Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- String
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
.- pem
Issuer Property MapChain Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
X509Extension, X509ExtensionArgs
- Object
Id Pulumi.Google Native. Privateca. V1. Inputs. Object Id The OID for this X.509 extension.
- Value string
The value of this X.509 extension.
- Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map The OID for this X.509 extension.
- value String
The value of this X.509 extension.
- critical Boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
X509ExtensionResponse, X509ExtensionResponseArgs
- Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response The OID for this X.509 extension.
- Value string
The value of this X.509 extension.
- Critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id ObjectId Response The OID for this X.509 extension.
- Value string
The value of this X.509 extension.
- critical Boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id ObjectId Response The OID for this X.509 extension.
- value String
The value of this X.509 extension.
- critical boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id ObjectId Response The OID for this X.509 extension.
- value string
The value of this X.509 extension.
- critical bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
id ObjectId Response The OID for this X.509 extension.
- value str
The value of this X.509 extension.
- critical Boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map The OID for this X.509 extension.
- value String
The value of this X.509 extension.
X509Parameters, X509ParametersArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension> Optional. Describes custom X.509 extensions.
- Aia
Ocsp List<string>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options Pulumi.Google Native. Privateca. V1. Inputs. Ca Options Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints Optional. Describes the X.509 name constraints extension.
- Policy
Ids List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []X509Extension Optional. Describes custom X.509 extensions.
- Aia
Ocsp []stringServers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CaOptions Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage KeyUsage Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints NameConstraints Optional. Describes the X.509 name constraints extension.
- Policy
Ids []ObjectId Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<X509Extension> Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Optional. Describes the X.509 name constraints extension.
- policy
Ids List<ObjectId> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions X509Extension[] Optional. Describes custom X.509 extensions.
- aia
Ocsp string[]Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Optional. Describes the X.509 name constraints extension.
- policy
Ids ObjectId[] Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[X509Extension] Optional. Describes custom X.509 extensions.
- aia_
ocsp_ Sequence[str]servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CaOptions Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage KeyUsage Optional. Indicates the intended use for keys that correspond to a certificate.
- name_
constraints NameConstraints Optional. Describes the X.509 name constraints extension.
- policy_
ids Sequence[ObjectId] Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage Property Map Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints Property Map Optional. Describes the X.509 name constraints extension.
- policy
Ids List<Property Map> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
X509ParametersResponse, X509ParametersResponseArgs
- Additional
Extensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> Optional. Describes custom X.509 extensions.
- Aia
Ocsp List<string>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options Pulumi.Google Native. Privateca. V1. Inputs. Ca Options Response Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage Response Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints Response Optional. Describes the X.509 name constraints extension.
- Policy
Ids List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions []X509ExtensionResponse Optional. Describes custom X.509 extensions.
- Aia
Ocsp []stringServers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CaOptions Response Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage KeyUsage Response Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints NameConstraints Response Optional. Describes the X.509 name constraints extension.
- Policy
Ids []ObjectId Response Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<X509ExtensionResponse> Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Response Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Response Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Response Optional. Describes the X.509 name constraints extension.
- policy
Ids List<ObjectId Response> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions X509ExtensionResponse[] Optional. Describes custom X.509 extensions.
- aia
Ocsp string[]Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CaOptions Response Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage KeyUsage Response Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints NameConstraints Response Optional. Describes the X.509 name constraints extension.
- policy
Ids ObjectId Response[] Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions Sequence[X509ExtensionResponse] Optional. Describes custom X.509 extensions.
- aia_
ocsp_ Sequence[str]servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CaOptions Response Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage KeyUsage Response Optional. Indicates the intended use for keys that correspond to a certificate.
- name_
constraints NameConstraints Response Optional. Describes the X.509 name constraints extension.
- policy_
ids Sequence[ObjectId Response] Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions List<Property Map> Optional. Describes custom X.509 extensions.
- aia
Ocsp List<String>Servers Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage Property Map Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints Property Map Optional. Describes the X.509 name constraints extension.
- policy
Ids List<Property Map> Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.