1. Packages
  2. Google Cloud Native
  3. API Docs
  4. privateca
  5. privateca/v1
  6. CertificateTemplate

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.privateca/v1.CertificateTemplate

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Create a new CertificateTemplate in a given Project and Location. Auto-naming is currently not supported for this resource.

    Create CertificateTemplate Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new CertificateTemplate(name: string, args: CertificateTemplateArgs, opts?: CustomResourceOptions);
    @overload
    def CertificateTemplate(resource_name: str,
                            args: CertificateTemplateArgs,
                            opts: Optional[ResourceOptions] = None)
    
    @overload
    def CertificateTemplate(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            certificate_template_id: Optional[str] = None,
                            description: Optional[str] = None,
                            identity_constraints: Optional[CertificateIdentityConstraintsArgs] = None,
                            labels: Optional[Mapping[str, str]] = None,
                            location: Optional[str] = None,
                            maximum_lifetime: Optional[str] = None,
                            passthrough_extensions: Optional[CertificateExtensionConstraintsArgs] = None,
                            predefined_values: Optional[X509ParametersArgs] = None,
                            project: Optional[str] = None,
                            request_id: Optional[str] = None)
    func NewCertificateTemplate(ctx *Context, name string, args CertificateTemplateArgs, opts ...ResourceOption) (*CertificateTemplate, error)
    public CertificateTemplate(string name, CertificateTemplateArgs args, CustomResourceOptions? opts = null)
    public CertificateTemplate(String name, CertificateTemplateArgs args)
    public CertificateTemplate(String name, CertificateTemplateArgs args, CustomResourceOptions options)
    
    type: google-native:privateca/v1:CertificateTemplate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var certificateTemplateResource = new GoogleNative.Privateca.V1.CertificateTemplate("certificateTemplateResource", new()
    {
        CertificateTemplateId = "string",
        Description = "string",
        IdentityConstraints = new GoogleNative.Privateca.V1.Inputs.CertificateIdentityConstraintsArgs
        {
            AllowSubjectAltNamesPassthrough = false,
            AllowSubjectPassthrough = false,
            CelExpression = new GoogleNative.Privateca.V1.Inputs.ExprArgs
            {
                Description = "string",
                Expression = "string",
                Location = "string",
                Title = "string",
            },
        },
        Labels = 
        {
            { "string", "string" },
        },
        Location = "string",
        MaximumLifetime = "string",
        PassthroughExtensions = new GoogleNative.Privateca.V1.Inputs.CertificateExtensionConstraintsArgs
        {
            AdditionalExtensions = new[]
            {
                new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                {
                    ObjectIdPath = new[]
                    {
                        0,
                    },
                },
            },
            KnownExtensions = new[]
            {
                GoogleNative.Privateca.V1.CertificateExtensionConstraintsKnownExtensionsItem.KnownCertificateExtensionUnspecified,
            },
        },
        PredefinedValues = new GoogleNative.Privateca.V1.Inputs.X509ParametersArgs
        {
            AdditionalExtensions = new[]
            {
                new GoogleNative.Privateca.V1.Inputs.X509ExtensionArgs
                {
                    ObjectId = new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                    {
                        ObjectIdPath = new[]
                        {
                            0,
                        },
                    },
                    Value = "string",
                    Critical = false,
                },
            },
            AiaOcspServers = new[]
            {
                "string",
            },
            CaOptions = new GoogleNative.Privateca.V1.Inputs.CaOptionsArgs
            {
                IsCa = false,
                MaxIssuerPathLength = 0,
            },
            KeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageArgs
            {
                BaseKeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsArgs
                {
                    CertSign = false,
                    ContentCommitment = false,
                    CrlSign = false,
                    DataEncipherment = false,
                    DecipherOnly = false,
                    DigitalSignature = false,
                    EncipherOnly = false,
                    KeyAgreement = false,
                    KeyEncipherment = false,
                },
                ExtendedKeyUsage = new GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsArgs
                {
                    ClientAuth = false,
                    CodeSigning = false,
                    EmailProtection = false,
                    OcspSigning = false,
                    ServerAuth = false,
                    TimeStamping = false,
                },
                UnknownExtendedKeyUsages = new[]
                {
                    new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                    {
                        ObjectIdPath = new[]
                        {
                            0,
                        },
                    },
                },
            },
            NameConstraints = new GoogleNative.Privateca.V1.Inputs.NameConstraintsArgs
            {
                Critical = false,
                ExcludedDnsNames = new[]
                {
                    "string",
                },
                ExcludedEmailAddresses = new[]
                {
                    "string",
                },
                ExcludedIpRanges = new[]
                {
                    "string",
                },
                ExcludedUris = new[]
                {
                    "string",
                },
                PermittedDnsNames = new[]
                {
                    "string",
                },
                PermittedEmailAddresses = new[]
                {
                    "string",
                },
                PermittedIpRanges = new[]
                {
                    "string",
                },
                PermittedUris = new[]
                {
                    "string",
                },
            },
            PolicyIds = new[]
            {
                new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                {
                    ObjectIdPath = new[]
                    {
                        0,
                    },
                },
            },
        },
        Project = "string",
        RequestId = "string",
    });
    
    example, err := privateca.NewCertificateTemplate(ctx, "certificateTemplateResource", &privateca.CertificateTemplateArgs{
    CertificateTemplateId: pulumi.String("string"),
    Description: pulumi.String("string"),
    IdentityConstraints: &privateca.CertificateIdentityConstraintsArgs{
    AllowSubjectAltNamesPassthrough: pulumi.Bool(false),
    AllowSubjectPassthrough: pulumi.Bool(false),
    CelExpression: &privateca.ExprArgs{
    Description: pulumi.String("string"),
    Expression: pulumi.String("string"),
    Location: pulumi.String("string"),
    Title: pulumi.String("string"),
    },
    },
    Labels: pulumi.StringMap{
    "string": pulumi.String("string"),
    },
    Location: pulumi.String("string"),
    MaximumLifetime: pulumi.String("string"),
    PassthroughExtensions: &privateca.CertificateExtensionConstraintsArgs{
    AdditionalExtensions: privateca.ObjectIdArray{
    &privateca.ObjectIdArgs{
    ObjectIdPath: pulumi.IntArray{
    pulumi.Int(0),
    },
    },
    },
    KnownExtensions: privateca.CertificateExtensionConstraintsKnownExtensionsItemArray{
    privateca.CertificateExtensionConstraintsKnownExtensionsItemKnownCertificateExtensionUnspecified,
    },
    },
    PredefinedValues: &privateca.X509ParametersArgs{
    AdditionalExtensions: privateca.X509ExtensionArray{
    &privateca.X509ExtensionArgs{
    ObjectId: &privateca.ObjectIdArgs{
    ObjectIdPath: pulumi.IntArray{
    pulumi.Int(0),
    },
    },
    Value: pulumi.String("string"),
    Critical: pulumi.Bool(false),
    },
    },
    AiaOcspServers: pulumi.StringArray{
    pulumi.String("string"),
    },
    CaOptions: &privateca.CaOptionsArgs{
    IsCa: pulumi.Bool(false),
    MaxIssuerPathLength: pulumi.Int(0),
    },
    KeyUsage: &privateca.KeyUsageArgs{
    BaseKeyUsage: &privateca.KeyUsageOptionsArgs{
    CertSign: pulumi.Bool(false),
    ContentCommitment: pulumi.Bool(false),
    CrlSign: pulumi.Bool(false),
    DataEncipherment: pulumi.Bool(false),
    DecipherOnly: pulumi.Bool(false),
    DigitalSignature: pulumi.Bool(false),
    EncipherOnly: pulumi.Bool(false),
    KeyAgreement: pulumi.Bool(false),
    KeyEncipherment: pulumi.Bool(false),
    },
    ExtendedKeyUsage: &privateca.ExtendedKeyUsageOptionsArgs{
    ClientAuth: pulumi.Bool(false),
    CodeSigning: pulumi.Bool(false),
    EmailProtection: pulumi.Bool(false),
    OcspSigning: pulumi.Bool(false),
    ServerAuth: pulumi.Bool(false),
    TimeStamping: pulumi.Bool(false),
    },
    UnknownExtendedKeyUsages: privateca.ObjectIdArray{
    &privateca.ObjectIdArgs{
    ObjectIdPath: pulumi.IntArray{
    pulumi.Int(0),
    },
    },
    },
    },
    NameConstraints: &privateca.NameConstraintsArgs{
    Critical: pulumi.Bool(false),
    ExcludedDnsNames: pulumi.StringArray{
    pulumi.String("string"),
    },
    ExcludedEmailAddresses: pulumi.StringArray{
    pulumi.String("string"),
    },
    ExcludedIpRanges: pulumi.StringArray{
    pulumi.String("string"),
    },
    ExcludedUris: pulumi.StringArray{
    pulumi.String("string"),
    },
    PermittedDnsNames: pulumi.StringArray{
    pulumi.String("string"),
    },
    PermittedEmailAddresses: pulumi.StringArray{
    pulumi.String("string"),
    },
    PermittedIpRanges: pulumi.StringArray{
    pulumi.String("string"),
    },
    PermittedUris: pulumi.StringArray{
    pulumi.String("string"),
    },
    },
    PolicyIds: privateca.ObjectIdArray{
    &privateca.ObjectIdArgs{
    ObjectIdPath: pulumi.IntArray{
    pulumi.Int(0),
    },
    },
    },
    },
    Project: pulumi.String("string"),
    RequestId: pulumi.String("string"),
    })
    
    var certificateTemplateResource = new CertificateTemplate("certificateTemplateResource", CertificateTemplateArgs.builder()
        .certificateTemplateId("string")
        .description("string")
        .identityConstraints(CertificateIdentityConstraintsArgs.builder()
            .allowSubjectAltNamesPassthrough(false)
            .allowSubjectPassthrough(false)
            .celExpression(ExprArgs.builder()
                .description("string")
                .expression("string")
                .location("string")
                .title("string")
                .build())
            .build())
        .labels(Map.of("string", "string"))
        .location("string")
        .maximumLifetime("string")
        .passthroughExtensions(CertificateExtensionConstraintsArgs.builder()
            .additionalExtensions(ObjectIdArgs.builder()
                .objectIdPath(0)
                .build())
            .knownExtensions("KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED")
            .build())
        .predefinedValues(X509ParametersArgs.builder()
            .additionalExtensions(X509ExtensionArgs.builder()
                .objectId(ObjectIdArgs.builder()
                    .objectIdPath(0)
                    .build())
                .value("string")
                .critical(false)
                .build())
            .aiaOcspServers("string")
            .caOptions(CaOptionsArgs.builder()
                .isCa(false)
                .maxIssuerPathLength(0)
                .build())
            .keyUsage(KeyUsageArgs.builder()
                .baseKeyUsage(KeyUsageOptionsArgs.builder()
                    .certSign(false)
                    .contentCommitment(false)
                    .crlSign(false)
                    .dataEncipherment(false)
                    .decipherOnly(false)
                    .digitalSignature(false)
                    .encipherOnly(false)
                    .keyAgreement(false)
                    .keyEncipherment(false)
                    .build())
                .extendedKeyUsage(ExtendedKeyUsageOptionsArgs.builder()
                    .clientAuth(false)
                    .codeSigning(false)
                    .emailProtection(false)
                    .ocspSigning(false)
                    .serverAuth(false)
                    .timeStamping(false)
                    .build())
                .unknownExtendedKeyUsages(ObjectIdArgs.builder()
                    .objectIdPath(0)
                    .build())
                .build())
            .nameConstraints(NameConstraintsArgs.builder()
                .critical(false)
                .excludedDnsNames("string")
                .excludedEmailAddresses("string")
                .excludedIpRanges("string")
                .excludedUris("string")
                .permittedDnsNames("string")
                .permittedEmailAddresses("string")
                .permittedIpRanges("string")
                .permittedUris("string")
                .build())
            .policyIds(ObjectIdArgs.builder()
                .objectIdPath(0)
                .build())
            .build())
        .project("string")
        .requestId("string")
        .build());
    
    certificate_template_resource = google_native.privateca.v1.CertificateTemplate("certificateTemplateResource",
        certificate_template_id="string",
        description="string",
        identity_constraints=google_native.privateca.v1.CertificateIdentityConstraintsArgs(
            allow_subject_alt_names_passthrough=False,
            allow_subject_passthrough=False,
            cel_expression=google_native.privateca.v1.ExprArgs(
                description="string",
                expression="string",
                location="string",
                title="string",
            ),
        ),
        labels={
            "string": "string",
        },
        location="string",
        maximum_lifetime="string",
        passthrough_extensions=google_native.privateca.v1.CertificateExtensionConstraintsArgs(
            additional_extensions=[google_native.privateca.v1.ObjectIdArgs(
                object_id_path=[0],
            )],
            known_extensions=[google_native.privateca.v1.CertificateExtensionConstraintsKnownExtensionsItem.KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED],
        ),
        predefined_values=google_native.privateca.v1.X509ParametersArgs(
            additional_extensions=[google_native.privateca.v1.X509ExtensionArgs(
                object_id=google_native.privateca.v1.ObjectIdArgs(
                    object_id_path=[0],
                ),
                value="string",
                critical=False,
            )],
            aia_ocsp_servers=["string"],
            ca_options=google_native.privateca.v1.CaOptionsArgs(
                is_ca=False,
                max_issuer_path_length=0,
            ),
            key_usage=google_native.privateca.v1.KeyUsageArgs(
                base_key_usage=google_native.privateca.v1.KeyUsageOptionsArgs(
                    cert_sign=False,
                    content_commitment=False,
                    crl_sign=False,
                    data_encipherment=False,
                    decipher_only=False,
                    digital_signature=False,
                    encipher_only=False,
                    key_agreement=False,
                    key_encipherment=False,
                ),
                extended_key_usage=google_native.privateca.v1.ExtendedKeyUsageOptionsArgs(
                    client_auth=False,
                    code_signing=False,
                    email_protection=False,
                    ocsp_signing=False,
                    server_auth=False,
                    time_stamping=False,
                ),
                unknown_extended_key_usages=[google_native.privateca.v1.ObjectIdArgs(
                    object_id_path=[0],
                )],
            ),
            name_constraints=google_native.privateca.v1.NameConstraintsArgs(
                critical=False,
                excluded_dns_names=["string"],
                excluded_email_addresses=["string"],
                excluded_ip_ranges=["string"],
                excluded_uris=["string"],
                permitted_dns_names=["string"],
                permitted_email_addresses=["string"],
                permitted_ip_ranges=["string"],
                permitted_uris=["string"],
            ),
            policy_ids=[google_native.privateca.v1.ObjectIdArgs(
                object_id_path=[0],
            )],
        ),
        project="string",
        request_id="string")
    
    const certificateTemplateResource = new google_native.privateca.v1.CertificateTemplate("certificateTemplateResource", {
        certificateTemplateId: "string",
        description: "string",
        identityConstraints: {
            allowSubjectAltNamesPassthrough: false,
            allowSubjectPassthrough: false,
            celExpression: {
                description: "string",
                expression: "string",
                location: "string",
                title: "string",
            },
        },
        labels: {
            string: "string",
        },
        location: "string",
        maximumLifetime: "string",
        passthroughExtensions: {
            additionalExtensions: [{
                objectIdPath: [0],
            }],
            knownExtensions: [google_native.privateca.v1.CertificateExtensionConstraintsKnownExtensionsItem.KnownCertificateExtensionUnspecified],
        },
        predefinedValues: {
            additionalExtensions: [{
                objectId: {
                    objectIdPath: [0],
                },
                value: "string",
                critical: false,
            }],
            aiaOcspServers: ["string"],
            caOptions: {
                isCa: false,
                maxIssuerPathLength: 0,
            },
            keyUsage: {
                baseKeyUsage: {
                    certSign: false,
                    contentCommitment: false,
                    crlSign: false,
                    dataEncipherment: false,
                    decipherOnly: false,
                    digitalSignature: false,
                    encipherOnly: false,
                    keyAgreement: false,
                    keyEncipherment: false,
                },
                extendedKeyUsage: {
                    clientAuth: false,
                    codeSigning: false,
                    emailProtection: false,
                    ocspSigning: false,
                    serverAuth: false,
                    timeStamping: false,
                },
                unknownExtendedKeyUsages: [{
                    objectIdPath: [0],
                }],
            },
            nameConstraints: {
                critical: false,
                excludedDnsNames: ["string"],
                excludedEmailAddresses: ["string"],
                excludedIpRanges: ["string"],
                excludedUris: ["string"],
                permittedDnsNames: ["string"],
                permittedEmailAddresses: ["string"],
                permittedIpRanges: ["string"],
                permittedUris: ["string"],
            },
            policyIds: [{
                objectIdPath: [0],
            }],
        },
        project: "string",
        requestId: "string",
    });
    
    type: google-native:privateca/v1:CertificateTemplate
    properties:
        certificateTemplateId: string
        description: string
        identityConstraints:
            allowSubjectAltNamesPassthrough: false
            allowSubjectPassthrough: false
            celExpression:
                description: string
                expression: string
                location: string
                title: string
        labels:
            string: string
        location: string
        maximumLifetime: string
        passthroughExtensions:
            additionalExtensions:
                - objectIdPath:
                    - 0
            knownExtensions:
                - KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
        predefinedValues:
            additionalExtensions:
                - critical: false
                  objectId:
                    objectIdPath:
                        - 0
                  value: string
            aiaOcspServers:
                - string
            caOptions:
                isCa: false
                maxIssuerPathLength: 0
            keyUsage:
                baseKeyUsage:
                    certSign: false
                    contentCommitment: false
                    crlSign: false
                    dataEncipherment: false
                    decipherOnly: false
                    digitalSignature: false
                    encipherOnly: false
                    keyAgreement: false
                    keyEncipherment: false
                extendedKeyUsage:
                    clientAuth: false
                    codeSigning: false
                    emailProtection: false
                    ocspSigning: false
                    serverAuth: false
                    timeStamping: false
                unknownExtendedKeyUsages:
                    - objectIdPath:
                        - 0
            nameConstraints:
                critical: false
                excludedDnsNames:
                    - string
                excludedEmailAddresses:
                    - string
                excludedIpRanges:
                    - string
                excludedUris:
                    - string
                permittedDnsNames:
                    - string
                permittedEmailAddresses:
                    - string
                permittedIpRanges:
                    - string
                permittedUris:
                    - string
            policyIds:
                - objectIdPath:
                    - 0
        project: string
        requestId: string
    

    CertificateTemplate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The CertificateTemplate resource accepts the following input properties:

    CertificateTemplateId string
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    Description string
    Optional. A human-readable description of scenarios this template is intended for.
    IdentityConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateIdentityConstraints
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
    Labels Dictionary<string, string>
    Optional. Labels with user-defined metadata.
    Location string
    MaximumLifetime string
    Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    PassthroughExtensions Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateExtensionConstraints
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
    PredefinedValues Pulumi.GoogleNative.Privateca.V1.Inputs.X509Parameters
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
    Project string
    RequestId string
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    CertificateTemplateId string
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    Description string
    Optional. A human-readable description of scenarios this template is intended for.
    IdentityConstraints CertificateIdentityConstraintsArgs
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
    Labels map[string]string
    Optional. Labels with user-defined metadata.
    Location string
    MaximumLifetime string
    Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    PassthroughExtensions CertificateExtensionConstraintsArgs
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
    PredefinedValues X509ParametersArgs
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
    Project string
    RequestId string
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    certificateTemplateId String
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    description String
    Optional. A human-readable description of scenarios this template is intended for.
    identityConstraints CertificateIdentityConstraints
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
    labels Map<String,String>
    Optional. Labels with user-defined metadata.
    location String
    maximumLifetime String
    Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    passthroughExtensions CertificateExtensionConstraints
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
    predefinedValues X509Parameters
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
    project String
    requestId String
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    certificateTemplateId string
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    description string
    Optional. A human-readable description of scenarios this template is intended for.
    identityConstraints CertificateIdentityConstraints
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
    labels {[key: string]: string}
    Optional. Labels with user-defined metadata.
    location string
    maximumLifetime string
    Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    passthroughExtensions CertificateExtensionConstraints
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
    predefinedValues X509Parameters
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
    project string
    requestId string
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    certificate_template_id str
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    description str
    Optional. A human-readable description of scenarios this template is intended for.
    identity_constraints CertificateIdentityConstraintsArgs
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
    labels Mapping[str, str]
    Optional. Labels with user-defined metadata.
    location str
    maximum_lifetime str
    Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    passthrough_extensions CertificateExtensionConstraintsArgs
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
    predefined_values X509ParametersArgs
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
    project str
    request_id str
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
    certificateTemplateId String
    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
    description String
    Optional. A human-readable description of scenarios this template is intended for.
    identityConstraints Property Map
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
    labels Map<String>
    Optional. Labels with user-defined metadata.
    location String
    maximumLifetime String
    Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    passthroughExtensions Property Map
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
    predefinedValues Property Map
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
    project String
    requestId String
    Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CertificateTemplate resource produces the following output properties:

    CreateTime string
    The time at which this CertificateTemplate was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    UpdateTime string
    The time at which this CertificateTemplate was updated.
    CreateTime string
    The time at which this CertificateTemplate was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    UpdateTime string
    The time at which this CertificateTemplate was updated.
    createTime String
    The time at which this CertificateTemplate was created.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    updateTime String
    The time at which this CertificateTemplate was updated.
    createTime string
    The time at which this CertificateTemplate was created.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    updateTime string
    The time at which this CertificateTemplate was updated.
    create_time str
    The time at which this CertificateTemplate was created.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    update_time str
    The time at which this CertificateTemplate was updated.
    createTime String
    The time at which this CertificateTemplate was created.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    updateTime String
    The time at which this CertificateTemplate was updated.

    Supporting Types

    CaOptions, CaOptionsArgs

    IsCa bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    MaxIssuerPathLength int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    IsCa bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    MaxIssuerPathLength int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa Boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength Integer
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength number
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    is_ca bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    max_issuer_path_length int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa Boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength Number
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    CaOptionsResponse, CaOptionsResponseArgs

    IsCa bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    MaxIssuerPathLength int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    IsCa bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    MaxIssuerPathLength int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa Boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength Integer
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength number
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    is_ca bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    max_issuer_path_length int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa Boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength Number
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    CertificateExtensionConstraints, CertificateExtensionConstraintsArgs

    AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    KnownExtensions List<Pulumi.GoogleNative.Privateca.V1.CertificateExtensionConstraintsKnownExtensionsItem>
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    AdditionalExtensions []ObjectId
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    KnownExtensions []CertificateExtensionConstraintsKnownExtensionsItem
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additionalExtensions List<ObjectId>
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    knownExtensions List<CertificateExtensionConstraintsKnownExtensionsItem>
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additionalExtensions ObjectId[]
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    knownExtensions CertificateExtensionConstraintsKnownExtensionsItem[]
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additional_extensions Sequence[ObjectId]
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    known_extensions Sequence[CertificateExtensionConstraintsKnownExtensionsItem]
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additionalExtensions List<Property Map>
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    knownExtensions List<"KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED" | "BASE_KEY_USAGE" | "EXTENDED_KEY_USAGE" | "CA_OPTIONS" | "POLICY_IDS" | "AIA_OCSP_SERVERS" | "NAME_CONSTRAINTS">
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

    CertificateExtensionConstraintsKnownExtensionsItem, CertificateExtensionConstraintsKnownExtensionsItemArgs

    KnownCertificateExtensionUnspecified
    KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
    BaseKeyUsage
    BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
    ExtendedKeyUsage
    EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
    CaOptions
    CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
    PolicyIds
    POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
    AiaOcspServers
    AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
    NameConstraints
    NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
    CertificateExtensionConstraintsKnownExtensionsItemKnownCertificateExtensionUnspecified
    KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
    CertificateExtensionConstraintsKnownExtensionsItemBaseKeyUsage
    BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
    CertificateExtensionConstraintsKnownExtensionsItemExtendedKeyUsage
    EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
    CertificateExtensionConstraintsKnownExtensionsItemCaOptions
    CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
    CertificateExtensionConstraintsKnownExtensionsItemPolicyIds
    POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
    CertificateExtensionConstraintsKnownExtensionsItemAiaOcspServers
    AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
    CertificateExtensionConstraintsKnownExtensionsItemNameConstraints
    NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
    KnownCertificateExtensionUnspecified
    KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
    BaseKeyUsage
    BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
    ExtendedKeyUsage
    EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
    CaOptions
    CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
    PolicyIds
    POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
    AiaOcspServers
    AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
    NameConstraints
    NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
    KnownCertificateExtensionUnspecified
    KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
    BaseKeyUsage
    BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
    ExtendedKeyUsage
    EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
    CaOptions
    CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
    PolicyIds
    POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
    AiaOcspServers
    AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
    NameConstraints
    NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
    KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED
    KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
    BASE_KEY_USAGE
    BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
    EXTENDED_KEY_USAGE
    EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
    CA_OPTIONS
    CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
    POLICY_IDS
    POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
    AIA_OCSP_SERVERS
    AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
    NAME_CONSTRAINTS
    NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10
    "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED"
    KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIEDNot specified.
    "BASE_KEY_USAGE"
    BASE_KEY_USAGERefers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
    "EXTENDED_KEY_USAGE"
    EXTENDED_KEY_USAGERefers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
    "CA_OPTIONS"
    CA_OPTIONSRefers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
    "POLICY_IDS"
    POLICY_IDSRefers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
    "AIA_OCSP_SERVERS"
    AIA_OCSP_SERVERSRefers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
    "NAME_CONSTRAINTS"
    NAME_CONSTRAINTSRefers to Name Constraints extension as described in RFC 5280 section 4.2.1.10

    CertificateExtensionConstraintsResponse, CertificateExtensionConstraintsResponseArgs

    AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    KnownExtensions List<string>
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    AdditionalExtensions []ObjectIdResponse
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    KnownExtensions []string
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additionalExtensions List<ObjectIdResponse>
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    knownExtensions List<String>
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additionalExtensions ObjectIdResponse[]
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    knownExtensions string[]
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additional_extensions Sequence[ObjectIdResponse]
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    known_extensions Sequence[str]
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additionalExtensions List<Property Map>
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    knownExtensions List<String>
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

    CertificateIdentityConstraints, CertificateIdentityConstraintsArgs

    AllowSubjectAltNamesPassthrough bool
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    AllowSubjectPassthrough bool
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    CelExpression Pulumi.GoogleNative.Privateca.V1.Inputs.Expr
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    AllowSubjectAltNamesPassthrough bool
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    AllowSubjectPassthrough bool
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    CelExpression Expr
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    allowSubjectAltNamesPassthrough Boolean
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allowSubjectPassthrough Boolean
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    celExpression Expr
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    allowSubjectAltNamesPassthrough boolean
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allowSubjectPassthrough boolean
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    celExpression Expr
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    allow_subject_alt_names_passthrough bool
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allow_subject_passthrough bool
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    cel_expression Expr
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    allowSubjectAltNamesPassthrough Boolean
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allowSubjectPassthrough Boolean
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    celExpression Property Map
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

    CertificateIdentityConstraintsResponse, CertificateIdentityConstraintsResponseArgs

    AllowSubjectAltNamesPassthrough bool
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    AllowSubjectPassthrough bool
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    CelExpression Pulumi.GoogleNative.Privateca.V1.Inputs.ExprResponse
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    AllowSubjectAltNamesPassthrough bool
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    AllowSubjectPassthrough bool
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    CelExpression ExprResponse
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    allowSubjectAltNamesPassthrough Boolean
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allowSubjectPassthrough Boolean
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    celExpression ExprResponse
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    allowSubjectAltNamesPassthrough boolean
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allowSubjectPassthrough boolean
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    celExpression ExprResponse
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    allow_subject_alt_names_passthrough bool
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allow_subject_passthrough bool
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    cel_expression ExprResponse
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    allowSubjectAltNamesPassthrough Boolean
    If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allowSubjectPassthrough Boolean
    If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    celExpression Property Map
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

    Expr, ExprArgs

    Description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    Title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    Description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    Title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description String
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    location String
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title String
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression string
    Textual representation of an expression in Common Expression Language syntax.
    location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description str
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression str
    Textual representation of an expression in Common Expression Language syntax.
    location str
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title str
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description String
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    location String
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title String
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    ExprResponse, ExprResponseArgs

    Description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    Title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    Description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    Title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description String
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    location String
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title String
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression string
    Textual representation of an expression in Common Expression Language syntax.
    location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description str
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression str
    Textual representation of an expression in Common Expression Language syntax.
    location str
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title str
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description String
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    location String
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title String
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    ExtendedKeyUsageOptions, ExtendedKeyUsageOptionsArgs

    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    client_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    code_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    email_protection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocsp_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    server_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    time_stamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    ExtendedKeyUsageOptionsResponse, ExtendedKeyUsageOptionsResponseArgs

    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    client_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    code_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    email_protection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocsp_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    server_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    time_stamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    KeyUsage, KeyUsageArgs

    BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptions
    Describes high-level ways in which a key may be used.
    ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptions
    Detailed scenarios in which a key may be used.
    UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    BaseKeyUsage KeyUsageOptions
    Describes high-level ways in which a key may be used.
    ExtendedKeyUsage ExtendedKeyUsageOptions
    Detailed scenarios in which a key may be used.
    UnknownExtendedKeyUsages []ObjectId
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage KeyUsageOptions
    Describes high-level ways in which a key may be used.
    extendedKeyUsage ExtendedKeyUsageOptions
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages List<ObjectId>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage KeyUsageOptions
    Describes high-level ways in which a key may be used.
    extendedKeyUsage ExtendedKeyUsageOptions
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages ObjectId[]
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    base_key_usage KeyUsageOptions
    Describes high-level ways in which a key may be used.
    extended_key_usage ExtendedKeyUsageOptions
    Detailed scenarios in which a key may be used.
    unknown_extended_key_usages Sequence[ObjectId]
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage Property Map
    Describes high-level ways in which a key may be used.
    extendedKeyUsage Property Map
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages List<Property Map>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    KeyUsageOptions, KeyUsageOptionsArgs

    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.
    certSign boolean
    The key may be used to sign certificates.
    contentCommitment boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment boolean
    The key may be used to encipher data.
    decipherOnly boolean
    The key may be used to decipher only.
    digitalSignature boolean
    The key may be used for digital signatures.
    encipherOnly boolean
    The key may be used to encipher only.
    keyAgreement boolean
    The key may be used in a key agreement protocol.
    keyEncipherment boolean
    The key may be used to encipher other keys.
    cert_sign bool
    The key may be used to sign certificates.
    content_commitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crl_sign bool
    The key may be used sign certificate revocation lists.
    data_encipherment bool
    The key may be used to encipher data.
    decipher_only bool
    The key may be used to decipher only.
    digital_signature bool
    The key may be used for digital signatures.
    encipher_only bool
    The key may be used to encipher only.
    key_agreement bool
    The key may be used in a key agreement protocol.
    key_encipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.

    KeyUsageOptionsResponse, KeyUsageOptionsResponseArgs

    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.
    certSign boolean
    The key may be used to sign certificates.
    contentCommitment boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment boolean
    The key may be used to encipher data.
    decipherOnly boolean
    The key may be used to decipher only.
    digitalSignature boolean
    The key may be used for digital signatures.
    encipherOnly boolean
    The key may be used to encipher only.
    keyAgreement boolean
    The key may be used in a key agreement protocol.
    keyEncipherment boolean
    The key may be used to encipher other keys.
    cert_sign bool
    The key may be used to sign certificates.
    content_commitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crl_sign bool
    The key may be used sign certificate revocation lists.
    data_encipherment bool
    The key may be used to encipher data.
    decipher_only bool
    The key may be used to decipher only.
    digital_signature bool
    The key may be used for digital signatures.
    encipher_only bool
    The key may be used to encipher only.
    key_agreement bool
    The key may be used in a key agreement protocol.
    key_encipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.

    KeyUsageResponse, KeyUsageResponseArgs

    BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsResponse
    Describes high-level ways in which a key may be used.
    ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsResponse
    Detailed scenarios in which a key may be used.
    UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    BaseKeyUsage KeyUsageOptionsResponse
    Describes high-level ways in which a key may be used.
    ExtendedKeyUsage ExtendedKeyUsageOptionsResponse
    Detailed scenarios in which a key may be used.
    UnknownExtendedKeyUsages []ObjectIdResponse
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage KeyUsageOptionsResponse
    Describes high-level ways in which a key may be used.
    extendedKeyUsage ExtendedKeyUsageOptionsResponse
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages List<ObjectIdResponse>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage KeyUsageOptionsResponse
    Describes high-level ways in which a key may be used.
    extendedKeyUsage ExtendedKeyUsageOptionsResponse
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages ObjectIdResponse[]
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    base_key_usage KeyUsageOptionsResponse
    Describes high-level ways in which a key may be used.
    extended_key_usage ExtendedKeyUsageOptionsResponse
    Detailed scenarios in which a key may be used.
    unknown_extended_key_usages Sequence[ObjectIdResponse]
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    baseKeyUsage Property Map
    Describes high-level ways in which a key may be used.
    extendedKeyUsage Property Map
    Detailed scenarios in which a key may be used.
    unknownExtendedKeyUsages List<Property Map>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    NameConstraints, NameConstraintsArgs

    Critical bool
    Indicates whether or not the name constraints are marked critical.
    ExcludedDnsNames List<string>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    ExcludedEmailAddresses List<string>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    ExcludedIpRanges List<string>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    ExcludedUris List<string>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    PermittedDnsNames List<string>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    PermittedEmailAddresses List<string>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    PermittedIpRanges List<string>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    PermittedUris List<string>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    Critical bool
    Indicates whether or not the name constraints are marked critical.
    ExcludedDnsNames []string
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    ExcludedEmailAddresses []string
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    ExcludedIpRanges []string
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    ExcludedUris []string
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    PermittedDnsNames []string
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    PermittedEmailAddresses []string
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    PermittedIpRanges []string
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    PermittedUris []string
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical Boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames List<String>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses List<String>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges List<String>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris List<String>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames List<String>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses List<String>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges List<String>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris List<String>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames string[]
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses string[]
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges string[]
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris string[]
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames string[]
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses string[]
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges string[]
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris string[]
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical bool
    Indicates whether or not the name constraints are marked critical.
    excluded_dns_names Sequence[str]
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excluded_email_addresses Sequence[str]
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excluded_ip_ranges Sequence[str]
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excluded_uris Sequence[str]
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permitted_dns_names Sequence[str]
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permitted_email_addresses Sequence[str]
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permitted_ip_ranges Sequence[str]
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permitted_uris Sequence[str]
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical Boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames List<String>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses List<String>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges List<String>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris List<String>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames List<String>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses List<String>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges List<String>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris List<String>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    NameConstraintsResponse, NameConstraintsResponseArgs

    Critical bool
    Indicates whether or not the name constraints are marked critical.
    ExcludedDnsNames List<string>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    ExcludedEmailAddresses List<string>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    ExcludedIpRanges List<string>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    ExcludedUris List<string>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    PermittedDnsNames List<string>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    PermittedEmailAddresses List<string>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    PermittedIpRanges List<string>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    PermittedUris List<string>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    Critical bool
    Indicates whether or not the name constraints are marked critical.
    ExcludedDnsNames []string
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    ExcludedEmailAddresses []string
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    ExcludedIpRanges []string
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    ExcludedUris []string
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    PermittedDnsNames []string
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    PermittedEmailAddresses []string
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    PermittedIpRanges []string
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    PermittedUris []string
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical Boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames List<String>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses List<String>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges List<String>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris List<String>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames List<String>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses List<String>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges List<String>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris List<String>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames string[]
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses string[]
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges string[]
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris string[]
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames string[]
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses string[]
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges string[]
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris string[]
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical bool
    Indicates whether or not the name constraints are marked critical.
    excluded_dns_names Sequence[str]
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excluded_email_addresses Sequence[str]
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excluded_ip_ranges Sequence[str]
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excluded_uris Sequence[str]
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permitted_dns_names Sequence[str]
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permitted_email_addresses Sequence[str]
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permitted_ip_ranges Sequence[str]
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permitted_uris Sequence[str]
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    critical Boolean
    Indicates whether or not the name constraints are marked critical.
    excludedDnsNames List<String>
    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    excludedEmailAddresses List<String>
    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    excludedIpRanges List<String>
    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    excludedUris List<String>
    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    permittedDnsNames List<String>
    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    permittedEmailAddresses List<String>
    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    permittedIpRanges List<String>
    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    permittedUris List<String>
    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    ObjectId, ObjectIdArgs

    ObjectIdPath List<int>
    The parts of an OID path. The most significant parts of the path come first.
    ObjectIdPath []int
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath List<Integer>
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath number[]
    The parts of an OID path. The most significant parts of the path come first.
    object_id_path Sequence[int]
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath List<Number>
    The parts of an OID path. The most significant parts of the path come first.

    ObjectIdResponse, ObjectIdResponseArgs

    ObjectIdPath List<int>
    The parts of an OID path. The most significant parts of the path come first.
    ObjectIdPath []int
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath List<Integer>
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath number[]
    The parts of an OID path. The most significant parts of the path come first.
    object_id_path Sequence[int]
    The parts of an OID path. The most significant parts of the path come first.
    objectIdPath List<Number>
    The parts of an OID path. The most significant parts of the path come first.

    X509Extension, X509ExtensionArgs

    ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId
    The OID for this X.509 extension.
    Value string
    The value of this X.509 extension.
    Critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    ObjectId ObjectId
    The OID for this X.509 extension.
    Value string
    The value of this X.509 extension.
    Critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId ObjectId
    The OID for this X.509 extension.
    value String
    The value of this X.509 extension.
    critical Boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId ObjectId
    The OID for this X.509 extension.
    value string
    The value of this X.509 extension.
    critical boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    object_id ObjectId
    The OID for this X.509 extension.
    value str
    The value of this X.509 extension.
    critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId Property Map
    The OID for this X.509 extension.
    value String
    The value of this X.509 extension.
    critical Boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    X509ExtensionResponse, X509ExtensionResponseArgs

    Critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse
    The OID for this X.509 extension.
    Value string
    The value of this X.509 extension.
    Critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    ObjectId ObjectIdResponse
    The OID for this X.509 extension.
    Value string
    The value of this X.509 extension.
    critical Boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId ObjectIdResponse
    The OID for this X.509 extension.
    value String
    The value of this X.509 extension.
    critical boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId ObjectIdResponse
    The OID for this X.509 extension.
    value string
    The value of this X.509 extension.
    critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    object_id ObjectIdResponse
    The OID for this X.509 extension.
    value str
    The value of this X.509 extension.
    critical Boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId Property Map
    The OID for this X.509 extension.
    value String
    The value of this X.509 extension.

    X509Parameters, X509ParametersArgs

    AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509Extension>
    Optional. Describes custom X.509 extensions.
    AiaOcspServers List<string>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate.
    NameConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.NameConstraints
    Optional. Describes the X.509 name constraints extension.
    PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    AdditionalExtensions []X509Extension
    Optional. Describes custom X.509 extensions.
    AiaOcspServers []string
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions CaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    KeyUsage KeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate.
    NameConstraints NameConstraints
    Optional. Describes the X.509 name constraints extension.
    PolicyIds []ObjectId
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions List<X509Extension>
    Optional. Describes custom X.509 extensions.
    aiaOcspServers List<String>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions CaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage KeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints NameConstraints
    Optional. Describes the X.509 name constraints extension.
    policyIds List<ObjectId>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions X509Extension[]
    Optional. Describes custom X.509 extensions.
    aiaOcspServers string[]
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions CaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage KeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints NameConstraints
    Optional. Describes the X.509 name constraints extension.
    policyIds ObjectId[]
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additional_extensions Sequence[X509Extension]
    Optional. Describes custom X.509 extensions.
    aia_ocsp_servers Sequence[str]
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    ca_options CaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    key_usage KeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate.
    name_constraints NameConstraints
    Optional. Describes the X.509 name constraints extension.
    policy_ids Sequence[ObjectId]
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions List<Property Map>
    Optional. Describes custom X.509 extensions.
    aiaOcspServers List<String>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions Property Map
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage Property Map
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints Property Map
    Optional. Describes the X.509 name constraints extension.
    policyIds List<Property Map>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    X509ParametersResponse, X509ParametersResponseArgs

    AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>
    Optional. Describes custom X.509 extensions.
    AiaOcspServers List<string>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptionsResponse
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageResponse
    Optional. Indicates the intended use for keys that correspond to a certificate.
    NameConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.NameConstraintsResponse
    Optional. Describes the X.509 name constraints extension.
    PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    AdditionalExtensions []X509ExtensionResponse
    Optional. Describes custom X.509 extensions.
    AiaOcspServers []string
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions CaOptionsResponse
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    KeyUsage KeyUsageResponse
    Optional. Indicates the intended use for keys that correspond to a certificate.
    NameConstraints NameConstraintsResponse
    Optional. Describes the X.509 name constraints extension.
    PolicyIds []ObjectIdResponse
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions List<X509ExtensionResponse>
    Optional. Describes custom X.509 extensions.
    aiaOcspServers List<String>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions CaOptionsResponse
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage KeyUsageResponse
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints NameConstraintsResponse
    Optional. Describes the X.509 name constraints extension.
    policyIds List<ObjectIdResponse>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions X509ExtensionResponse[]
    Optional. Describes custom X.509 extensions.
    aiaOcspServers string[]
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions CaOptionsResponse
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage KeyUsageResponse
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints NameConstraintsResponse
    Optional. Describes the X.509 name constraints extension.
    policyIds ObjectIdResponse[]
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additional_extensions Sequence[X509ExtensionResponse]
    Optional. Describes custom X.509 extensions.
    aia_ocsp_servers Sequence[str]
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    ca_options CaOptionsResponse
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    key_usage KeyUsageResponse
    Optional. Indicates the intended use for keys that correspond to a certificate.
    name_constraints NameConstraintsResponse
    Optional. Describes the X.509 name constraints extension.
    policy_ids Sequence[ObjectIdResponse]
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    additionalExtensions List<Property Map>
    Optional. Describes custom X.509 extensions.
    aiaOcspServers List<String>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions Property Map
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
    keyUsage Property Map
    Optional. Indicates the intended use for keys that correspond to a certificate.
    nameConstraints Property Map
    Optional. Describes the X.509 name constraints extension.
    policyIds List<Property Map>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi