1. Packages
  2. Google Cloud Native
  3. API Docs
  4. privateca
  5. privateca/v1
  6. getCertificateAuthority

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.31.1 published on Thursday, Jul 20, 2023 by Pulumi

google-native.privateca/v1.getCertificateAuthority

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.31.1 published on Thursday, Jul 20, 2023 by Pulumi

    Returns a CertificateAuthority.

    Using getCertificateAuthority

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getCertificateAuthority(args: GetCertificateAuthorityArgs, opts?: InvokeOptions): Promise<GetCertificateAuthorityResult>
    function getCertificateAuthorityOutput(args: GetCertificateAuthorityOutputArgs, opts?: InvokeOptions): Output<GetCertificateAuthorityResult>
    def get_certificate_authority(ca_pool_id: Optional[str] = None,
                                  certificate_authority_id: Optional[str] = None,
                                  location: Optional[str] = None,
                                  project: Optional[str] = None,
                                  opts: Optional[InvokeOptions] = None) -> GetCertificateAuthorityResult
    def get_certificate_authority_output(ca_pool_id: Optional[pulumi.Input[str]] = None,
                                  certificate_authority_id: Optional[pulumi.Input[str]] = None,
                                  location: Optional[pulumi.Input[str]] = None,
                                  project: Optional[pulumi.Input[str]] = None,
                                  opts: Optional[InvokeOptions] = None) -> Output[GetCertificateAuthorityResult]
    func LookupCertificateAuthority(ctx *Context, args *LookupCertificateAuthorityArgs, opts ...InvokeOption) (*LookupCertificateAuthorityResult, error)
    func LookupCertificateAuthorityOutput(ctx *Context, args *LookupCertificateAuthorityOutputArgs, opts ...InvokeOption) LookupCertificateAuthorityResultOutput

    > Note: This function is named LookupCertificateAuthority in the Go SDK.

    public static class GetCertificateAuthority 
    {
        public static Task<GetCertificateAuthorityResult> InvokeAsync(GetCertificateAuthorityArgs args, InvokeOptions? opts = null)
        public static Output<GetCertificateAuthorityResult> Invoke(GetCertificateAuthorityInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetCertificateAuthorityResult> getCertificateAuthority(GetCertificateAuthorityArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: google-native:privateca/v1:getCertificateAuthority
      arguments:
        # arguments dictionary

    The following arguments are supported:

    getCertificateAuthority Result

    The following output properties are available:

    AccessUrls Pulumi.GoogleNative.Privateca.V1.Outputs.AccessUrlsResponse

    URLs for accessing content published by this CA, such as the CA certificate and CRLs.

    CaCertificateDescriptions List<Pulumi.GoogleNative.Privateca.V1.Outputs.CertificateDescriptionResponse>

    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

    Config Pulumi.GoogleNative.Privateca.V1.Outputs.CertificateConfigResponse

    Immutable. The config used to create a self-signed X.509 certificate or CSR.

    CreateTime string

    The time at which this CertificateAuthority was created.

    DeleteTime string

    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.

    ExpireTime string

    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.

    GcsBucket string

    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

    KeySpec Pulumi.GoogleNative.Privateca.V1.Outputs.KeyVersionSpecResponse

    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

    Labels Dictionary<string, string>

    Optional. Labels with user-defined metadata.

    Lifetime string

    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

    Name string

    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    PemCaCertificates List<string>

    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

    State string

    The State for this CertificateAuthority.

    SubordinateConfig Pulumi.GoogleNative.Privateca.V1.Outputs.SubordinateConfigResponse

    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

    Tier string

    The CaPool.Tier of the CaPool that includes this CertificateAuthority.

    Type string

    Immutable. The Type of this CertificateAuthority.

    UpdateTime string

    The time at which this CertificateAuthority was last updated.

    AccessUrls AccessUrlsResponse

    URLs for accessing content published by this CA, such as the CA certificate and CRLs.

    CaCertificateDescriptions []CertificateDescriptionResponse

    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

    Config CertificateConfigResponse

    Immutable. The config used to create a self-signed X.509 certificate or CSR.

    CreateTime string

    The time at which this CertificateAuthority was created.

    DeleteTime string

    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.

    ExpireTime string

    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.

    GcsBucket string

    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

    KeySpec KeyVersionSpecResponse

    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

    Labels map[string]string

    Optional. Labels with user-defined metadata.

    Lifetime string

    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

    Name string

    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    PemCaCertificates []string

    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

    State string

    The State for this CertificateAuthority.

    SubordinateConfig SubordinateConfigResponse

    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

    Tier string

    The CaPool.Tier of the CaPool that includes this CertificateAuthority.

    Type string

    Immutable. The Type of this CertificateAuthority.

    UpdateTime string

    The time at which this CertificateAuthority was last updated.

    accessUrls AccessUrlsResponse

    URLs for accessing content published by this CA, such as the CA certificate and CRLs.

    caCertificateDescriptions List<CertificateDescriptionResponse>

    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

    config CertificateConfigResponse

    Immutable. The config used to create a self-signed X.509 certificate or CSR.

    createTime String

    The time at which this CertificateAuthority was created.

    deleteTime String

    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.

    expireTime String

    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.

    gcsBucket String

    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

    keySpec KeyVersionSpecResponse

    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

    labels Map<String,String>

    Optional. Labels with user-defined metadata.

    lifetime String

    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

    name String

    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    pemCaCertificates List<String>

    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

    state String

    The State for this CertificateAuthority.

    subordinateConfig SubordinateConfigResponse

    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

    tier String

    The CaPool.Tier of the CaPool that includes this CertificateAuthority.

    type String

    Immutable. The Type of this CertificateAuthority.

    updateTime String

    The time at which this CertificateAuthority was last updated.

    accessUrls AccessUrlsResponse

    URLs for accessing content published by this CA, such as the CA certificate and CRLs.

    caCertificateDescriptions CertificateDescriptionResponse[]

    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

    config CertificateConfigResponse

    Immutable. The config used to create a self-signed X.509 certificate or CSR.

    createTime string

    The time at which this CertificateAuthority was created.

    deleteTime string

    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.

    expireTime string

    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.

    gcsBucket string

    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

    keySpec KeyVersionSpecResponse

    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

    labels {[key: string]: string}

    Optional. Labels with user-defined metadata.

    lifetime string

    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

    name string

    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    pemCaCertificates string[]

    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

    state string

    The State for this CertificateAuthority.

    subordinateConfig SubordinateConfigResponse

    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

    tier string

    The CaPool.Tier of the CaPool that includes this CertificateAuthority.

    type string

    Immutable. The Type of this CertificateAuthority.

    updateTime string

    The time at which this CertificateAuthority was last updated.

    access_urls AccessUrlsResponse

    URLs for accessing content published by this CA, such as the CA certificate and CRLs.

    ca_certificate_descriptions Sequence[CertificateDescriptionResponse]

    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

    config CertificateConfigResponse

    Immutable. The config used to create a self-signed X.509 certificate or CSR.

    create_time str

    The time at which this CertificateAuthority was created.

    delete_time str

    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.

    expire_time str

    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.

    gcs_bucket str

    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

    key_spec KeyVersionSpecResponse

    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

    labels Mapping[str, str]

    Optional. Labels with user-defined metadata.

    lifetime str

    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

    name str

    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    pem_ca_certificates Sequence[str]

    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

    state str

    The State for this CertificateAuthority.

    subordinate_config SubordinateConfigResponse

    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

    tier str

    The CaPool.Tier of the CaPool that includes this CertificateAuthority.

    type str

    Immutable. The Type of this CertificateAuthority.

    update_time str

    The time at which this CertificateAuthority was last updated.

    accessUrls Property Map

    URLs for accessing content published by this CA, such as the CA certificate and CRLs.

    caCertificateDescriptions List<Property Map>

    A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

    config Property Map

    Immutable. The config used to create a self-signed X.509 certificate or CSR.

    createTime String

    The time at which this CertificateAuthority was created.

    deleteTime String

    The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.

    expireTime String

    The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.

    gcsBucket String

    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

    keySpec Property Map

    Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

    labels Map<String>

    Optional. Labels with user-defined metadata.

    lifetime String

    Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

    name String

    The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    pemCaCertificates List<String>

    This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

    state String

    The State for this CertificateAuthority.

    subordinateConfig Property Map

    Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

    tier String

    The CaPool.Tier of the CaPool that includes this CertificateAuthority.

    type String

    Immutable. The Type of this CertificateAuthority.

    updateTime String

    The time at which this CertificateAuthority was last updated.

    Supporting Types

    AccessUrlsResponse

    CaCertificateAccessUrl string

    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

    CrlAccessUrls List<string>

    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

    CaCertificateAccessUrl string

    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

    CrlAccessUrls []string

    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

    caCertificateAccessUrl String

    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

    crlAccessUrls List<String>

    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

    caCertificateAccessUrl string

    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

    crlAccessUrls string[]

    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

    ca_certificate_access_url str

    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

    crl_access_urls Sequence[str]

    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

    caCertificateAccessUrl String

    The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

    crlAccessUrls List<String>

    The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

    CaOptionsResponse

    IsCa bool

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    MaxIssuerPathLength int

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    IsCa bool

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    MaxIssuerPathLength int

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    isCa Boolean

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    maxIssuerPathLength Integer

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    isCa boolean

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    maxIssuerPathLength number

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    is_ca bool

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    max_issuer_path_length int

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    isCa Boolean

    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

    maxIssuerPathLength Number

    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    CertificateConfigResponse

    PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKeyResponse

    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

    SubjectConfig Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectConfigResponse

    Specifies some of the values in a certificate that are related to the subject.

    X509Config Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse

    Describes how some of the technical X.509 fields in a certificate should be populated.

    PublicKey PublicKeyResponse

    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

    SubjectConfig SubjectConfigResponse

    Specifies some of the values in a certificate that are related to the subject.

    X509Config X509ParametersResponse

    Describes how some of the technical X.509 fields in a certificate should be populated.

    publicKey PublicKeyResponse

    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

    subjectConfig SubjectConfigResponse

    Specifies some of the values in a certificate that are related to the subject.

    x509Config X509ParametersResponse

    Describes how some of the technical X.509 fields in a certificate should be populated.

    publicKey PublicKeyResponse

    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

    subjectConfig SubjectConfigResponse

    Specifies some of the values in a certificate that are related to the subject.

    x509Config X509ParametersResponse

    Describes how some of the technical X.509 fields in a certificate should be populated.

    public_key PublicKeyResponse

    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

    subject_config SubjectConfigResponse

    Specifies some of the values in a certificate that are related to the subject.

    x509_config X509ParametersResponse

    Describes how some of the technical X.509 fields in a certificate should be populated.

    publicKey Property Map

    Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

    subjectConfig Property Map

    Specifies some of the values in a certificate that are related to the subject.

    x509Config Property Map

    Describes how some of the technical X.509 fields in a certificate should be populated.

    CertificateDescriptionResponse

    AiaIssuingCertificateUrls List<string>

    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

    AuthorityKeyId Pulumi.GoogleNative.Privateca.V1.Inputs.KeyIdResponse

    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

    CertFingerprint Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateFingerprintResponse

    The hash of the x.509 certificate.

    CrlDistributionPoints List<string>

    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

    PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKeyResponse

    The public key that corresponds to an issued certificate.

    SubjectDescription Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectDescriptionResponse

    Describes some of the values in a certificate that are related to the subject and lifetime.

    SubjectKeyId Pulumi.GoogleNative.Privateca.V1.Inputs.KeyIdResponse

    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

    X509Description Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse

    Describes some of the technical X.509 fields in a certificate.

    AiaIssuingCertificateUrls []string

    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

    AuthorityKeyId KeyIdResponse

    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

    CertFingerprint CertificateFingerprintResponse

    The hash of the x.509 certificate.

    CrlDistributionPoints []string

    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

    PublicKey PublicKeyResponse

    The public key that corresponds to an issued certificate.

    SubjectDescription SubjectDescriptionResponse

    Describes some of the values in a certificate that are related to the subject and lifetime.

    SubjectKeyId KeyIdResponse

    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

    X509Description X509ParametersResponse

    Describes some of the technical X.509 fields in a certificate.

    aiaIssuingCertificateUrls List<String>

    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

    authorityKeyId KeyIdResponse

    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

    certFingerprint CertificateFingerprintResponse

    The hash of the x.509 certificate.

    crlDistributionPoints List<String>

    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

    publicKey PublicKeyResponse

    The public key that corresponds to an issued certificate.

    subjectDescription SubjectDescriptionResponse

    Describes some of the values in a certificate that are related to the subject and lifetime.

    subjectKeyId KeyIdResponse

    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

    x509Description X509ParametersResponse

    Describes some of the technical X.509 fields in a certificate.

    aiaIssuingCertificateUrls string[]

    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

    authorityKeyId KeyIdResponse

    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

    certFingerprint CertificateFingerprintResponse

    The hash of the x.509 certificate.

    crlDistributionPoints string[]

    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

    publicKey PublicKeyResponse

    The public key that corresponds to an issued certificate.

    subjectDescription SubjectDescriptionResponse

    Describes some of the values in a certificate that are related to the subject and lifetime.

    subjectKeyId KeyIdResponse

    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

    x509Description X509ParametersResponse

    Describes some of the technical X.509 fields in a certificate.

    aia_issuing_certificate_urls Sequence[str]

    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

    authority_key_id KeyIdResponse

    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

    cert_fingerprint CertificateFingerprintResponse

    The hash of the x.509 certificate.

    crl_distribution_points Sequence[str]

    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

    public_key PublicKeyResponse

    The public key that corresponds to an issued certificate.

    subject_description SubjectDescriptionResponse

    Describes some of the values in a certificate that are related to the subject and lifetime.

    subject_key_id KeyIdResponse

    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

    x509_description X509ParametersResponse

    Describes some of the technical X.509 fields in a certificate.

    aiaIssuingCertificateUrls List<String>

    Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

    authorityKeyId Property Map

    Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

    certFingerprint Property Map

    The hash of the x.509 certificate.

    crlDistributionPoints List<String>

    Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

    publicKey Property Map

    The public key that corresponds to an issued certificate.

    subjectDescription Property Map

    Describes some of the values in a certificate that are related to the subject and lifetime.

    subjectKeyId Property Map

    Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

    x509Description Property Map

    Describes some of the technical X.509 fields in a certificate.

    CertificateFingerprintResponse

    Sha256Hash string

    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

    Sha256Hash string

    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

    sha256Hash String

    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

    sha256Hash string

    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

    sha256_hash str

    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

    sha256Hash String

    The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

    ExtendedKeyUsageOptionsResponse

    ClientAuth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    CodeSigning bool

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    EmailProtection bool

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    OcspSigning bool

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    ServerAuth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    TimeStamping bool

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    ClientAuth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    CodeSigning bool

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    EmailProtection bool

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    OcspSigning bool

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    ServerAuth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    TimeStamping bool

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    clientAuth Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    codeSigning Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    emailProtection Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    ocspSigning Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    serverAuth Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    timeStamping Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    clientAuth boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    codeSigning boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    emailProtection boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    ocspSigning boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    serverAuth boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    timeStamping boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    client_auth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    code_signing bool

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    email_protection bool

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    ocsp_signing bool

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    server_auth bool

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    time_stamping bool

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    clientAuth Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

    codeSigning Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

    emailProtection Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

    ocspSigning Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

    serverAuth Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

    timeStamping Boolean

    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    KeyIdResponse

    KeyId string

    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

    KeyId string

    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

    keyId String

    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

    keyId string

    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

    key_id str

    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

    keyId String

    Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

    KeyUsageOptionsResponse

    CertSign bool

    The key may be used to sign certificates.

    ContentCommitment bool

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    CrlSign bool

    The key may be used sign certificate revocation lists.

    DataEncipherment bool

    The key may be used to encipher data.

    DecipherOnly bool

    The key may be used to decipher only.

    DigitalSignature bool

    The key may be used for digital signatures.

    EncipherOnly bool

    The key may be used to encipher only.

    KeyAgreement bool

    The key may be used in a key agreement protocol.

    KeyEncipherment bool

    The key may be used to encipher other keys.

    CertSign bool

    The key may be used to sign certificates.

    ContentCommitment bool

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    CrlSign bool

    The key may be used sign certificate revocation lists.

    DataEncipherment bool

    The key may be used to encipher data.

    DecipherOnly bool

    The key may be used to decipher only.

    DigitalSignature bool

    The key may be used for digital signatures.

    EncipherOnly bool

    The key may be used to encipher only.

    KeyAgreement bool

    The key may be used in a key agreement protocol.

    KeyEncipherment bool

    The key may be used to encipher other keys.

    certSign Boolean

    The key may be used to sign certificates.

    contentCommitment Boolean

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    crlSign Boolean

    The key may be used sign certificate revocation lists.

    dataEncipherment Boolean

    The key may be used to encipher data.

    decipherOnly Boolean

    The key may be used to decipher only.

    digitalSignature Boolean

    The key may be used for digital signatures.

    encipherOnly Boolean

    The key may be used to encipher only.

    keyAgreement Boolean

    The key may be used in a key agreement protocol.

    keyEncipherment Boolean

    The key may be used to encipher other keys.

    certSign boolean

    The key may be used to sign certificates.

    contentCommitment boolean

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    crlSign boolean

    The key may be used sign certificate revocation lists.

    dataEncipherment boolean

    The key may be used to encipher data.

    decipherOnly boolean

    The key may be used to decipher only.

    digitalSignature boolean

    The key may be used for digital signatures.

    encipherOnly boolean

    The key may be used to encipher only.

    keyAgreement boolean

    The key may be used in a key agreement protocol.

    keyEncipherment boolean

    The key may be used to encipher other keys.

    cert_sign bool

    The key may be used to sign certificates.

    content_commitment bool

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    crl_sign bool

    The key may be used sign certificate revocation lists.

    data_encipherment bool

    The key may be used to encipher data.

    decipher_only bool

    The key may be used to decipher only.

    digital_signature bool

    The key may be used for digital signatures.

    encipher_only bool

    The key may be used to encipher only.

    key_agreement bool

    The key may be used in a key agreement protocol.

    key_encipherment bool

    The key may be used to encipher other keys.

    certSign Boolean

    The key may be used to sign certificates.

    contentCommitment Boolean

    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

    crlSign Boolean

    The key may be used sign certificate revocation lists.

    dataEncipherment Boolean

    The key may be used to encipher data.

    decipherOnly Boolean

    The key may be used to decipher only.

    digitalSignature Boolean

    The key may be used for digital signatures.

    encipherOnly Boolean

    The key may be used to encipher only.

    keyAgreement Boolean

    The key may be used in a key agreement protocol.

    keyEncipherment Boolean

    The key may be used to encipher other keys.

    KeyUsageResponse

    BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsResponse

    Describes high-level ways in which a key may be used.

    ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsResponse

    Detailed scenarios in which a key may be used.

    UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    BaseKeyUsage KeyUsageOptionsResponse

    Describes high-level ways in which a key may be used.

    ExtendedKeyUsage ExtendedKeyUsageOptionsResponse

    Detailed scenarios in which a key may be used.

    UnknownExtendedKeyUsages []ObjectIdResponse

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    baseKeyUsage KeyUsageOptionsResponse

    Describes high-level ways in which a key may be used.

    extendedKeyUsage ExtendedKeyUsageOptionsResponse

    Detailed scenarios in which a key may be used.

    unknownExtendedKeyUsages List<ObjectIdResponse>

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    baseKeyUsage KeyUsageOptionsResponse

    Describes high-level ways in which a key may be used.

    extendedKeyUsage ExtendedKeyUsageOptionsResponse

    Detailed scenarios in which a key may be used.

    unknownExtendedKeyUsages ObjectIdResponse[]

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    base_key_usage KeyUsageOptionsResponse

    Describes high-level ways in which a key may be used.

    extended_key_usage ExtendedKeyUsageOptionsResponse

    Detailed scenarios in which a key may be used.

    unknown_extended_key_usages Sequence[ObjectIdResponse]

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    baseKeyUsage Property Map

    Describes high-level ways in which a key may be used.

    extendedKeyUsage Property Map

    Detailed scenarios in which a key may be used.

    unknownExtendedKeyUsages List<Property Map>

    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

    KeyVersionSpecResponse

    Algorithm string

    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

    CloudKmsKeyVersion string

    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

    Algorithm string

    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

    CloudKmsKeyVersion string

    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

    algorithm String

    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

    cloudKmsKeyVersion String

    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

    algorithm string

    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

    cloudKmsKeyVersion string

    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

    algorithm str

    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

    cloud_kms_key_version str

    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

    algorithm String

    The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

    cloudKmsKeyVersion String

    The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

    NameConstraintsResponse

    Critical bool

    Indicates whether or not the name constraints are marked critical.

    ExcludedDnsNames List<string>

    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    ExcludedEmailAddresses List<string>

    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    ExcludedIpRanges List<string>

    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    ExcludedUris List<string>

    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    PermittedDnsNames List<string>

    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    PermittedEmailAddresses List<string>

    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    PermittedIpRanges List<string>

    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    PermittedUris List<string>

    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    Critical bool

    Indicates whether or not the name constraints are marked critical.

    ExcludedDnsNames []string

    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    ExcludedEmailAddresses []string

    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    ExcludedIpRanges []string

    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    ExcludedUris []string

    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    PermittedDnsNames []string

    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    PermittedEmailAddresses []string

    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    PermittedIpRanges []string

    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    PermittedUris []string

    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    critical Boolean

    Indicates whether or not the name constraints are marked critical.

    excludedDnsNames List<String>

    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    excludedEmailAddresses List<String>

    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    excludedIpRanges List<String>

    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    excludedUris List<String>

    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    permittedDnsNames List<String>

    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    permittedEmailAddresses List<String>

    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    permittedIpRanges List<String>

    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    permittedUris List<String>

    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    critical boolean

    Indicates whether or not the name constraints are marked critical.

    excludedDnsNames string[]

    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    excludedEmailAddresses string[]

    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    excludedIpRanges string[]

    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    excludedUris string[]

    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    permittedDnsNames string[]

    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    permittedEmailAddresses string[]

    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    permittedIpRanges string[]

    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    permittedUris string[]

    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    critical bool

    Indicates whether or not the name constraints are marked critical.

    excluded_dns_names Sequence[str]

    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    excluded_email_addresses Sequence[str]

    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    excluded_ip_ranges Sequence[str]

    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    excluded_uris Sequence[str]

    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    permitted_dns_names Sequence[str]

    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    permitted_email_addresses Sequence[str]

    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    permitted_ip_ranges Sequence[str]

    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    permitted_uris Sequence[str]

    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    critical Boolean

    Indicates whether or not the name constraints are marked critical.

    excludedDnsNames List<String>

    Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    excludedEmailAddresses List<String>

    Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    excludedIpRanges List<String>

    Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    excludedUris List<String>

    Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    permittedDnsNames List<String>

    Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.

    permittedEmailAddresses List<String>

    Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.

    permittedIpRanges List<String>

    Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.

    permittedUris List<String>

    Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

    ObjectIdResponse

    ObjectIdPath List<int>

    The parts of an OID path. The most significant parts of the path come first.

    ObjectIdPath []int

    The parts of an OID path. The most significant parts of the path come first.

    objectIdPath List<Integer>

    The parts of an OID path. The most significant parts of the path come first.

    objectIdPath number[]

    The parts of an OID path. The most significant parts of the path come first.

    object_id_path Sequence[int]

    The parts of an OID path. The most significant parts of the path come first.

    objectIdPath List<Number>

    The parts of an OID path. The most significant parts of the path come first.

    PublicKeyResponse

    Format string

    The format of the public key.

    Key string

    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

    Format string

    The format of the public key.

    Key string

    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

    format String

    The format of the public key.

    key String

    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

    format string

    The format of the public key.

    key string

    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

    format str

    The format of the public key.

    key str

    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

    format String

    The format of the public key.

    key String

    A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

    SubjectAltNamesResponse

    CustomSans List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>

    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.

    DnsNames List<string>

    Contains only valid, fully-qualified host names.

    EmailAddresses List<string>

    Contains only valid RFC 2822 E-mail addresses.

    IpAddresses List<string>

    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

    Uris List<string>

    Contains only valid RFC 3986 URIs.

    CustomSans []X509ExtensionResponse

    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.

    DnsNames []string

    Contains only valid, fully-qualified host names.

    EmailAddresses []string

    Contains only valid RFC 2822 E-mail addresses.

    IpAddresses []string

    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

    Uris []string

    Contains only valid RFC 3986 URIs.

    customSans List<X509ExtensionResponse>

    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.

    dnsNames List<String>

    Contains only valid, fully-qualified host names.

    emailAddresses List<String>

    Contains only valid RFC 2822 E-mail addresses.

    ipAddresses List<String>

    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

    uris List<String>

    Contains only valid RFC 3986 URIs.

    customSans X509ExtensionResponse[]

    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.

    dnsNames string[]

    Contains only valid, fully-qualified host names.

    emailAddresses string[]

    Contains only valid RFC 2822 E-mail addresses.

    ipAddresses string[]

    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

    uris string[]

    Contains only valid RFC 3986 URIs.

    custom_sans Sequence[X509ExtensionResponse]

    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.

    dns_names Sequence[str]

    Contains only valid, fully-qualified host names.

    email_addresses Sequence[str]

    Contains only valid RFC 2822 E-mail addresses.

    ip_addresses Sequence[str]

    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

    uris Sequence[str]

    Contains only valid RFC 3986 URIs.

    customSans List<Property Map>

    Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.

    dnsNames List<String>

    Contains only valid, fully-qualified host names.

    emailAddresses List<String>

    Contains only valid RFC 2822 E-mail addresses.

    ipAddresses List<String>

    Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

    uris List<String>

    Contains only valid RFC 3986 URIs.

    SubjectConfigResponse

    Subject Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectResponse

    Contains distinguished name fields such as the common name, location and organization.

    SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNamesResponse

    Optional. The subject alternative name fields.

    Subject SubjectResponse

    Contains distinguished name fields such as the common name, location and organization.

    SubjectAltName SubjectAltNamesResponse

    Optional. The subject alternative name fields.

    subject SubjectResponse

    Contains distinguished name fields such as the common name, location and organization.

    subjectAltName SubjectAltNamesResponse

    Optional. The subject alternative name fields.

    subject SubjectResponse

    Contains distinguished name fields such as the common name, location and organization.

    subjectAltName SubjectAltNamesResponse

    Optional. The subject alternative name fields.

    subject SubjectResponse

    Contains distinguished name fields such as the common name, location and organization.

    subject_alt_name SubjectAltNamesResponse

    Optional. The subject alternative name fields.

    subject Property Map

    Contains distinguished name fields such as the common name, location and organization.

    subjectAltName Property Map

    Optional. The subject alternative name fields.

    SubjectDescriptionResponse

    HexSerialNumber string

    The serial number encoded in lowercase hexadecimal.

    Lifetime string

    For convenience, the actual lifetime of an issued certificate.

    NotAfterTime string

    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.

    NotBeforeTime string

    The time at which the certificate becomes valid.

    Subject Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectResponse

    Contains distinguished name fields such as the common name, location and / organization.

    SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNamesResponse

    The subject alternative name fields.

    HexSerialNumber string

    The serial number encoded in lowercase hexadecimal.

    Lifetime string

    For convenience, the actual lifetime of an issued certificate.

    NotAfterTime string

    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.

    NotBeforeTime string

    The time at which the certificate becomes valid.

    Subject SubjectResponse

    Contains distinguished name fields such as the common name, location and / organization.

    SubjectAltName SubjectAltNamesResponse

    The subject alternative name fields.

    hexSerialNumber String

    The serial number encoded in lowercase hexadecimal.

    lifetime String

    For convenience, the actual lifetime of an issued certificate.

    notAfterTime String

    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.

    notBeforeTime String

    The time at which the certificate becomes valid.

    subject SubjectResponse

    Contains distinguished name fields such as the common name, location and / organization.

    subjectAltName SubjectAltNamesResponse

    The subject alternative name fields.

    hexSerialNumber string

    The serial number encoded in lowercase hexadecimal.

    lifetime string

    For convenience, the actual lifetime of an issued certificate.

    notAfterTime string

    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.

    notBeforeTime string

    The time at which the certificate becomes valid.

    subject SubjectResponse

    Contains distinguished name fields such as the common name, location and / organization.

    subjectAltName SubjectAltNamesResponse

    The subject alternative name fields.

    hex_serial_number str

    The serial number encoded in lowercase hexadecimal.

    lifetime str

    For convenience, the actual lifetime of an issued certificate.

    not_after_time str

    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.

    not_before_time str

    The time at which the certificate becomes valid.

    subject SubjectResponse

    Contains distinguished name fields such as the common name, location and / organization.

    subject_alt_name SubjectAltNamesResponse

    The subject alternative name fields.

    hexSerialNumber String

    The serial number encoded in lowercase hexadecimal.

    lifetime String

    For convenience, the actual lifetime of an issued certificate.

    notAfterTime String

    The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.

    notBeforeTime String

    The time at which the certificate becomes valid.

    subject Property Map

    Contains distinguished name fields such as the common name, location and / organization.

    subjectAltName Property Map

    The subject alternative name fields.

    SubjectResponse

    CommonName string

    The "common name" of the subject.

    CountryCode string

    The country code of the subject.

    Locality string

    The locality or city of the subject.

    Organization string

    The organization of the subject.

    OrganizationalUnit string

    The organizational_unit of the subject.

    PostalCode string

    The postal code of the subject.

    Province string

    The province, territory, or regional state of the subject.

    StreetAddress string

    The street address of the subject.

    CommonName string

    The "common name" of the subject.

    CountryCode string

    The country code of the subject.

    Locality string

    The locality or city of the subject.

    Organization string

    The organization of the subject.

    OrganizationalUnit string

    The organizational_unit of the subject.

    PostalCode string

    The postal code of the subject.

    Province string

    The province, territory, or regional state of the subject.

    StreetAddress string

    The street address of the subject.

    commonName String

    The "common name" of the subject.

    countryCode String

    The country code of the subject.

    locality String

    The locality or city of the subject.

    organization String

    The organization of the subject.

    organizationalUnit String

    The organizational_unit of the subject.

    postalCode String

    The postal code of the subject.

    province String

    The province, territory, or regional state of the subject.

    streetAddress String

    The street address of the subject.

    commonName string

    The "common name" of the subject.

    countryCode string

    The country code of the subject.

    locality string

    The locality or city of the subject.

    organization string

    The organization of the subject.

    organizationalUnit string

    The organizational_unit of the subject.

    postalCode string

    The postal code of the subject.

    province string

    The province, territory, or regional state of the subject.

    streetAddress string

    The street address of the subject.

    common_name str

    The "common name" of the subject.

    country_code str

    The country code of the subject.

    locality str

    The locality or city of the subject.

    organization str

    The organization of the subject.

    organizational_unit str

    The organizational_unit of the subject.

    postal_code str

    The postal code of the subject.

    province str

    The province, territory, or regional state of the subject.

    street_address str

    The street address of the subject.

    commonName String

    The "common name" of the subject.

    countryCode String

    The country code of the subject.

    locality String

    The locality or city of the subject.

    organization String

    The organization of the subject.

    organizationalUnit String

    The organizational_unit of the subject.

    postalCode String

    The postal code of the subject.

    province String

    The province, territory, or regional state of the subject.

    streetAddress String

    The street address of the subject.

    SubordinateConfigChainResponse

    PemCertificates List<string>

    Expected to be in leaf-to-root order according to RFC 5246.

    PemCertificates []string

    Expected to be in leaf-to-root order according to RFC 5246.

    pemCertificates List<String>

    Expected to be in leaf-to-root order according to RFC 5246.

    pemCertificates string[]

    Expected to be in leaf-to-root order according to RFC 5246.

    pem_certificates Sequence[str]

    Expected to be in leaf-to-root order according to RFC 5246.

    pemCertificates List<String>

    Expected to be in leaf-to-root order according to RFC 5246.

    SubordinateConfigResponse

    CertificateAuthority string

    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    PemIssuerChain Pulumi.GoogleNative.Privateca.V1.Inputs.SubordinateConfigChainResponse

    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

    CertificateAuthority string

    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    PemIssuerChain SubordinateConfigChainResponse

    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

    certificateAuthority String

    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    pemIssuerChain SubordinateConfigChainResponse

    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

    certificateAuthority string

    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    pemIssuerChain SubordinateConfigChainResponse

    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

    certificate_authority str

    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    pem_issuer_chain SubordinateConfigChainResponse

    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

    certificateAuthority String

    This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

    pemIssuerChain Property Map

    Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

    X509ExtensionResponse

    Critical bool

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse

    The OID for this X.509 extension.

    Value string

    The value of this X.509 extension.

    Critical bool

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    ObjectId ObjectIdResponse

    The OID for this X.509 extension.

    Value string

    The value of this X.509 extension.

    critical Boolean

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    objectId ObjectIdResponse

    The OID for this X.509 extension.

    value String

    The value of this X.509 extension.

    critical boolean

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    objectId ObjectIdResponse

    The OID for this X.509 extension.

    value string

    The value of this X.509 extension.

    critical bool

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    object_id ObjectIdResponse

    The OID for this X.509 extension.

    value str

    The value of this X.509 extension.

    critical Boolean

    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    objectId Property Map

    The OID for this X.509 extension.

    value String

    The value of this X.509 extension.

    X509ParametersResponse

    AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>

    Optional. Describes custom X.509 extensions.

    AiaOcspServers List<string>

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptionsResponse

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageResponse

    Optional. Indicates the intended use for keys that correspond to a certificate.

    NameConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.NameConstraintsResponse

    Optional. Describes the X.509 name constraints extension.

    PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    AdditionalExtensions []X509ExtensionResponse

    Optional. Describes custom X.509 extensions.

    AiaOcspServers []string

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    CaOptions CaOptionsResponse

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    KeyUsage KeyUsageResponse

    Optional. Indicates the intended use for keys that correspond to a certificate.

    NameConstraints NameConstraintsResponse

    Optional. Describes the X.509 name constraints extension.

    PolicyIds []ObjectIdResponse

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    additionalExtensions List<X509ExtensionResponse>

    Optional. Describes custom X.509 extensions.

    aiaOcspServers List<String>

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    caOptions CaOptionsResponse

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    keyUsage KeyUsageResponse

    Optional. Indicates the intended use for keys that correspond to a certificate.

    nameConstraints NameConstraintsResponse

    Optional. Describes the X.509 name constraints extension.

    policyIds List<ObjectIdResponse>

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    additionalExtensions X509ExtensionResponse[]

    Optional. Describes custom X.509 extensions.

    aiaOcspServers string[]

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    caOptions CaOptionsResponse

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    keyUsage KeyUsageResponse

    Optional. Indicates the intended use for keys that correspond to a certificate.

    nameConstraints NameConstraintsResponse

    Optional. Describes the X.509 name constraints extension.

    policyIds ObjectIdResponse[]

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    additional_extensions Sequence[X509ExtensionResponse]

    Optional. Describes custom X.509 extensions.

    aia_ocsp_servers Sequence[str]

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    ca_options CaOptionsResponse

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    key_usage KeyUsageResponse

    Optional. Indicates the intended use for keys that correspond to a certificate.

    name_constraints NameConstraintsResponse

    Optional. Describes the X.509 name constraints extension.

    policy_ids Sequence[ObjectIdResponse]

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    additionalExtensions List<Property Map>

    Optional. Describes custom X.509 extensions.

    aiaOcspServers List<String>

    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

    caOptions Property Map

    Optional. Describes options in this X509Parameters that are relevant in a CA certificate.

    keyUsage Property Map

    Optional. Indicates the intended use for keys that correspond to a certificate.

    nameConstraints Property Map

    Optional. Describes the X.509 name constraints extension.

    policyIds List<Property Map>

    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.31.1 published on Thursday, Jul 20, 2023 by Pulumi