Google Cloud Native v0.30.0, Apr 14 23

google-native.privateca/v1.getCertificateTemplate

Explore with Pulumi AI

Returns a CertificateTemplate.

Using getCertificateTemplate

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getCertificateTemplate(args: GetCertificateTemplateArgs, opts?: InvokeOptions): Promise<GetCertificateTemplateResult>
function getCertificateTemplateOutput(args: GetCertificateTemplateOutputArgs, opts?: InvokeOptions): Output<GetCertificateTemplateResult>

def get_certificate_template(certificate_template_id: Optional[str] = None,
                             location: Optional[str] = None,
                             project: Optional[str] = None,
                             opts: Optional[InvokeOptions] = None) -> GetCertificateTemplateResult
def get_certificate_template_output(certificate_template_id: Optional[pulumi.Input[str]] = None,
                             location: Optional[pulumi.Input[str]] = None,
                             project: Optional[pulumi.Input[str]] = None,
                             opts: Optional[InvokeOptions] = None) -> Output[GetCertificateTemplateResult]

func LookupCertificateTemplate(ctx *Context, args *LookupCertificateTemplateArgs, opts ...InvokeOption) (*LookupCertificateTemplateResult, error)
func LookupCertificateTemplateOutput(ctx *Context, args *LookupCertificateTemplateOutputArgs, opts ...InvokeOption) LookupCertificateTemplateResultOutput

> Note: This function is named LookupCertificateTemplate in the Go SDK.

public static class GetCertificateTemplate 
{
    public static Task<GetCertificateTemplateResult> InvokeAsync(GetCertificateTemplateArgs args, InvokeOptions? opts = null)
    public static Output<GetCertificateTemplateResult> Invoke(GetCertificateTemplateInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetCertificateTemplateResult> getCertificateTemplate(GetCertificateTemplateArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: google-native:privateca/v1:getCertificateTemplate
  arguments:
    # arguments dictionary

The following arguments are supported:

CertificateTemplateId string
Location string
Project string

CertificateTemplateId string
Location string
Project string

certificateTemplateId String
location String
project String

certificateTemplateId string
location string
project string

certificate_template_id str
location str
project str

certificateTemplateId String
location String
project String

getCertificateTemplate Result

The following output properties are available:

CreateTime string: The time at which this CertificateTemplate was created.
Description string: Optional. A human-readable description of scenarios this template is intended for.
IdentityConstraints Pulumi.GoogleNative.Privateca.V1.Outputs.CertificateIdentityConstraintsResponse: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
Labels Dictionary<string, string>: Optional. Labels with user-defined metadata.
Name string: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
PassthroughExtensions Pulumi.GoogleNative.Privateca.V1.Outputs.CertificateExtensionConstraintsResponse: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
PredefinedValues Pulumi.GoogleNative.Privateca.V1.Outputs.X509ParametersResponse: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
UpdateTime string: The time at which this CertificateTemplate was updated.

CreateTime string: The time at which this CertificateTemplate was created.
Description string: Optional. A human-readable description of scenarios this template is intended for.
IdentityConstraints CertificateIdentityConstraintsResponse: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
Labels map[string]string: Optional. Labels with user-defined metadata.
Name string: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
PassthroughExtensions CertificateExtensionConstraintsResponse: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
PredefinedValues X509ParametersResponse: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
UpdateTime string: The time at which this CertificateTemplate was updated.

createTime String: The time at which this CertificateTemplate was created.
description String: Optional. A human-readable description of scenarios this template is intended for.
identityConstraints CertificateIdentityConstraintsResponse: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels Map<String,String>: Optional. Labels with user-defined metadata.
name String: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthroughExtensions CertificateExtensionConstraintsResponse: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefinedValues X509ParametersResponse: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
updateTime String: The time at which this CertificateTemplate was updated.

createTime string: The time at which this CertificateTemplate was created.
description string: Optional. A human-readable description of scenarios this template is intended for.
identityConstraints CertificateIdentityConstraintsResponse: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels {[key: string]: string}: Optional. Labels with user-defined metadata.
name string: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthroughExtensions CertificateExtensionConstraintsResponse: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefinedValues X509ParametersResponse: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
updateTime string: The time at which this CertificateTemplate was updated.

create_time str: The time at which this CertificateTemplate was created.
description str: Optional. A human-readable description of scenarios this template is intended for.
identity_constraints CertificateIdentityConstraintsResponse: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels Mapping[str, str]: Optional. Labels with user-defined metadata.
name str: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthrough_extensions CertificateExtensionConstraintsResponse: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefined_values X509ParametersResponse: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
update_time str: The time at which this CertificateTemplate was updated.

createTime String: The time at which this CertificateTemplate was created.
description String: Optional. A human-readable description of scenarios this template is intended for.
identityConstraints Property Map: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
labels Map<String>: Optional. Labels with user-defined metadata.
name String: The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
passthroughExtensions Property Map: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
predefinedValues Property Map: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
updateTime String: The time at which this CertificateTemplate was updated.

Supporting Types

CaOptionsResponse

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Integer: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

is_ca bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CertificateExtensionConstraintsResponse

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
KnownExtensions List<string>: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

AdditionalExtensions []ObjectIdResponse: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
KnownExtensions []string: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions List<ObjectIdResponse>: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions List<String>: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions ObjectIdResponse[]: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions string[]: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additional_extensions Sequence[ObjectIdResponse]: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
known_extensions Sequence[str]: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

additionalExtensions List<Property Map>: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
knownExtensions List<String>: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

CertificateIdentityConstraintsResponse

AllowSubjectAltNamesPassthrough bool: If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
AllowSubjectPassthrough bool: If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
CelExpression Pulumi.GoogleNative.Privateca.V1.Inputs.ExprResponse: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

AllowSubjectAltNamesPassthrough bool: If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
AllowSubjectPassthrough bool: If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
CelExpression ExprResponse: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough Boolean: If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough Boolean: If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression ExprResponse: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough boolean: If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough boolean: If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression ExprResponse: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allow_subject_alt_names_passthrough bool: If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allow_subject_passthrough bool: If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
cel_expression ExprResponse: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

allowSubjectAltNamesPassthrough Boolean: If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
allowSubjectPassthrough Boolean: If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
celExpression Property Map: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel

ExprResponse

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression string: Textual representation of an expression in Common Expression Language syntax.
location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression str: Textual representation of an expression in Common Expression Language syntax.
location str: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title str: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

ExtendedKeyUsageOptionsResponse

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
code_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
email_protection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocsp_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
server_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
time_stamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

KeyUsageOptionsResponse

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

certSign boolean: The key may be used to sign certificates.
contentCommitment boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign boolean: The key may be used sign certificate revocation lists.
dataEncipherment boolean: The key may be used to encipher data.
decipherOnly boolean: The key may be used to decipher only.
digitalSignature boolean: The key may be used for digital signatures.
encipherOnly boolean: The key may be used to encipher only.
keyAgreement boolean: The key may be used in a key agreement protocol.
keyEncipherment boolean: The key may be used to encipher other keys.

cert_sign bool: The key may be used to sign certificates.
content_commitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crl_sign bool: The key may be used sign certificate revocation lists.
data_encipherment bool: The key may be used to encipher data.
decipher_only bool: The key may be used to decipher only.
digital_signature bool: The key may be used for digital signatures.
encipher_only bool: The key may be used to encipher only.
key_agreement bool: The key may be used in a key agreement protocol.
key_encipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

KeyUsageResponse

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

BaseKeyUsage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
ExtendedKeyUsage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []ObjectIdResponse: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<ObjectIdResponse>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages ObjectIdResponse[]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

base_key_usage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
extended_key_usage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[ObjectIdResponse]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage Property Map: Describes high-level ways in which a key may be used.
extendedKeyUsage Property Map: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<Property Map>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

NameConstraintsResponse

Critical bool: Indicates whether or not the name constraints are marked critical.
ExcludedDnsNames List<string>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
ExcludedEmailAddresses List<string>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
ExcludedIpRanges List<string>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
ExcludedUris List<string>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
PermittedDnsNames List<string>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
PermittedEmailAddresses List<string>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
PermittedIpRanges List<string>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
PermittedUris List<string>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

Critical bool: Indicates whether or not the name constraints are marked critical.
ExcludedDnsNames []string: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
ExcludedEmailAddresses []string: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
ExcludedIpRanges []string: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
ExcludedUris []string: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
PermittedDnsNames []string: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
PermittedEmailAddresses []string: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
PermittedIpRanges []string: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
PermittedUris []string: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical Boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames List<String>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses List<String>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges List<String>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris List<String>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames List<String>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses List<String>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges List<String>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris List<String>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames string[]: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses string[]: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges string[]: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris string[]: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames string[]: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses string[]: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges string[]: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris string[]: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical bool: Indicates whether or not the name constraints are marked critical.
excluded_dns_names Sequence[str]: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excluded_email_addresses Sequence[str]: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excluded_ip_ranges Sequence[str]: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excluded_uris Sequence[str]: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permitted_dns_names Sequence[str]: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permitted_email_addresses Sequence[str]: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permitted_ip_ranges Sequence[str]: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permitted_uris Sequence[str]: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical Boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames List<String>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses List<String>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges List<String>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris List<String>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames List<String>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses List<String>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges List<String>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris List<String>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

ObjectIdResponse

ObjectIdPath List<int>: The parts of an OID path. The most significant parts of the path come first.

ObjectIdPath []int: The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Integer>: The parts of an OID path. The most significant parts of the path come first.

objectIdPath number[]: The parts of an OID path. The most significant parts of the path come first.

object_id_path Sequence[int]: The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Number>: The parts of an OID path. The most significant parts of the path come first.

X509ExtensionResponse

Critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse: The OID for this X.509 extension.
Value string: The value of this X.509 extension.

Critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId ObjectIdResponse: The OID for this X.509 extension.
Value string: The value of this X.509 extension.

critical Boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectIdResponse: The OID for this X.509 extension.
value String: The value of this X.509 extension.

critical boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectIdResponse: The OID for this X.509 extension.
value string: The value of this X.509 extension.

critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
object_id ObjectIdResponse: The OID for this X.509 extension.
value str: The value of this X.509 extension.

critical Boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId Property Map: The OID for this X.509 extension.
value String: The value of this X.509 extension.

X509ParametersResponse

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>: Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptionsResponse: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
NameConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.NameConstraintsResponse: Optional. Describes the X.509 name constraints extension.
PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []X509ExtensionResponse: Optional. Describes custom X.509 extensions.
AiaOcspServers []string: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions CaOptionsResponse: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
NameConstraints NameConstraintsResponse: Optional. Describes the X.509 name constraints extension.
PolicyIds []ObjectIdResponse: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<X509ExtensionResponse>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CaOptionsResponse: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints NameConstraintsResponse: Optional. Describes the X.509 name constraints extension.
policyIds List<ObjectIdResponse>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions X509ExtensionResponse[]: Optional. Describes custom X.509 extensions.
aiaOcspServers string[]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CaOptionsResponse: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints NameConstraintsResponse: Optional. Describes the X.509 name constraints extension.
policyIds ObjectIdResponse[]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[X509ExtensionResponse]: Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
ca_options CaOptionsResponse: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
key_usage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
name_constraints NameConstraintsResponse: Optional. Describes the X.509 name constraints extension.
policy_ids Sequence[ObjectIdResponse]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions Property Map: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage Property Map: Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints Property Map: Optional. Describes the X.509 name constraints extension.
policyIds List<Property Map>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0