Google Cloud Native v0.28.0, Feb 2 23

google-native.privateca/v1beta1.CertificateAuthority

Create a new CertificateAuthority in a given Project and Location. Auto-naming is currently not supported for this resource. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Create CertificateAuthority Resource

new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: CustomResourceOptions);

@overload
def CertificateAuthority(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         certificate_authority_id: Optional[str] = None,
                         certificate_policy: Optional[CertificateAuthorityPolicyArgs] = None,
                         config: Optional[CertificateConfigArgs] = None,
                         gcs_bucket: Optional[str] = None,
                         issuing_options: Optional[IssuingOptionsArgs] = None,
                         key_spec: Optional[KeyVersionSpecArgs] = None,
                         labels: Optional[Mapping[str, str]] = None,
                         lifetime: Optional[str] = None,
                         location: Optional[str] = None,
                         project: Optional[str] = None,
                         request_id: Optional[str] = None,
                         subordinate_config: Optional[SubordinateConfigArgs] = None,
                         tier: Optional[CertificateAuthorityTier] = None,
                         type: Optional[CertificateAuthorityType] = None)
@overload
def CertificateAuthority(resource_name: str,
                         args: CertificateAuthorityArgs,
                         opts: Optional[ResourceOptions] = None)

func NewCertificateAuthority(ctx *Context, name string, args CertificateAuthorityArgs, opts ...ResourceOption) (*CertificateAuthority, error)

public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions? opts = null)

public CertificateAuthority(String name, CertificateAuthorityArgs args)
public CertificateAuthority(String name, CertificateAuthorityArgs args, CustomResourceOptions options)

type: google-native:privateca/v1beta1:CertificateAuthority
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateAuthorityArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertificateAuthorityArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertificateAuthorityArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateAuthorityArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertificateAuthorityArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

CertificateAuthority Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CertificateAuthority resource accepts the following input properties:

CertificateAuthorityId string: Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
Config Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.CertificateConfigArgs: Immutable. The config used to create a self-signed X.509 certificate or CSR.
KeySpec Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyVersionSpecArgs: Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
Lifetime string: The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
Tier Pulumi.GoogleNative.Privateca.V1Beta1.CertificateAuthorityTier: Immutable. The Tier of this CertificateAuthority.
Type Pulumi.GoogleNative.Privateca.V1Beta1.CertificateAuthorityType: Immutable. The Type of this CertificateAuthority.
CertificatePolicy Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.CertificateAuthorityPolicyArgs: Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.
GcsBucket string: Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
IssuingOptions Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.IssuingOptionsArgs: Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.
Labels Dictionary<string, string>: Optional. Labels with user-defined metadata.
Location string
Project string
RequestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
SubordinateConfig Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubordinateConfigArgs: Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

CertificateAuthorityId string: Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
Config CertificateConfigArgs: Immutable. The config used to create a self-signed X.509 certificate or CSR.
KeySpec KeyVersionSpecArgs: Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
Lifetime string: The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
Tier CertificateAuthorityTier: Immutable. The Tier of this CertificateAuthority.
Type CertificateAuthorityType: Immutable. The Type of this CertificateAuthority.
CertificatePolicy CertificateAuthorityPolicyArgs: Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.
GcsBucket string: Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
IssuingOptions IssuingOptionsArgs: Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.
Labels map[string]string: Optional. Labels with user-defined metadata.
Location string
Project string
RequestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
SubordinateConfig SubordinateConfigArgs: Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

certificateAuthorityId String: Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
config CertificateConfigArgs: Immutable. The config used to create a self-signed X.509 certificate or CSR.
keySpec KeyVersionSpecArgs: Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
lifetime String: The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
tier CertificateAuthorityTier: Immutable. The Tier of this CertificateAuthority.
type CertificateAuthorityType: Immutable. The Type of this CertificateAuthority.
certificatePolicy CertificateAuthorityPolicyArgs: Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.
gcsBucket String: Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
issuingOptions IssuingOptionsArgs: Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.
labels Map<String,String>: Optional. Labels with user-defined metadata.
location String
project String
requestId String: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
subordinateConfig SubordinateConfigArgs: Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

certificateAuthorityId string: Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
config CertificateConfigArgs: Immutable. The config used to create a self-signed X.509 certificate or CSR.
keySpec KeyVersionSpecArgs: Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
lifetime string: The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
tier CertificateAuthorityTier: Immutable. The Tier of this CertificateAuthority.
type CertificateAuthorityType: Immutable. The Type of this CertificateAuthority.
certificatePolicy CertificateAuthorityPolicyArgs: Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.
gcsBucket string: Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
issuingOptions IssuingOptionsArgs: Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.
labels {[key: string]: string}: Optional. Labels with user-defined metadata.
location string
project string
requestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
subordinateConfig SubordinateConfigArgs: Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

certificate_authority_id str: Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
config CertificateConfigArgs: Immutable. The config used to create a self-signed X.509 certificate or CSR.
key_spec KeyVersionSpecArgs: Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
lifetime str: The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
tier CertificateAuthorityTier: Immutable. The Tier of this CertificateAuthority.
type CertificateAuthorityType: Immutable. The Type of this CertificateAuthority.
certificate_policy CertificateAuthorityPolicyArgs: Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.
gcs_bucket str: Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
issuing_options IssuingOptionsArgs: Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.
labels Mapping[str, str]: Optional. Labels with user-defined metadata.
location str
project str
request_id str: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
subordinate_config SubordinateConfigArgs: Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

certificateAuthorityId String: Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
config Property Map: Immutable. The config used to create a self-signed X.509 certificate or CSR.
keySpec Property Map: Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
lifetime String: The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
tier "TIER_UNSPECIFIED" | "ENTERPRISE" | "DEVOPS": Immutable. The Tier of this CertificateAuthority.
type "TYPE_UNSPECIFIED" | "SELF_SIGNED" | "SUBORDINATE": Immutable. The Type of this CertificateAuthority.
certificatePolicy Property Map: Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.
gcsBucket String: Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
issuingOptions Property Map: Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.
labels Map<String>: Optional. Labels with user-defined metadata.
location String
project String
requestId String: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
subordinateConfig Property Map: Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

Outputs

All input properties are implicitly available as output properties. Additionally, the CertificateAuthority resource produces the following output properties:

AccessUrls Pulumi.GoogleNative.Privateca.V1Beta1.Outputs.AccessUrlsResponse: URLs for accessing content published by this CA, such as the CA certificate and CRLs.
CaCertificateDescriptions List<Pulumi.GoogleNative.Privateca.V1Beta1.Outputs.CertificateDescriptionResponse>: A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
CreateTime string: The time at which this CertificateAuthority was created.
DeleteTime string: The time at which this CertificateAuthority will be deleted, if scheduled for deletion.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
PemCaCertificates List<string>: This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
State string: The State for this CertificateAuthority.
UpdateTime string: The time at which this CertificateAuthority was updated.

AccessUrls AccessUrlsResponse: URLs for accessing content published by this CA, such as the CA certificate and CRLs.
CaCertificateDescriptions []CertificateDescriptionResponse: A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
CreateTime string: The time at which this CertificateAuthority was created.
DeleteTime string: The time at which this CertificateAuthority will be deleted, if scheduled for deletion.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
PemCaCertificates []string: This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
State string: The State for this CertificateAuthority.
UpdateTime string: The time at which this CertificateAuthority was updated.

accessUrls AccessUrlsResponse: URLs for accessing content published by this CA, such as the CA certificate and CRLs.
caCertificateDescriptions List<CertificateDescriptionResponse>: A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
createTime String: The time at which this CertificateAuthority was created.
deleteTime String: The time at which this CertificateAuthority will be deleted, if scheduled for deletion.
id String: The provider-assigned unique ID for this managed resource.
name String: The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
pemCaCertificates List<String>: This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
state String: The State for this CertificateAuthority.
updateTime String: The time at which this CertificateAuthority was updated.

accessUrls AccessUrlsResponse: URLs for accessing content published by this CA, such as the CA certificate and CRLs.
caCertificateDescriptions CertificateDescriptionResponse[]: A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
createTime string: The time at which this CertificateAuthority was created.
deleteTime string: The time at which this CertificateAuthority will be deleted, if scheduled for deletion.
id string: The provider-assigned unique ID for this managed resource.
name string: The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
pemCaCertificates string[]: This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
state string: The State for this CertificateAuthority.
updateTime string: The time at which this CertificateAuthority was updated.

access_urls AccessUrlsResponse: URLs for accessing content published by this CA, such as the CA certificate and CRLs.
ca_certificate_descriptions Sequence[CertificateDescriptionResponse]: A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
create_time str: The time at which this CertificateAuthority was created.
delete_time str: The time at which this CertificateAuthority will be deleted, if scheduled for deletion.
id str: The provider-assigned unique ID for this managed resource.
name str: The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
pem_ca_certificates Sequence[str]: This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
state str: The State for this CertificateAuthority.
update_time str: The time at which this CertificateAuthority was updated.

accessUrls Property Map: URLs for accessing content published by this CA, such as the CA certificate and CRLs.
caCertificateDescriptions List<Property Map>: A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
createTime String: The time at which this CertificateAuthority was created.
deleteTime String: The time at which this CertificateAuthority will be deleted, if scheduled for deletion.
id String: The provider-assigned unique ID for this managed resource.
name String: The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
pemCaCertificates List<String>: This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
state String: The State for this CertificateAuthority.
updateTime String: The time at which this CertificateAuthority was updated.

Supporting Types

AccessUrlsResponse

CaCertificateAccessUrl string: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
CrlAccessUrl string: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

CaCertificateAccessUrl string: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
CrlAccessUrl string: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl String: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crlAccessUrl String: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl string: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crlAccessUrl string: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

ca_certificate_access_url str: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crl_access_url str: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl String: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crlAccessUrl String: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

AllowedConfigList

AllowedConfigValues List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigWrapper>: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

AllowedConfigValues []ReusableConfigWrapper: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowedConfigValues List<ReusableConfigWrapper>: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowedConfigValues ReusableConfigWrapper[]: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowed_config_values Sequence[ReusableConfigWrapper]: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowedConfigValues List<Property Map>: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

AllowedConfigListResponse

AllowedConfigValues List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigWrapperResponse>: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

AllowedConfigValues []ReusableConfigWrapperResponse: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowedConfigValues List<ReusableConfigWrapperResponse>: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowedConfigValues ReusableConfigWrapperResponse[]: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowed_config_values Sequence[ReusableConfigWrapperResponse]: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowedConfigValues List<Property Map>: All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

AllowedSubjectAltNames

AllowCustomSans bool: Optional. Specifies if to allow custom X509Extension values.
AllowGlobbingDnsWildcards bool: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
AllowedDnsNames List<string>: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
AllowedEmailAddresses List<string>: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
AllowedIps List<string>: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
AllowedUris List<string>: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

AllowCustomSans bool: Optional. Specifies if to allow custom X509Extension values.
AllowGlobbingDnsWildcards bool: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
AllowedDnsNames []string: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
AllowedEmailAddresses []string: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
AllowedIps []string: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
AllowedUris []string: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allowCustomSans Boolean: Optional. Specifies if to allow custom X509Extension values.
allowGlobbingDnsWildcards Boolean: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
allowedDnsNames List<String>: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
allowedEmailAddresses List<String>: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
allowedIps List<String>: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
allowedUris List<String>: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allowCustomSans boolean: Optional. Specifies if to allow custom X509Extension values.
allowGlobbingDnsWildcards boolean: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
allowedDnsNames string[]: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
allowedEmailAddresses string[]: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
allowedIps string[]: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
allowedUris string[]: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allow_custom_sans bool: Optional. Specifies if to allow custom X509Extension values.
allow_globbing_dns_wildcards bool: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
allowed_dns_names Sequence[str]: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
allowed_email_addresses Sequence[str]: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
allowed_ips Sequence[str]: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
allowed_uris Sequence[str]: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allowCustomSans Boolean: Optional. Specifies if to allow custom X509Extension values.
allowGlobbingDnsWildcards Boolean: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
allowedDnsNames List<String>: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
allowedEmailAddresses List<String>: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
allowedIps List<String>: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
allowedUris List<String>: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

AllowedSubjectAltNamesResponse

AllowCustomSans bool: Optional. Specifies if to allow custom X509Extension values.
AllowGlobbingDnsWildcards bool: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
AllowedDnsNames List<string>: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
AllowedEmailAddresses List<string>: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
AllowedIps List<string>: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
AllowedUris List<string>: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

AllowCustomSans bool: Optional. Specifies if to allow custom X509Extension values.
AllowGlobbingDnsWildcards bool: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
AllowedDnsNames []string: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
AllowedEmailAddresses []string: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
AllowedIps []string: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
AllowedUris []string: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allowCustomSans Boolean: Optional. Specifies if to allow custom X509Extension values.
allowGlobbingDnsWildcards Boolean: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
allowedDnsNames List<String>: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
allowedEmailAddresses List<String>: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
allowedIps List<String>: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
allowedUris List<String>: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allowCustomSans boolean: Optional. Specifies if to allow custom X509Extension values.
allowGlobbingDnsWildcards boolean: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
allowedDnsNames string[]: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
allowedEmailAddresses string[]: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
allowedIps string[]: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
allowedUris string[]: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allow_custom_sans bool: Optional. Specifies if to allow custom X509Extension values.
allow_globbing_dns_wildcards bool: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
allowed_dns_names Sequence[str]: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
allowed_email_addresses Sequence[str]: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
allowed_ips Sequence[str]: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
allowed_uris Sequence[str]: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allowCustomSans Boolean: Optional. Specifies if to allow custom X509Extension values.
allowGlobbingDnsWildcards Boolean: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
allowedDnsNames List<String>: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.
allowedEmailAddresses List<String>: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
allowedIps List<String>: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
allowedUris List<String>: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

CaOptions

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Integer: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

is_ca bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CaOptionsResponse

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Integer: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

is_ca bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CertificateAuthorityPolicy

AllowedCommonNames List<string>: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
AllowedConfigList Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.AllowedConfigList: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
AllowedIssuanceModes Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.IssuanceModes: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
AllowedLocationsAndOrganizations List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.Subject>: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
AllowedSans Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.AllowedSubjectAltNames: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
MaximumLifetime string: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
OverwriteConfigValues Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigWrapper: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

AllowedCommonNames []string: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
AllowedConfigList AllowedConfigList: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
AllowedIssuanceModes IssuanceModes: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
AllowedLocationsAndOrganizations []Subject: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
AllowedSans AllowedSubjectAltNames: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
MaximumLifetime string: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
OverwriteConfigValues ReusableConfigWrapper: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowedCommonNames List<String>: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
allowedConfigList AllowedConfigList: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
allowedIssuanceModes IssuanceModes: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowedLocationsAndOrganizations List<Subject>: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
allowedSans AllowedSubjectAltNames: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
maximumLifetime String: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
overwriteConfigValues ReusableConfigWrapper: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowedCommonNames string[]: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
allowedConfigList AllowedConfigList: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
allowedIssuanceModes IssuanceModes: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowedLocationsAndOrganizations Subject[]: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
allowedSans AllowedSubjectAltNames: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
maximumLifetime string: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
overwriteConfigValues ReusableConfigWrapper: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowed_common_names Sequence[str]: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
allowed_config_list AllowedConfigList: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
allowed_issuance_modes IssuanceModes: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowed_locations_and_organizations Sequence[Subject]: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
allowed_sans AllowedSubjectAltNames: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
maximum_lifetime str: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
overwrite_config_values ReusableConfigWrapper: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowedCommonNames List<String>: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
allowedConfigList Property Map: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
allowedIssuanceModes Property Map: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowedLocationsAndOrganizations List<Property Map>: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
allowedSans Property Map: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
maximumLifetime String: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
overwriteConfigValues Property Map: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

CertificateAuthorityPolicyResponse

AllowedCommonNames List<string>: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
AllowedConfigList Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.AllowedConfigListResponse: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
AllowedIssuanceModes Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.IssuanceModesResponse: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
AllowedLocationsAndOrganizations List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectResponse>: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
AllowedSans Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.AllowedSubjectAltNamesResponse: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
MaximumLifetime string: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
OverwriteConfigValues Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigWrapperResponse: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

AllowedCommonNames []string: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
AllowedConfigList AllowedConfigListResponse: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
AllowedIssuanceModes IssuanceModesResponse: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
AllowedLocationsAndOrganizations []SubjectResponse: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
AllowedSans AllowedSubjectAltNamesResponse: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
MaximumLifetime string: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
OverwriteConfigValues ReusableConfigWrapperResponse: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowedCommonNames List<String>: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
allowedConfigList AllowedConfigListResponse: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
allowedIssuanceModes IssuanceModesResponse: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowedLocationsAndOrganizations List<SubjectResponse>: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
allowedSans AllowedSubjectAltNamesResponse: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
maximumLifetime String: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
overwriteConfigValues ReusableConfigWrapperResponse: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowedCommonNames string[]: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
allowedConfigList AllowedConfigListResponse: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
allowedIssuanceModes IssuanceModesResponse: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowedLocationsAndOrganizations SubjectResponse[]: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
allowedSans AllowedSubjectAltNamesResponse: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
maximumLifetime string: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
overwriteConfigValues ReusableConfigWrapperResponse: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowed_common_names Sequence[str]: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
allowed_config_list AllowedConfigListResponse: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
allowed_issuance_modes IssuanceModesResponse: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowed_locations_and_organizations Sequence[SubjectResponse]: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
allowed_sans AllowedSubjectAltNamesResponse: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
maximum_lifetime str: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
overwrite_config_values ReusableConfigWrapperResponse: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowedCommonNames List<String>: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
allowedConfigList Property Map: Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.
allowedIssuanceModes Property Map: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
allowedLocationsAndOrganizations List<Property Map>: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
allowedSans Property Map: Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
maximumLifetime String: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
overwriteConfigValues Property Map: Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

CertificateAuthorityTier

TierUnspecified: TIER_UNSPECIFIED
Not specified.
Enterprise: ENTERPRISE
Enterprise tier.
Devops: DEVOPS
DevOps tier.

CertificateAuthorityTierTierUnspecified: TIER_UNSPECIFIED
Not specified.
CertificateAuthorityTierEnterprise: ENTERPRISE
Enterprise tier.
CertificateAuthorityTierDevops: DEVOPS
DevOps tier.

TierUnspecified: TIER_UNSPECIFIED
Not specified.
Enterprise: ENTERPRISE
Enterprise tier.
Devops: DEVOPS
DevOps tier.

TierUnspecified: TIER_UNSPECIFIED
Not specified.
Enterprise: ENTERPRISE
Enterprise tier.
Devops: DEVOPS
DevOps tier.

TIER_UNSPECIFIED: TIER_UNSPECIFIED
Not specified.
ENTERPRISE: ENTERPRISE
Enterprise tier.
DEVOPS: DEVOPS
DevOps tier.

"TIER_UNSPECIFIED": TIER_UNSPECIFIED
Not specified.
"ENTERPRISE": ENTERPRISE
Enterprise tier.
"DEVOPS": DEVOPS
DevOps tier.

CertificateAuthorityType

TypeUnspecified: TYPE_UNSPECIFIED
Not specified.
SelfSigned: SELF_SIGNED
Self-signed CA.
Subordinate: SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.

CertificateAuthorityTypeTypeUnspecified: TYPE_UNSPECIFIED
Not specified.
CertificateAuthorityTypeSelfSigned: SELF_SIGNED
Self-signed CA.
CertificateAuthorityTypeSubordinate: SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.

TypeUnspecified: TYPE_UNSPECIFIED
Not specified.
SelfSigned: SELF_SIGNED
Self-signed CA.
Subordinate: SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.

TypeUnspecified: TYPE_UNSPECIFIED
Not specified.
SelfSigned: SELF_SIGNED
Self-signed CA.
Subordinate: SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.

TYPE_UNSPECIFIED: TYPE_UNSPECIFIED
Not specified.
SELF_SIGNED: SELF_SIGNED
Self-signed CA.
SUBORDINATE: SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.

"TYPE_UNSPECIFIED": TYPE_UNSPECIFIED
Not specified.
"SELF_SIGNED": SELF_SIGNED
Self-signed CA.
"SUBORDINATE": SUBORDINATE
Subordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.

CertificateConfig

ReusableConfig Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigWrapper: Describes how some of the technical fields in a certificate should be populated.
SubjectConfig Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectConfig: Specifies some of the values in a certificate that are related to the subject.
PublicKey Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.PublicKey: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

ReusableConfig ReusableConfigWrapper: Describes how some of the technical fields in a certificate should be populated.
SubjectConfig SubjectConfig: Specifies some of the values in a certificate that are related to the subject.
PublicKey PublicKey: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

reusableConfig ReusableConfigWrapper: Describes how some of the technical fields in a certificate should be populated.
subjectConfig SubjectConfig: Specifies some of the values in a certificate that are related to the subject.
publicKey PublicKey: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

reusableConfig ReusableConfigWrapper: Describes how some of the technical fields in a certificate should be populated.
subjectConfig SubjectConfig: Specifies some of the values in a certificate that are related to the subject.
publicKey PublicKey: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

reusable_config ReusableConfigWrapper: Describes how some of the technical fields in a certificate should be populated.
subject_config SubjectConfig: Specifies some of the values in a certificate that are related to the subject.
public_key PublicKey: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

reusableConfig Property Map: Describes how some of the technical fields in a certificate should be populated.
subjectConfig Property Map: Specifies some of the values in a certificate that are related to the subject.
publicKey Property Map: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

CertificateConfigResponse

PublicKey Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.PublicKeyResponse: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
ReusableConfig Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigWrapperResponse: Describes how some of the technical fields in a certificate should be populated.
SubjectConfig Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectConfigResponse: Specifies some of the values in a certificate that are related to the subject.

PublicKey PublicKeyResponse: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
ReusableConfig ReusableConfigWrapperResponse: Describes how some of the technical fields in a certificate should be populated.
SubjectConfig SubjectConfigResponse: Specifies some of the values in a certificate that are related to the subject.

publicKey PublicKeyResponse: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
reusableConfig ReusableConfigWrapperResponse: Describes how some of the technical fields in a certificate should be populated.
subjectConfig SubjectConfigResponse: Specifies some of the values in a certificate that are related to the subject.

publicKey PublicKeyResponse: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
reusableConfig ReusableConfigWrapperResponse: Describes how some of the technical fields in a certificate should be populated.
subjectConfig SubjectConfigResponse: Specifies some of the values in a certificate that are related to the subject.

public_key PublicKeyResponse: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
reusable_config ReusableConfigWrapperResponse: Describes how some of the technical fields in a certificate should be populated.
subject_config SubjectConfigResponse: Specifies some of the values in a certificate that are related to the subject.

publicKey Property Map: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
reusableConfig Property Map: Describes how some of the technical fields in a certificate should be populated.
subjectConfig Property Map: Specifies some of the values in a certificate that are related to the subject.

CertificateDescriptionResponse

AiaIssuingCertificateUrls List<string>: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
AuthorityKeyId Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyIdResponse: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
CertFingerprint Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.CertificateFingerprintResponse: The hash of the x.509 certificate.
ConfigValues Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigValuesResponse: Describes some of the technical fields in a certificate.
CrlDistributionPoints List<string>: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
PublicKey Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.PublicKeyResponse: The public key that corresponds to an issued certificate.
SubjectDescription Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectDescriptionResponse: Describes some of the values in a certificate that are related to the subject and lifetime.
SubjectKeyId Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyIdResponse: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

AiaIssuingCertificateUrls []string: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
AuthorityKeyId KeyIdResponse: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
CertFingerprint CertificateFingerprintResponse: The hash of the x.509 certificate.
ConfigValues ReusableConfigValuesResponse: Describes some of the technical fields in a certificate.
CrlDistributionPoints []string: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
PublicKey PublicKeyResponse: The public key that corresponds to an issued certificate.
SubjectDescription SubjectDescriptionResponse: Describes some of the values in a certificate that are related to the subject and lifetime.
SubjectKeyId KeyIdResponse: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

aiaIssuingCertificateUrls List<String>: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authorityKeyId KeyIdResponse: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
certFingerprint CertificateFingerprintResponse: The hash of the x.509 certificate.
configValues ReusableConfigValuesResponse: Describes some of the technical fields in a certificate.
crlDistributionPoints List<String>: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
publicKey PublicKeyResponse: The public key that corresponds to an issued certificate.
subjectDescription SubjectDescriptionResponse: Describes some of the values in a certificate that are related to the subject and lifetime.
subjectKeyId KeyIdResponse: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

aiaIssuingCertificateUrls string[]: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authorityKeyId KeyIdResponse: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
certFingerprint CertificateFingerprintResponse: The hash of the x.509 certificate.
configValues ReusableConfigValuesResponse: Describes some of the technical fields in a certificate.
crlDistributionPoints string[]: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
publicKey PublicKeyResponse: The public key that corresponds to an issued certificate.
subjectDescription SubjectDescriptionResponse: Describes some of the values in a certificate that are related to the subject and lifetime.
subjectKeyId KeyIdResponse: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

aia_issuing_certificate_urls Sequence[str]: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authority_key_id KeyIdResponse: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
cert_fingerprint CertificateFingerprintResponse: The hash of the x.509 certificate.
config_values ReusableConfigValuesResponse: Describes some of the technical fields in a certificate.
crl_distribution_points Sequence[str]: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
public_key PublicKeyResponse: The public key that corresponds to an issued certificate.
subject_description SubjectDescriptionResponse: Describes some of the values in a certificate that are related to the subject and lifetime.
subject_key_id KeyIdResponse: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

aiaIssuingCertificateUrls List<String>: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authorityKeyId Property Map: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
certFingerprint Property Map: The hash of the x.509 certificate.
configValues Property Map: Describes some of the technical fields in a certificate.
crlDistributionPoints List<String>: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
publicKey Property Map: The public key that corresponds to an issued certificate.
subjectDescription Property Map: Describes some of the values in a certificate that are related to the subject and lifetime.
subjectKeyId Property Map: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

CertificateFingerprintResponse

Sha256Hash string: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

Sha256Hash string: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256Hash String: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256Hash string: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256_hash str: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256Hash String: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

ExtendedKeyUsageOptions

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
code_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
email_protection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocsp_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
server_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
time_stamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ExtendedKeyUsageOptionsResponse

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
code_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
email_protection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocsp_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
server_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
time_stamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

IssuanceModes

AllowConfigBasedIssuance bool: When true, allows callers to create Certificates by specifying a CertificateConfig.
AllowCsrBasedIssuance bool: When true, allows callers to create Certificates by specifying a CSR.

AllowConfigBasedIssuance bool: When true, allows callers to create Certificates by specifying a CertificateConfig.
AllowCsrBasedIssuance bool: When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance Boolean: When true, allows callers to create Certificates by specifying a CertificateConfig.
allowCsrBasedIssuance Boolean: When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance boolean: When true, allows callers to create Certificates by specifying a CertificateConfig.
allowCsrBasedIssuance boolean: When true, allows callers to create Certificates by specifying a CSR.

allow_config_based_issuance bool: When true, allows callers to create Certificates by specifying a CertificateConfig.
allow_csr_based_issuance bool: When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance Boolean: When true, allows callers to create Certificates by specifying a CertificateConfig.
allowCsrBasedIssuance Boolean: When true, allows callers to create Certificates by specifying a CSR.

IssuanceModesResponse

AllowConfigBasedIssuance bool: When true, allows callers to create Certificates by specifying a CertificateConfig.
AllowCsrBasedIssuance bool: When true, allows callers to create Certificates by specifying a CSR.

AllowConfigBasedIssuance bool: When true, allows callers to create Certificates by specifying a CertificateConfig.
AllowCsrBasedIssuance bool: When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance Boolean: When true, allows callers to create Certificates by specifying a CertificateConfig.
allowCsrBasedIssuance Boolean: When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance boolean: When true, allows callers to create Certificates by specifying a CertificateConfig.
allowCsrBasedIssuance boolean: When true, allows callers to create Certificates by specifying a CSR.

allow_config_based_issuance bool: When true, allows callers to create Certificates by specifying a CertificateConfig.
allow_csr_based_issuance bool: When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance Boolean: When true, allows callers to create Certificates by specifying a CertificateConfig.
allowCsrBasedIssuance Boolean: When true, allows callers to create Certificates by specifying a CSR.

IssuingOptions

IncludeCaCertUrl bool: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
IncludeCrlAccessUrl bool: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

IncludeCaCertUrl bool: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
IncludeCrlAccessUrl bool: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

includeCaCertUrl Boolean: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
includeCrlAccessUrl Boolean: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

includeCaCertUrl boolean: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
includeCrlAccessUrl boolean: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

include_ca_cert_url bool: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
include_crl_access_url bool: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

includeCaCertUrl Boolean: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
includeCrlAccessUrl Boolean: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

IssuingOptionsResponse

IncludeCaCertUrl bool: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
IncludeCrlAccessUrl bool: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

IncludeCaCertUrl bool: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
IncludeCrlAccessUrl bool: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

includeCaCertUrl Boolean: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
includeCrlAccessUrl Boolean: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

includeCaCertUrl boolean: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
includeCrlAccessUrl boolean: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

include_ca_cert_url bool: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
include_crl_access_url bool: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

includeCaCertUrl Boolean: When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
includeCrlAccessUrl Boolean: When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

KeyIdResponse

KeyId string: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

KeyId string: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

keyId String: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

keyId string: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

key_id str: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

keyId String: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

KeyUsage

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyUsageOptions: Describes high-level ways in which a key may be used.
ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ExtendedKeyUsageOptions: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ObjectId>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

BaseKeyUsage KeyUsageOptions: Describes high-level ways in which a key may be used.
ExtendedKeyUsage ExtendedKeyUsageOptions: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []ObjectId: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptions: Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptions: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<ObjectId>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptions: Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptions: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages ObjectId[]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

base_key_usage KeyUsageOptions: Describes high-level ways in which a key may be used.
extended_key_usage ExtendedKeyUsageOptions: Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[ObjectId]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage Property Map: Describes high-level ways in which a key may be used.
extendedKeyUsage Property Map: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<Property Map>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

KeyUsageOptions

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

certSign boolean: The key may be used to sign certificates.
contentCommitment boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign boolean: The key may be used sign certificate revocation lists.
dataEncipherment boolean: The key may be used to encipher data.
decipherOnly boolean: The key may be used to decipher only.
digitalSignature boolean: The key may be used for digital signatures.
encipherOnly boolean: The key may be used to encipher only.
keyAgreement boolean: The key may be used in a key agreement protocol.
keyEncipherment boolean: The key may be used to encipher other keys.

cert_sign bool: The key may be used to sign certificates.
content_commitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crl_sign bool: The key may be used sign certificate revocation lists.
data_encipherment bool: The key may be used to encipher data.
decipher_only bool: The key may be used to decipher only.
digital_signature bool: The key may be used for digital signatures.
encipher_only bool: The key may be used to encipher only.
key_agreement bool: The key may be used in a key agreement protocol.
key_encipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

KeyUsageOptionsResponse

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

certSign boolean: The key may be used to sign certificates.
contentCommitment boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign boolean: The key may be used sign certificate revocation lists.
dataEncipherment boolean: The key may be used to encipher data.
decipherOnly boolean: The key may be used to decipher only.
digitalSignature boolean: The key may be used for digital signatures.
encipherOnly boolean: The key may be used to encipher only.
keyAgreement boolean: The key may be used in a key agreement protocol.
keyEncipherment boolean: The key may be used to encipher other keys.

cert_sign bool: The key may be used to sign certificates.
content_commitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crl_sign bool: The key may be used sign certificate revocation lists.
data_encipherment bool: The key may be used to encipher data.
decipher_only bool: The key may be used to decipher only.
digital_signature bool: The key may be used for digital signatures.
encipher_only bool: The key may be used to encipher only.
key_agreement bool: The key may be used in a key agreement protocol.
key_encipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

KeyUsageResponse

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ObjectIdResponse>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

BaseKeyUsage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
ExtendedKeyUsage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []ObjectIdResponse: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<ObjectIdResponse>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages ObjectIdResponse[]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

base_key_usage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
extended_key_usage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[ObjectIdResponse]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage Property Map: Describes high-level ways in which a key may be used.
extendedKeyUsage Property Map: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<Property Map>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

KeyVersionSpec

Algorithm Pulumi.GoogleNative.Privateca.V1Beta1.KeyVersionSpecAlgorithm: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
CloudKmsKeyVersion string: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

Algorithm KeyVersionSpecAlgorithm: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
CloudKmsKeyVersion string: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm KeyVersionSpecAlgorithm: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloudKmsKeyVersion String: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm KeyVersionSpecAlgorithm: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloudKmsKeyVersion string: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm KeyVersionSpecAlgorithm: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloud_kms_key_version str: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm "SIGN_HASH_ALGORITHM_UNSPECIFIED" | "RSA_PSS_2048_SHA256" | "RSA_PSS_3072_SHA256" | "RSA_PSS_4096_SHA256" | "RSA_PKCS1_2048_SHA256" | "RSA_PKCS1_3072_SHA256" | "RSA_PKCS1_4096_SHA256" | "EC_P256_SHA256" | "EC_P384_SHA384": The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloudKmsKeyVersion String: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

KeyVersionSpecAlgorithm

SignHashAlgorithmUnspecified: SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
RsaPss2048Sha256: RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
RsaPss3072Sha256: RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
RsaPss4096Sha256: RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
RsaPkcs12048Sha256: RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
RsaPkcs13072Sha256: RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
RsaPkcs14096Sha256: RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
EcP256Sha256: EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
EcP384Sha384: EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384

KeyVersionSpecAlgorithmSignHashAlgorithmUnspecified: SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
KeyVersionSpecAlgorithmRsaPss2048Sha256: RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
KeyVersionSpecAlgorithmRsaPss3072Sha256: RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
KeyVersionSpecAlgorithmRsaPss4096Sha256: RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
KeyVersionSpecAlgorithmRsaPkcs12048Sha256: RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
KeyVersionSpecAlgorithmRsaPkcs13072Sha256: RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
KeyVersionSpecAlgorithmRsaPkcs14096Sha256: RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
KeyVersionSpecAlgorithmEcP256Sha256: EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
KeyVersionSpecAlgorithmEcP384Sha384: EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384

SignHashAlgorithmUnspecified: SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
RsaPss2048Sha256: RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
RsaPss3072Sha256: RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
RsaPss4096Sha256: RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
RsaPkcs12048Sha256: RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
RsaPkcs13072Sha256: RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
RsaPkcs14096Sha256: RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
EcP256Sha256: EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
EcP384Sha384: EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384

SignHashAlgorithmUnspecified: SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
RsaPss2048Sha256: RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
RsaPss3072Sha256: RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
RsaPss4096Sha256: RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
RsaPkcs12048Sha256: RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
RsaPkcs13072Sha256: RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
RsaPkcs14096Sha256: RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
EcP256Sha256: EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
EcP384Sha384: EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384

SIGN_HASH_ALGORITHM_UNSPECIFIED: SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
RSA_PSS2048_SHA256: RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
RSA_PSS3072_SHA256: RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
RSA_PSS4096_SHA256: RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
RSA_PKCS12048_SHA256: RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
RSA_PKCS13072_SHA256: RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
RSA_PKCS14096_SHA256: RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
EC_P256_SHA256: EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
EC_P384_SHA384: EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384

"SIGN_HASH_ALGORITHM_UNSPECIFIED": SIGN_HASH_ALGORITHM_UNSPECIFIED
Not specified.
"RSA_PSS_2048_SHA256": RSA_PSS_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
"RSA_PSS_3072_SHA256": RSA_PSS_3072_SHA256
maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
"RSA_PSS_4096_SHA256": RSA_PSS_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
"RSA_PKCS1_2048_SHA256": RSA_PKCS1_2048_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
"RSA_PKCS1_3072_SHA256": RSA_PKCS1_3072_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
"RSA_PKCS1_4096_SHA256": RSA_PKCS1_4096_SHA256
maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
"EC_P256_SHA256": EC_P256_SHA256
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
"EC_P384_SHA384": EC_P384_SHA384
maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384

KeyVersionSpecResponse

Algorithm string: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
CloudKmsKeyVersion string: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

Algorithm string: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
CloudKmsKeyVersion string: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm String: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloudKmsKeyVersion String: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm string: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloudKmsKeyVersion string: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm str: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloud_kms_key_version str: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm String: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloudKmsKeyVersion String: The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

ObjectId

ObjectIdPath List<int>: The parts of an OID path. The most significant parts of the path come first.

ObjectIdPath []int: The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Integer>: The parts of an OID path. The most significant parts of the path come first.

objectIdPath number[]: The parts of an OID path. The most significant parts of the path come first.

object_id_path Sequence[int]: The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Number>: The parts of an OID path. The most significant parts of the path come first.

ObjectIdResponse

ObjectIdPath List<int>: The parts of an OID path. The most significant parts of the path come first.

ObjectIdPath []int: The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Integer>: The parts of an OID path. The most significant parts of the path come first.

objectIdPath number[]: The parts of an OID path. The most significant parts of the path come first.

object_id_path Sequence[int]: The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Number>: The parts of an OID path. The most significant parts of the path come first.

PublicKey

Key string: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
Type Pulumi.GoogleNative.Privateca.V1Beta1.PublicKeyType: Optional. The type of public key. If specified, it must match the public key used for thekey field.

Key string: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
Type PublicKeyType: Optional. The type of public key. If specified, it must match the public key used for thekey field.

key String: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
type PublicKeyType: Optional. The type of public key. If specified, it must match the public key used for thekey field.

key string: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
type PublicKeyType: Optional. The type of public key. If specified, it must match the public key used for thekey field.

key str: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
type PublicKeyType: Optional. The type of public key. If specified, it must match the public key used for thekey field.

key String: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
type "KEY_TYPE_UNSPECIFIED" | "PEM_RSA_KEY" | "PEM_EC_KEY": Optional. The type of public key. If specified, it must match the public key used for thekey field.

PublicKeyResponse

Key string: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
Type string: Optional. The type of public key. If specified, it must match the public key used for thekey field.

Key string: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
Type string: Optional. The type of public key. If specified, it must match the public key used for thekey field.

key String: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
type String: Optional. The type of public key. If specified, it must match the public key used for thekey field.

key string: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
type string: Optional. The type of public key. If specified, it must match the public key used for thekey field.

key str: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
type str: Optional. The type of public key. If specified, it must match the public key used for thekey field.

key String: A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
type String: Optional. The type of public key. If specified, it must match the public key used for thekey field.

PublicKeyType

KeyTypeUnspecified: KEY_TYPE_UNSPECIFIED
Default unspecified value.
PemRsaKey: PEM_RSA_KEY
A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, or an RFC 5280 SubjectPublicKeyInfo structure containing the former.
PemEcKey: PEM_EC_KEY
An RFC 5280 SubjectPublicKeyInfo structure containing a PEM-encoded compressed NIST P-256/secp256r1/prime256v1 or P-384 key.

PublicKeyTypeKeyTypeUnspecified: KEY_TYPE_UNSPECIFIED
Default unspecified value.
PublicKeyTypePemRsaKey: PEM_RSA_KEY
A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, or an RFC 5280 SubjectPublicKeyInfo structure containing the former.
PublicKeyTypePemEcKey: PEM_EC_KEY
An RFC 5280 SubjectPublicKeyInfo structure containing a PEM-encoded compressed NIST P-256/secp256r1/prime256v1 or P-384 key.

KeyTypeUnspecified: KEY_TYPE_UNSPECIFIED
Default unspecified value.
PemRsaKey: PEM_RSA_KEY
A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, or an RFC 5280 SubjectPublicKeyInfo structure containing the former.
PemEcKey: PEM_EC_KEY
An RFC 5280 SubjectPublicKeyInfo structure containing a PEM-encoded compressed NIST P-256/secp256r1/prime256v1 or P-384 key.

KeyTypeUnspecified: KEY_TYPE_UNSPECIFIED
Default unspecified value.
PemRsaKey: PEM_RSA_KEY
A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, or an RFC 5280 SubjectPublicKeyInfo structure containing the former.
PemEcKey: PEM_EC_KEY
An RFC 5280 SubjectPublicKeyInfo structure containing a PEM-encoded compressed NIST P-256/secp256r1/prime256v1 or P-384 key.

KEY_TYPE_UNSPECIFIED: KEY_TYPE_UNSPECIFIED
Default unspecified value.
PEM_RSA_KEY: PEM_RSA_KEY
A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, or an RFC 5280 SubjectPublicKeyInfo structure containing the former.
PEM_EC_KEY: PEM_EC_KEY
An RFC 5280 SubjectPublicKeyInfo structure containing a PEM-encoded compressed NIST P-256/secp256r1/prime256v1 or P-384 key.

"KEY_TYPE_UNSPECIFIED": KEY_TYPE_UNSPECIFIED
Default unspecified value.
"PEM_RSA_KEY": PEM_RSA_KEY
A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, or an RFC 5280 SubjectPublicKeyInfo structure containing the former.
"PEM_EC_KEY": PEM_EC_KEY
An RFC 5280 SubjectPublicKeyInfo structure containing a PEM-encoded compressed NIST P-256/secp256r1/prime256v1 or P-384 key.

ReusableConfigValues

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.X509Extension>: Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.CaOptions: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
KeyUsage Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ObjectId>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []X509Extension: Optional. Describes custom X.509 extensions.
AiaOcspServers []string: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions CaOptions: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
KeyUsage KeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds []ObjectId: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<X509Extension>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CaOptions: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
keyUsage KeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds List<ObjectId>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions X509Extension[]: Optional. Describes custom X.509 extensions.
aiaOcspServers string[]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CaOptions: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
keyUsage KeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds ObjectId[]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[X509Extension]: Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
ca_options CaOptions: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
key_usage KeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
policy_ids Sequence[ObjectId]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions Property Map: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
keyUsage Property Map: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds List<Property Map>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

ReusableConfigValuesResponse

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.X509ExtensionResponse>: Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.CaOptionsResponse: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
KeyUsage Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ObjectIdResponse>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []X509ExtensionResponse: Optional. Describes custom X.509 extensions.
AiaOcspServers []string: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions CaOptionsResponse: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
KeyUsage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
PolicyIds []ObjectIdResponse: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<X509ExtensionResponse>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CaOptionsResponse: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
keyUsage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds List<ObjectIdResponse>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions X509ExtensionResponse[]: Optional. Describes custom X.509 extensions.
aiaOcspServers string[]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CaOptionsResponse: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
keyUsage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds ObjectIdResponse[]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[X509ExtensionResponse]: Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
ca_options CaOptionsResponse: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
key_usage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
policy_ids Sequence[ObjectIdResponse]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions Property Map: Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.
keyUsage Property Map: Optional. Indicates the intended use for keys that correspond to a certificate.
policyIds List<Property Map>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

ReusableConfigWrapper

ReusableConfig string: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
ReusableConfigValues Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigValues: A user-specified inline ReusableConfigValues.

ReusableConfig string: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
ReusableConfigValues ReusableConfigValues: A user-specified inline ReusableConfigValues.

reusableConfig String: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
reusableConfigValues ReusableConfigValues: A user-specified inline ReusableConfigValues.

reusableConfig string: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
reusableConfigValues ReusableConfigValues: A user-specified inline ReusableConfigValues.

reusable_config str: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
reusable_config_values ReusableConfigValues: A user-specified inline ReusableConfigValues.

reusableConfig String: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
reusableConfigValues Property Map: A user-specified inline ReusableConfigValues.

ReusableConfigWrapperResponse

ReusableConfig string: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
ReusableConfigValues Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigValuesResponse: A user-specified inline ReusableConfigValues.

ReusableConfig string: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
ReusableConfigValues ReusableConfigValuesResponse: A user-specified inline ReusableConfigValues.

reusableConfig String: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
reusableConfigValues ReusableConfigValuesResponse: A user-specified inline ReusableConfigValues.

reusableConfig string: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
reusableConfigValues ReusableConfigValuesResponse: A user-specified inline ReusableConfigValues.

reusable_config str: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
reusable_config_values ReusableConfigValuesResponse: A user-specified inline ReusableConfigValues.

reusableConfig String: A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.
reusableConfigValues Property Map: A user-specified inline ReusableConfigValues.

Subject

CountryCode string: The country code of the subject.
Locality string: The locality or city of the subject.
Organization string: The organization of the subject.
OrganizationalUnit string: The organizational_unit of the subject.
PostalCode string: The postal code of the subject.
Province string: The province, territory, or regional state of the subject.
StreetAddress string: The street address of the subject.

CountryCode string: The country code of the subject.
Locality string: The locality or city of the subject.
Organization string: The organization of the subject.
OrganizationalUnit string: The organizational_unit of the subject.
PostalCode string: The postal code of the subject.
Province string: The province, territory, or regional state of the subject.
StreetAddress string: The street address of the subject.

countryCode String: The country code of the subject.
locality String: The locality or city of the subject.
organization String: The organization of the subject.
organizationalUnit String: The organizational_unit of the subject.
postalCode String: The postal code of the subject.
province String: The province, territory, or regional state of the subject.
streetAddress String: The street address of the subject.

countryCode string: The country code of the subject.
locality string: The locality or city of the subject.
organization string: The organization of the subject.
organizationalUnit string: The organizational_unit of the subject.
postalCode string: The postal code of the subject.
province string: The province, territory, or regional state of the subject.
streetAddress string: The street address of the subject.

country_code str: The country code of the subject.
locality str: The locality or city of the subject.
organization str: The organization of the subject.
organizational_unit str: The organizational_unit of the subject.
postal_code str: The postal code of the subject.
province str: The province, territory, or regional state of the subject.
street_address str: The street address of the subject.

countryCode String: The country code of the subject.
locality String: The locality or city of the subject.
organization String: The organization of the subject.
organizationalUnit String: The organizational_unit of the subject.
postalCode String: The postal code of the subject.
province String: The province, territory, or regional state of the subject.
streetAddress String: The street address of the subject.

SubjectAltNames

CustomSans List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.X509Extension>: Contains additional subject alternative name values.
DnsNames List<string>: Contains only valid, fully-qualified host names.
EmailAddresses List<string>: Contains only valid RFC 2822 E-mail addresses.
IpAddresses List<string>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris List<string>: Contains only valid RFC 3986 URIs.

CustomSans []X509Extension: Contains additional subject alternative name values.
DnsNames []string: Contains only valid, fully-qualified host names.
EmailAddresses []string: Contains only valid RFC 2822 E-mail addresses.
IpAddresses []string: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris []string: Contains only valid RFC 3986 URIs.

customSans List<X509Extension>: Contains additional subject alternative name values.
dnsNames List<String>: Contains only valid, fully-qualified host names.
emailAddresses List<String>: Contains only valid RFC 2822 E-mail addresses.
ipAddresses List<String>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris List<String>: Contains only valid RFC 3986 URIs.

customSans X509Extension[]: Contains additional subject alternative name values.
dnsNames string[]: Contains only valid, fully-qualified host names.
emailAddresses string[]: Contains only valid RFC 2822 E-mail addresses.
ipAddresses string[]: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris string[]: Contains only valid RFC 3986 URIs.

custom_sans Sequence[X509Extension]: Contains additional subject alternative name values.
dns_names Sequence[str]: Contains only valid, fully-qualified host names.
email_addresses Sequence[str]: Contains only valid RFC 2822 E-mail addresses.
ip_addresses Sequence[str]: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris Sequence[str]: Contains only valid RFC 3986 URIs.

customSans List<Property Map>: Contains additional subject alternative name values.
dnsNames List<String>: Contains only valid, fully-qualified host names.
emailAddresses List<String>: Contains only valid RFC 2822 E-mail addresses.
ipAddresses List<String>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris List<String>: Contains only valid RFC 3986 URIs.

SubjectAltNamesResponse

CustomSans List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.X509ExtensionResponse>: Contains additional subject alternative name values.
DnsNames List<string>: Contains only valid, fully-qualified host names.
EmailAddresses List<string>: Contains only valid RFC 2822 E-mail addresses.
IpAddresses List<string>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris List<string>: Contains only valid RFC 3986 URIs.

CustomSans []X509ExtensionResponse: Contains additional subject alternative name values.
DnsNames []string: Contains only valid, fully-qualified host names.
EmailAddresses []string: Contains only valid RFC 2822 E-mail addresses.
IpAddresses []string: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris []string: Contains only valid RFC 3986 URIs.

customSans List<X509ExtensionResponse>: Contains additional subject alternative name values.
dnsNames List<String>: Contains only valid, fully-qualified host names.
emailAddresses List<String>: Contains only valid RFC 2822 E-mail addresses.
ipAddresses List<String>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris List<String>: Contains only valid RFC 3986 URIs.

customSans X509ExtensionResponse[]: Contains additional subject alternative name values.
dnsNames string[]: Contains only valid, fully-qualified host names.
emailAddresses string[]: Contains only valid RFC 2822 E-mail addresses.
ipAddresses string[]: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris string[]: Contains only valid RFC 3986 URIs.

custom_sans Sequence[X509ExtensionResponse]: Contains additional subject alternative name values.
dns_names Sequence[str]: Contains only valid, fully-qualified host names.
email_addresses Sequence[str]: Contains only valid RFC 2822 E-mail addresses.
ip_addresses Sequence[str]: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris Sequence[str]: Contains only valid RFC 3986 URIs.

customSans List<Property Map>: Contains additional subject alternative name values.
dnsNames List<String>: Contains only valid, fully-qualified host names.
emailAddresses List<String>: Contains only valid RFC 2822 E-mail addresses.
ipAddresses List<String>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris List<String>: Contains only valid RFC 3986 URIs.

SubjectConfig

Subject Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.Subject: Contains distinguished name fields such as the location and organization.
CommonName string: Optional. The "common name" of the distinguished name.
SubjectAltName Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectAltNames: Optional. The subject alternative name fields.

Subject Subject: Contains distinguished name fields such as the location and organization.
CommonName string: Optional. The "common name" of the distinguished name.
SubjectAltName SubjectAltNames: Optional. The subject alternative name fields.

subject Subject: Contains distinguished name fields such as the location and organization.
commonName String: Optional. The "common name" of the distinguished name.
subjectAltName SubjectAltNames: Optional. The subject alternative name fields.

subject Subject: Contains distinguished name fields such as the location and organization.
commonName string: Optional. The "common name" of the distinguished name.
subjectAltName SubjectAltNames: Optional. The subject alternative name fields.

subject Subject: Contains distinguished name fields such as the location and organization.
common_name str: Optional. The "common name" of the distinguished name.
subject_alt_name SubjectAltNames: Optional. The subject alternative name fields.

subject Property Map: Contains distinguished name fields such as the location and organization.
commonName String: Optional. The "common name" of the distinguished name.
subjectAltName Property Map: Optional. The subject alternative name fields.

SubjectConfigResponse

CommonName string: Optional. The "common name" of the distinguished name.
Subject Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectResponse: Contains distinguished name fields such as the location and organization.
SubjectAltName Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectAltNamesResponse: Optional. The subject alternative name fields.

CommonName string: Optional. The "common name" of the distinguished name.
Subject SubjectResponse: Contains distinguished name fields such as the location and organization.
SubjectAltName SubjectAltNamesResponse: Optional. The subject alternative name fields.

commonName String: Optional. The "common name" of the distinguished name.
subject SubjectResponse: Contains distinguished name fields such as the location and organization.
subjectAltName SubjectAltNamesResponse: Optional. The subject alternative name fields.

commonName string: Optional. The "common name" of the distinguished name.
subject SubjectResponse: Contains distinguished name fields such as the location and organization.
subjectAltName SubjectAltNamesResponse: Optional. The subject alternative name fields.

common_name str: Optional. The "common name" of the distinguished name.
subject SubjectResponse: Contains distinguished name fields such as the location and organization.
subject_alt_name SubjectAltNamesResponse: Optional. The subject alternative name fields.

commonName String: Optional. The "common name" of the distinguished name.
subject Property Map: Contains distinguished name fields such as the location and organization.
subjectAltName Property Map: Optional. The subject alternative name fields.

SubjectDescriptionResponse

CommonName string: The "common name" of the distinguished name.
HexSerialNumber string: The serial number encoded in lowercase hexadecimal.
Lifetime string: For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.
NotAfterTime string: The time at which the certificate expires.
NotBeforeTime string: The time at which the certificate becomes valid.
Subject Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectResponse: Contains distinguished name fields such as the location and organization.
SubjectAltName Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectAltNamesResponse: The subject alternative name fields.

CommonName string: The "common name" of the distinguished name.
HexSerialNumber string: The serial number encoded in lowercase hexadecimal.
Lifetime string: For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.
NotAfterTime string: The time at which the certificate expires.
NotBeforeTime string: The time at which the certificate becomes valid.
Subject SubjectResponse: Contains distinguished name fields such as the location and organization.
SubjectAltName SubjectAltNamesResponse: The subject alternative name fields.

commonName String: The "common name" of the distinguished name.
hexSerialNumber String: The serial number encoded in lowercase hexadecimal.
lifetime String: For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.
notAfterTime String: The time at which the certificate expires.
notBeforeTime String: The time at which the certificate becomes valid.
subject SubjectResponse: Contains distinguished name fields such as the location and organization.
subjectAltName SubjectAltNamesResponse: The subject alternative name fields.

commonName string: The "common name" of the distinguished name.
hexSerialNumber string: The serial number encoded in lowercase hexadecimal.
lifetime string: For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.
notAfterTime string: The time at which the certificate expires.
notBeforeTime string: The time at which the certificate becomes valid.
subject SubjectResponse: Contains distinguished name fields such as the location and organization.
subjectAltName SubjectAltNamesResponse: The subject alternative name fields.

common_name str: The "common name" of the distinguished name.
hex_serial_number str: The serial number encoded in lowercase hexadecimal.
lifetime str: For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.
not_after_time str: The time at which the certificate expires.
not_before_time str: The time at which the certificate becomes valid.
subject SubjectResponse: Contains distinguished name fields such as the location and organization.
subject_alt_name SubjectAltNamesResponse: The subject alternative name fields.

commonName String: The "common name" of the distinguished name.
hexSerialNumber String: The serial number encoded in lowercase hexadecimal.
lifetime String: For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.
notAfterTime String: The time at which the certificate expires.
notBeforeTime String: The time at which the certificate becomes valid.
subject Property Map: Contains distinguished name fields such as the location and organization.
subjectAltName Property Map: The subject alternative name fields.

SubjectResponse

CountryCode string: The country code of the subject.
Locality string: The locality or city of the subject.
Organization string: The organization of the subject.
OrganizationalUnit string: The organizational_unit of the subject.
PostalCode string: The postal code of the subject.
Province string: The province, territory, or regional state of the subject.
StreetAddress string: The street address of the subject.

CountryCode string: The country code of the subject.
Locality string: The locality or city of the subject.
Organization string: The organization of the subject.
OrganizationalUnit string: The organizational_unit of the subject.
PostalCode string: The postal code of the subject.
Province string: The province, territory, or regional state of the subject.
StreetAddress string: The street address of the subject.

countryCode String: The country code of the subject.
locality String: The locality or city of the subject.
organization String: The organization of the subject.
organizationalUnit String: The organizational_unit of the subject.
postalCode String: The postal code of the subject.
province String: The province, territory, or regional state of the subject.
streetAddress String: The street address of the subject.

countryCode string: The country code of the subject.
locality string: The locality or city of the subject.
organization string: The organization of the subject.
organizationalUnit string: The organizational_unit of the subject.
postalCode string: The postal code of the subject.
province string: The province, territory, or regional state of the subject.
streetAddress string: The street address of the subject.

country_code str: The country code of the subject.
locality str: The locality or city of the subject.
organization str: The organization of the subject.
organizational_unit str: The organizational_unit of the subject.
postal_code str: The postal code of the subject.
province str: The province, territory, or regional state of the subject.
street_address str: The street address of the subject.

countryCode String: The country code of the subject.
locality String: The locality or city of the subject.
organization String: The organization of the subject.
organizationalUnit String: The organizational_unit of the subject.
postalCode String: The postal code of the subject.
province String: The province, territory, or regional state of the subject.
streetAddress String: The street address of the subject.

SubordinateConfig

CertificateAuthority string: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
PemIssuerChain Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubordinateConfigChain: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

CertificateAuthority string: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
PemIssuerChain SubordinateConfigChain: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority String: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
pemIssuerChain SubordinateConfigChain: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority string: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
pemIssuerChain SubordinateConfigChain: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificate_authority str: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
pem_issuer_chain SubordinateConfigChain: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority String: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
pemIssuerChain Property Map: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

SubordinateConfigChain

PemCertificates List<string>: Expected to be in leaf-to-root order according to RFC 5246.

PemCertificates []string: Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates List<String>: Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates string[]: Expected to be in leaf-to-root order according to RFC 5246.

pem_certificates Sequence[str]: Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates List<String>: Expected to be in leaf-to-root order according to RFC 5246.

SubordinateConfigChainResponse

PemCertificates List<string>: Expected to be in leaf-to-root order according to RFC 5246.

PemCertificates []string: Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates List<String>: Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates string[]: Expected to be in leaf-to-root order according to RFC 5246.

pem_certificates Sequence[str]: Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates List<String>: Expected to be in leaf-to-root order according to RFC 5246.

SubordinateConfigResponse

CertificateAuthority string: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
PemIssuerChain Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubordinateConfigChainResponse: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

CertificateAuthority string: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
PemIssuerChain SubordinateConfigChainResponse: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority String: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
pemIssuerChain SubordinateConfigChainResponse: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority string: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
pemIssuerChain SubordinateConfigChainResponse: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificate_authority str: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
pem_issuer_chain SubordinateConfigChainResponse: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority String: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.
pemIssuerChain Property Map: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

X509Extension

Critical bool: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ObjectId: The OID for this X.509 extension.
Value string: The value of this X.509 extension.

Critical bool: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId ObjectId: The OID for this X.509 extension.
Value string: The value of this X.509 extension.

critical Boolean: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectId: The OID for this X.509 extension.
value String: The value of this X.509 extension.

critical boolean: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectId: The OID for this X.509 extension.
value string: The value of this X.509 extension.

critical bool: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
object_id ObjectId: The OID for this X.509 extension.
value str: The value of this X.509 extension.

critical Boolean: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId Property Map: The OID for this X.509 extension.
value String: The value of this X.509 extension.

X509ExtensionResponse

Critical bool: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ObjectIdResponse: The OID for this X.509 extension.
Value string: The value of this X.509 extension.

Critical bool: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId ObjectIdResponse: The OID for this X.509 extension.
Value string: The value of this X.509 extension.

critical Boolean: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectIdResponse: The OID for this X.509 extension.
value String: The value of this X.509 extension.

critical boolean: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectIdResponse: The OID for this X.509 extension.
value string: The value of this X.509 extension.

critical bool: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
object_id ObjectIdResponse: The OID for this X.509 extension.
value str: The value of this X.509 extension.

critical Boolean: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId Property Map: The OID for this X.509 extension.
value String: The value of this X.509 extension.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0