Google Native

Pulumi Official
Package maintained by Pulumi
v0.20.0 published on Monday, Jun 6, 2022 by Pulumi

getCertificateAuthority

Returns a CertificateAuthority.

Using getCertificateAuthority

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getCertificateAuthority(args: GetCertificateAuthorityArgs, opts?: InvokeOptions): Promise<GetCertificateAuthorityResult>
function getCertificateAuthorityOutput(args: GetCertificateAuthorityOutputArgs, opts?: InvokeOptions): Output<GetCertificateAuthorityResult>
def get_certificate_authority(certificate_authority_id: Optional[str] = None,
                              location: Optional[str] = None,
                              project: Optional[str] = None,
                              opts: Optional[InvokeOptions] = None) -> GetCertificateAuthorityResult
def get_certificate_authority_output(certificate_authority_id: Optional[pulumi.Input[str]] = None,
                              location: Optional[pulumi.Input[str]] = None,
                              project: Optional[pulumi.Input[str]] = None,
                              opts: Optional[InvokeOptions] = None) -> Output[GetCertificateAuthorityResult]
func LookupCertificateAuthority(ctx *Context, args *LookupCertificateAuthorityArgs, opts ...InvokeOption) (*LookupCertificateAuthorityResult, error)
func LookupCertificateAuthorityOutput(ctx *Context, args *LookupCertificateAuthorityOutputArgs, opts ...InvokeOption) LookupCertificateAuthorityResultOutput

> Note: This function is named LookupCertificateAuthority in the Go SDK.

public static class GetCertificateAuthority 
{
    public static Task<GetCertificateAuthorityResult> InvokeAsync(GetCertificateAuthorityArgs args, InvokeOptions? opts = null)
    public static Output<GetCertificateAuthorityResult> Invoke(GetCertificateAuthorityInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetCertificateAuthorityResult> getCertificateAuthority(GetCertificateAuthorityArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: google-native:privateca/v1beta1:getCertificateAuthority
  Arguments:
    # Arguments dictionary

The following arguments are supported:

getCertificateAuthority Result

The following output properties are available:

AccessUrls Pulumi.GoogleNative.Privateca.V1Beta1.Outputs.AccessUrlsResponse

URLs for accessing content published by this CA, such as the CA certificate and CRLs.

CaCertificateDescriptions List<Pulumi.GoogleNative.Privateca.V1Beta1.Outputs.CertificateDescriptionResponse>

A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

CertificatePolicy Pulumi.GoogleNative.Privateca.V1Beta1.Outputs.CertificateAuthorityPolicyResponse

Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.

Config Pulumi.GoogleNative.Privateca.V1Beta1.Outputs.CertificateConfigResponse

Immutable. The config used to create a self-signed X.509 certificate or CSR.

CreateTime string

The time at which this CertificateAuthority was created.

DeleteTime string

The time at which this CertificateAuthority will be deleted, if scheduled for deletion.

GcsBucket string

Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

IssuingOptions Pulumi.GoogleNative.Privateca.V1Beta1.Outputs.IssuingOptionsResponse

Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.

KeySpec Pulumi.GoogleNative.Privateca.V1Beta1.Outputs.KeyVersionSpecResponse

Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

Labels Dictionary<string, string>

Optional. Labels with user-defined metadata.

Lifetime string

The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

Name string

The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

PemCaCertificates List<string>

This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

State string

The State for this CertificateAuthority.

SubordinateConfig Pulumi.GoogleNative.Privateca.V1Beta1.Outputs.SubordinateConfigResponse

Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

Tier string

Immutable. The Tier of this CertificateAuthority.

Type string

Immutable. The Type of this CertificateAuthority.

UpdateTime string

The time at which this CertificateAuthority was updated.

AccessUrls AccessUrlsResponse

URLs for accessing content published by this CA, such as the CA certificate and CRLs.

CaCertificateDescriptions []CertificateDescriptionResponse

A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

CertificatePolicy CertificateAuthorityPolicyResponse

Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.

Config CertificateConfigResponse

Immutable. The config used to create a self-signed X.509 certificate or CSR.

CreateTime string

The time at which this CertificateAuthority was created.

DeleteTime string

The time at which this CertificateAuthority will be deleted, if scheduled for deletion.

GcsBucket string

Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

IssuingOptions IssuingOptionsResponse

Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.

KeySpec KeyVersionSpecResponse

Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

Labels map[string]string

Optional. Labels with user-defined metadata.

Lifetime string

The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

Name string

The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

PemCaCertificates []string

This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

State string

The State for this CertificateAuthority.

SubordinateConfig SubordinateConfigResponse

Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

Tier string

Immutable. The Tier of this CertificateAuthority.

Type string

Immutable. The Type of this CertificateAuthority.

UpdateTime string

The time at which this CertificateAuthority was updated.

accessUrls AccessUrlsResponse

URLs for accessing content published by this CA, such as the CA certificate and CRLs.

caCertificateDescriptions List<CertificateDescriptionResponse>

A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

certificatePolicy CertificateAuthorityPolicyResponse

Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.

config CertificateConfigResponse

Immutable. The config used to create a self-signed X.509 certificate or CSR.

createTime String

The time at which this CertificateAuthority was created.

deleteTime String

The time at which this CertificateAuthority will be deleted, if scheduled for deletion.

gcsBucket String

Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

issuingOptions IssuingOptionsResponse

Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.

keySpec KeyVersionSpecResponse

Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

labels Map<String,String>

Optional. Labels with user-defined metadata.

lifetime String

The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

name String

The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

pemCaCertificates List<String>

This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

state String

The State for this CertificateAuthority.

subordinateConfig SubordinateConfigResponse

Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

tier String

Immutable. The Tier of this CertificateAuthority.

type String

Immutable. The Type of this CertificateAuthority.

updateTime String

The time at which this CertificateAuthority was updated.

accessUrls AccessUrlsResponse

URLs for accessing content published by this CA, such as the CA certificate and CRLs.

caCertificateDescriptions CertificateDescriptionResponse[]

A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

certificatePolicy CertificateAuthorityPolicyResponse

Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.

config CertificateConfigResponse

Immutable. The config used to create a self-signed X.509 certificate or CSR.

createTime string

The time at which this CertificateAuthority was created.

deleteTime string

The time at which this CertificateAuthority will be deleted, if scheduled for deletion.

gcsBucket string

Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

issuingOptions IssuingOptionsResponse

Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.

keySpec KeyVersionSpecResponse

Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

labels {[key: string]: string}

Optional. Labels with user-defined metadata.

lifetime string

The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

name string

The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

pemCaCertificates string[]

This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

state string

The State for this CertificateAuthority.

subordinateConfig SubordinateConfigResponse

Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

tier string

Immutable. The Tier of this CertificateAuthority.

type string

Immutable. The Type of this CertificateAuthority.

updateTime string

The time at which this CertificateAuthority was updated.

access_urls AccessUrlsResponse

URLs for accessing content published by this CA, such as the CA certificate and CRLs.

ca_certificate_descriptions Sequence[CertificateDescriptionResponse]

A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

certificate_policy CertificateAuthorityPolicyResponse

Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.

config CertificateConfigResponse

Immutable. The config used to create a self-signed X.509 certificate or CSR.

create_time str

The time at which this CertificateAuthority was created.

delete_time str

The time at which this CertificateAuthority will be deleted, if scheduled for deletion.

gcs_bucket str

Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

issuing_options IssuingOptionsResponse

Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.

key_spec KeyVersionSpecResponse

Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

labels Mapping[str, str]

Optional. Labels with user-defined metadata.

lifetime str

The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

name str

The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

pem_ca_certificates Sequence[str]

This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

state str

The State for this CertificateAuthority.

subordinate_config SubordinateConfigResponse

Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

tier str

Immutable. The Tier of this CertificateAuthority.

type str

Immutable. The Type of this CertificateAuthority.

update_time str

The time at which this CertificateAuthority was updated.

accessUrls Property Map

URLs for accessing content published by this CA, such as the CA certificate and CRLs.

caCertificateDescriptions List<Property Map>

A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

certificatePolicy Property Map

Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.

config Property Map

Immutable. The config used to create a self-signed X.509 certificate or CSR.

createTime String

The time at which this CertificateAuthority was created.

deleteTime String

The time at which this CertificateAuthority will be deleted, if scheduled for deletion.

gcsBucket String

Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

issuingOptions Property Map

Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.

keySpec Property Map

Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

labels Map<String>

Optional. Labels with user-defined metadata.

lifetime String

The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

name String

The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

pemCaCertificates List<String>

This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

state String

The State for this CertificateAuthority.

subordinateConfig Property Map

Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

tier String

Immutable. The Tier of this CertificateAuthority.

type String

Immutable. The Type of this CertificateAuthority.

updateTime String

The time at which this CertificateAuthority was updated.

Supporting Types

AccessUrlsResponse

CaCertificateAccessUrl string

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

CrlAccessUrl string

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

CaCertificateAccessUrl string

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

CrlAccessUrl string

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl String

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

crlAccessUrl String

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl string

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

crlAccessUrl string

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

ca_certificate_access_url str

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

crl_access_url str

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl String

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

crlAccessUrl String

The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

AllowedConfigListResponse

AllowedConfigValues List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigWrapperResponse>

All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

AllowedConfigValues []ReusableConfigWrapperResponse

All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowedConfigValues List<ReusableConfigWrapperResponse>

All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowedConfigValues ReusableConfigWrapperResponse[]

All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowed_config_values Sequence[ReusableConfigWrapperResponse]

All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

allowedConfigValues List<Property Map>

All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.

AllowedSubjectAltNamesResponse

AllowCustomSans bool

Optional. Specifies if to allow custom X509Extension values.

AllowGlobbingDnsWildcards bool

Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.

AllowedDnsNames List<string>

Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.

AllowedEmailAddresses List<string>

Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.

AllowedIps List<string>

Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).

AllowedUris List<string>

Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

AllowCustomSans bool

Optional. Specifies if to allow custom X509Extension values.

AllowGlobbingDnsWildcards bool

Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.

AllowedDnsNames []string

Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.

AllowedEmailAddresses []string

Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.

AllowedIps []string

Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).

AllowedUris []string

Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allowCustomSans Boolean

Optional. Specifies if to allow custom X509Extension values.

allowGlobbingDnsWildcards Boolean

Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.

allowedDnsNames List<String>

Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.

allowedEmailAddresses List<String>

Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.

allowedIps List<String>

Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).

allowedUris List<String>

Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allowCustomSans boolean

Optional. Specifies if to allow custom X509Extension values.

allowGlobbingDnsWildcards boolean

Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.

allowedDnsNames string[]

Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.

allowedEmailAddresses string[]

Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.

allowedIps string[]

Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).

allowedUris string[]

Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allow_custom_sans bool

Optional. Specifies if to allow custom X509Extension values.

allow_globbing_dns_wildcards bool

Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.

allowed_dns_names Sequence[str]

Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.

allowed_email_addresses Sequence[str]

Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.

allowed_ips Sequence[str]

Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).

allowed_uris Sequence[str]

Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

allowCustomSans Boolean

Optional. Specifies if to allow custom X509Extension values.

allowGlobbingDnsWildcards Boolean

Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.

allowedDnsNames List<String>

Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. \*). E.g. for globbed entries: *bar.com will allow foo.bar.com, but not *.bar.com, unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: \*.bar.com will allow *.bar.com, but not foo.bar.com.

allowedEmailAddresses List<String>

Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.

allowedIps List<String>

Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).

allowedUris List<String>

Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').

CaOptionsResponse

IsCa bool

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

MaxIssuerPathLength int

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

IsCa bool

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

MaxIssuerPathLength int

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

maxIssuerPathLength Integer

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa boolean

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

maxIssuerPathLength number

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

is_ca bool

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

max_issuer_path_length int

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean

Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.

maxIssuerPathLength Number

Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CertificateAuthorityPolicyResponse

AllowedCommonNames List<string>

Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.

AllowedConfigList Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.AllowedConfigListResponse

Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.

AllowedIssuanceModes Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.IssuanceModesResponse

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

AllowedLocationsAndOrganizations List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectResponse>

Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.

AllowedSans Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.AllowedSubjectAltNamesResponse

Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.

MaximumLifetime string

Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.

OverwriteConfigValues Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigWrapperResponse

Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

AllowedCommonNames []string

Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.

AllowedConfigList AllowedConfigListResponse

Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.

AllowedIssuanceModes IssuanceModesResponse

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

AllowedLocationsAndOrganizations []SubjectResponse

Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.

AllowedSans AllowedSubjectAltNamesResponse

Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.

MaximumLifetime string

Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.

OverwriteConfigValues ReusableConfigWrapperResponse

Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowedCommonNames List<String>

Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.

allowedConfigList AllowedConfigListResponse

Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.

allowedIssuanceModes IssuanceModesResponse

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

allowedLocationsAndOrganizations List<SubjectResponse>

Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.

allowedSans AllowedSubjectAltNamesResponse

Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.

maximumLifetime String

Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.

overwriteConfigValues ReusableConfigWrapperResponse

Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowedCommonNames string[]

Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.

allowedConfigList AllowedConfigListResponse

Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.

allowedIssuanceModes IssuanceModesResponse

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

allowedLocationsAndOrganizations SubjectResponse[]

Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.

allowedSans AllowedSubjectAltNamesResponse

Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.

maximumLifetime string

Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.

overwriteConfigValues ReusableConfigWrapperResponse

Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowed_common_names Sequence[str]

Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.

allowed_config_list AllowedConfigListResponse

Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.

allowed_issuance_modes IssuanceModesResponse

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

allowed_locations_and_organizations Sequence[SubjectResponse]

Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.

allowed_sans AllowedSubjectAltNamesResponse

Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.

maximum_lifetime str

Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.

overwrite_config_values ReusableConfigWrapperResponse

Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

allowedCommonNames List<String>

Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.

allowedConfigList Property Map

Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list.

allowedIssuanceModes Property Map

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

allowedLocationsAndOrganizations List<Property Map>

Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.

allowedSans Property Map

Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.

maximumLifetime String

Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.

overwriteConfigValues Property Map

Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values.

CertificateConfigResponse

PublicKey Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.PublicKeyResponse

Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

ReusableConfig Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigWrapperResponse

Describes how some of the technical fields in a certificate should be populated.

SubjectConfig Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectConfigResponse

Specifies some of the values in a certificate that are related to the subject.

PublicKey PublicKeyResponse

Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

ReusableConfig ReusableConfigWrapperResponse

Describes how some of the technical fields in a certificate should be populated.

SubjectConfig SubjectConfigResponse

Specifies some of the values in a certificate that are related to the subject.

publicKey PublicKeyResponse

Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

reusableConfig ReusableConfigWrapperResponse

Describes how some of the technical fields in a certificate should be populated.

subjectConfig SubjectConfigResponse

Specifies some of the values in a certificate that are related to the subject.

publicKey PublicKeyResponse

Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

reusableConfig ReusableConfigWrapperResponse

Describes how some of the technical fields in a certificate should be populated.

subjectConfig SubjectConfigResponse

Specifies some of the values in a certificate that are related to the subject.

public_key PublicKeyResponse

Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

reusable_config ReusableConfigWrapperResponse

Describes how some of the technical fields in a certificate should be populated.

subject_config SubjectConfigResponse

Specifies some of the values in a certificate that are related to the subject.

publicKey Property Map

Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

reusableConfig Property Map

Describes how some of the technical fields in a certificate should be populated.

subjectConfig Property Map

Specifies some of the values in a certificate that are related to the subject.

CertificateDescriptionResponse

AiaIssuingCertificateUrls List<string>

Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

AuthorityKeyId Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyIdResponse

Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

CertFingerprint Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.CertificateFingerprintResponse

The hash of the x.509 certificate.

ConfigValues Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigValuesResponse

Describes some of the technical fields in a certificate.

CrlDistributionPoints List<string>

Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

PublicKey Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.PublicKeyResponse

The public key that corresponds to an issued certificate.

SubjectDescription Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectDescriptionResponse

Describes some of the values in a certificate that are related to the subject and lifetime.

SubjectKeyId Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyIdResponse

Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

AiaIssuingCertificateUrls []string

Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

AuthorityKeyId KeyIdResponse

Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

CertFingerprint CertificateFingerprintResponse

The hash of the x.509 certificate.

ConfigValues ReusableConfigValuesResponse

Describes some of the technical fields in a certificate.

CrlDistributionPoints []string

Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

PublicKey PublicKeyResponse

The public key that corresponds to an issued certificate.

SubjectDescription SubjectDescriptionResponse

Describes some of the values in a certificate that are related to the subject and lifetime.

SubjectKeyId KeyIdResponse

Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

aiaIssuingCertificateUrls List<String>

Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

authorityKeyId KeyIdResponse

Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

certFingerprint CertificateFingerprintResponse

The hash of the x.509 certificate.

configValues ReusableConfigValuesResponse

Describes some of the technical fields in a certificate.

crlDistributionPoints List<String>

Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

publicKey PublicKeyResponse

The public key that corresponds to an issued certificate.

subjectDescription SubjectDescriptionResponse

Describes some of the values in a certificate that are related to the subject and lifetime.

subjectKeyId KeyIdResponse

Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

aiaIssuingCertificateUrls string[]

Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

authorityKeyId KeyIdResponse

Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

certFingerprint CertificateFingerprintResponse

The hash of the x.509 certificate.

configValues ReusableConfigValuesResponse

Describes some of the technical fields in a certificate.

crlDistributionPoints string[]

Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

publicKey PublicKeyResponse

The public key that corresponds to an issued certificate.

subjectDescription SubjectDescriptionResponse

Describes some of the values in a certificate that are related to the subject and lifetime.

subjectKeyId KeyIdResponse

Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

aia_issuing_certificate_urls Sequence[str]

Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

authority_key_id KeyIdResponse

Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

cert_fingerprint CertificateFingerprintResponse

The hash of the x.509 certificate.

config_values ReusableConfigValuesResponse

Describes some of the technical fields in a certificate.

crl_distribution_points Sequence[str]

Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

public_key PublicKeyResponse

The public key that corresponds to an issued certificate.

subject_description SubjectDescriptionResponse

Describes some of the values in a certificate that are related to the subject and lifetime.

subject_key_id KeyIdResponse

Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

aiaIssuingCertificateUrls List<String>

Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

authorityKeyId Property Map

Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

certFingerprint Property Map

The hash of the x.509 certificate.

configValues Property Map

Describes some of the technical fields in a certificate.

crlDistributionPoints List<String>

Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

publicKey Property Map

The public key that corresponds to an issued certificate.

subjectDescription Property Map

Describes some of the values in a certificate that are related to the subject and lifetime.

subjectKeyId Property Map

Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

CertificateFingerprintResponse

Sha256Hash string

The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

Sha256Hash string

The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256Hash String

The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256Hash string

The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256_hash str

The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256Hash String

The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

ExtendedKeyUsageOptionsResponse

ClientAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

CodeSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

EmailProtection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

OcspSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

ServerAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

TimeStamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

CodeSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

EmailProtection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

OcspSigning bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

ServerAuth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

TimeStamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

code_signing bool

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

email_protection bool

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocsp_signing bool

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

server_auth bool

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

time_stamping bool

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.

codeSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".

emailProtection Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".

ocspSigning Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".

serverAuth Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.

timeStamping Boolean

Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

IssuanceModesResponse

AllowConfigBasedIssuance bool

When true, allows callers to create Certificates by specifying a CertificateConfig.

AllowCsrBasedIssuance bool

When true, allows callers to create Certificates by specifying a CSR.

AllowConfigBasedIssuance bool

When true, allows callers to create Certificates by specifying a CertificateConfig.

AllowCsrBasedIssuance bool

When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance Boolean

When true, allows callers to create Certificates by specifying a CertificateConfig.

allowCsrBasedIssuance Boolean

When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance boolean

When true, allows callers to create Certificates by specifying a CertificateConfig.

allowCsrBasedIssuance boolean

When true, allows callers to create Certificates by specifying a CSR.

allow_config_based_issuance bool

When true, allows callers to create Certificates by specifying a CertificateConfig.

allow_csr_based_issuance bool

When true, allows callers to create Certificates by specifying a CSR.

allowConfigBasedIssuance Boolean

When true, allows callers to create Certificates by specifying a CertificateConfig.

allowCsrBasedIssuance Boolean

When true, allows callers to create Certificates by specifying a CSR.

IssuingOptionsResponse

IncludeCaCertUrl bool

When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.

IncludeCrlAccessUrl bool

When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

IncludeCaCertUrl bool

When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.

IncludeCrlAccessUrl bool

When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

includeCaCertUrl Boolean

When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.

includeCrlAccessUrl Boolean

When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

includeCaCertUrl boolean

When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.

includeCrlAccessUrl boolean

When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

include_ca_cert_url bool

When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.

include_crl_access_url bool

When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

includeCaCertUrl Boolean

When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.

includeCrlAccessUrl Boolean

When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

KeyIdResponse

KeyId string

Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

KeyId string

Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

keyId String

Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

keyId string

Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

key_id str

Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

keyId String

Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

KeyUsageOptionsResponse

CertSign bool

The key may be used to sign certificates.

ContentCommitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

CrlSign bool

The key may be used sign certificate revocation lists.

DataEncipherment bool

The key may be used to encipher data.

DecipherOnly bool

The key may be used to decipher only.

DigitalSignature bool

The key may be used for digital signatures.

EncipherOnly bool

The key may be used to encipher only.

KeyAgreement bool

The key may be used in a key agreement protocol.

KeyEncipherment bool

The key may be used to encipher other keys.

CertSign bool

The key may be used to sign certificates.

ContentCommitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

CrlSign bool

The key may be used sign certificate revocation lists.

DataEncipherment bool

The key may be used to encipher data.

DecipherOnly bool

The key may be used to decipher only.

DigitalSignature bool

The key may be used for digital signatures.

EncipherOnly bool

The key may be used to encipher only.

KeyAgreement bool

The key may be used in a key agreement protocol.

KeyEncipherment bool

The key may be used to encipher other keys.

certSign Boolean

The key may be used to sign certificates.

contentCommitment Boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign Boolean

The key may be used sign certificate revocation lists.

dataEncipherment Boolean

The key may be used to encipher data.

decipherOnly Boolean

The key may be used to decipher only.

digitalSignature Boolean

The key may be used for digital signatures.

encipherOnly Boolean

The key may be used to encipher only.

keyAgreement Boolean

The key may be used in a key agreement protocol.

keyEncipherment Boolean

The key may be used to encipher other keys.

certSign boolean

The key may be used to sign certificates.

contentCommitment boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign boolean

The key may be used sign certificate revocation lists.

dataEncipherment boolean

The key may be used to encipher data.

decipherOnly boolean

The key may be used to decipher only.

digitalSignature boolean

The key may be used for digital signatures.

encipherOnly boolean

The key may be used to encipher only.

keyAgreement boolean

The key may be used in a key agreement protocol.

keyEncipherment boolean

The key may be used to encipher other keys.

cert_sign bool

The key may be used to sign certificates.

content_commitment bool

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crl_sign bool

The key may be used sign certificate revocation lists.

data_encipherment bool

The key may be used to encipher data.

decipher_only bool

The key may be used to decipher only.

digital_signature bool

The key may be used for digital signatures.

encipher_only bool

The key may be used to encipher only.

key_agreement bool

The key may be used in a key agreement protocol.

key_encipherment bool

The key may be used to encipher other keys.

certSign Boolean

The key may be used to sign certificates.

contentCommitment Boolean

The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".

crlSign Boolean

The key may be used sign certificate revocation lists.

dataEncipherment Boolean

The key may be used to encipher data.

decipherOnly Boolean

The key may be used to decipher only.

digitalSignature Boolean

The key may be used for digital signatures.

encipherOnly Boolean

The key may be used to encipher only.

keyAgreement Boolean

The key may be used in a key agreement protocol.

keyEncipherment Boolean

The key may be used to encipher other keys.

KeyUsageResponse

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyUsageOptionsResponse

Describes high-level ways in which a key may be used.

ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ExtendedKeyUsageOptionsResponse

Detailed scenarios in which a key may be used.

UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ObjectIdResponse>

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

BaseKeyUsage KeyUsageOptionsResponse

Describes high-level ways in which a key may be used.

ExtendedKeyUsage ExtendedKeyUsageOptionsResponse

Detailed scenarios in which a key may be used.

UnknownExtendedKeyUsages []ObjectIdResponse

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptionsResponse

Describes high-level ways in which a key may be used.

extendedKeyUsage ExtendedKeyUsageOptionsResponse

Detailed scenarios in which a key may be used.

unknownExtendedKeyUsages List<ObjectIdResponse>

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptionsResponse

Describes high-level ways in which a key may be used.

extendedKeyUsage ExtendedKeyUsageOptionsResponse

Detailed scenarios in which a key may be used.

unknownExtendedKeyUsages ObjectIdResponse[]

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

base_key_usage KeyUsageOptionsResponse

Describes high-level ways in which a key may be used.

extended_key_usage ExtendedKeyUsageOptionsResponse

Detailed scenarios in which a key may be used.

unknown_extended_key_usages Sequence[ObjectIdResponse]

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage Property Map

Describes high-level ways in which a key may be used.

extendedKeyUsage Property Map

Detailed scenarios in which a key may be used.

unknownExtendedKeyUsages List<Property Map>

Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

KeyVersionSpecResponse

Algorithm string

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

CloudKmsKeyVersion string

The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

Algorithm string

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

CloudKmsKeyVersion string

The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm String

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

cloudKmsKeyVersion String

The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm string

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

cloudKmsKeyVersion string

The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm str

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

cloud_kms_key_version str

The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

algorithm String

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.

cloudKmsKeyVersion String

The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

ObjectIdResponse

ObjectIdPath List<int>

The parts of an OID path. The most significant parts of the path come first.

ObjectIdPath []int

The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Integer>

The parts of an OID path. The most significant parts of the path come first.

objectIdPath number[]

The parts of an OID path. The most significant parts of the path come first.

object_id_path Sequence[int]

The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Number>

The parts of an OID path. The most significant parts of the path come first.

PublicKeyResponse

Key string

A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

Type string

Optional. The type of public key. If specified, it must match the public key used for thekey field.

Key string

A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

Type string

Optional. The type of public key. If specified, it must match the public key used for thekey field.

key String

A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

type String

Optional. The type of public key. If specified, it must match the public key used for thekey field.

key string

A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

type string

Optional. The type of public key. If specified, it must match the public key used for thekey field.

key str

A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

type str

Optional. The type of public key. If specified, it must match the public key used for thekey field.

key String

A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

type String

Optional. The type of public key. If specified, it must match the public key used for thekey field.

ReusableConfigValuesResponse

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.X509ExtensionResponse>

Optional. Describes custom X.509 extensions.

AiaOcspServers List<string>

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

CaOptions Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.CaOptionsResponse

Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.

KeyUsage Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.KeyUsageResponse

Optional. Indicates the intended use for keys that correspond to a certificate.

PolicyIds List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ObjectIdResponse>

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []X509ExtensionResponse

Optional. Describes custom X.509 extensions.

AiaOcspServers []string

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

CaOptions CaOptionsResponse

Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.

KeyUsage KeyUsageResponse

Optional. Indicates the intended use for keys that correspond to a certificate.

PolicyIds []ObjectIdResponse

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<X509ExtensionResponse>

Optional. Describes custom X.509 extensions.

aiaOcspServers List<String>

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions CaOptionsResponse

Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.

keyUsage KeyUsageResponse

Optional. Indicates the intended use for keys that correspond to a certificate.

policyIds List<ObjectIdResponse>

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions X509ExtensionResponse[]

Optional. Describes custom X.509 extensions.

aiaOcspServers string[]

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions CaOptionsResponse

Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.

keyUsage KeyUsageResponse

Optional. Indicates the intended use for keys that correspond to a certificate.

policyIds ObjectIdResponse[]

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[X509ExtensionResponse]

Optional. Describes custom X.509 extensions.

aia_ocsp_servers Sequence[str]

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

ca_options CaOptionsResponse

Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.

key_usage KeyUsageResponse

Optional. Indicates the intended use for keys that correspond to a certificate.

policy_ids Sequence[ObjectIdResponse]

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>

Optional. Describes custom X.509 extensions.

aiaOcspServers List<String>

Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.

caOptions Property Map

Optional. Describes options in this ReusableConfigValues that are relevant in a CA certificate.

keyUsage Property Map

Optional. Indicates the intended use for keys that correspond to a certificate.

policyIds List<Property Map>

Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

ReusableConfigWrapperResponse

ReusableConfig string

A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.

ReusableConfigValues Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ReusableConfigValuesResponse

A user-specified inline ReusableConfigValues.

ReusableConfig string

A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.

ReusableConfigValues ReusableConfigValuesResponse

A user-specified inline ReusableConfigValues.

reusableConfig String

A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.

reusableConfigValues ReusableConfigValuesResponse

A user-specified inline ReusableConfigValues.

reusableConfig string

A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.

reusableConfigValues ReusableConfigValuesResponse

A user-specified inline ReusableConfigValues.

reusable_config str

A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.

reusable_config_values ReusableConfigValuesResponse

A user-specified inline ReusableConfigValues.

reusableConfig String

A resource path to a ReusableConfig in the format projects/*/locations/*/reusableConfigs/*.

reusableConfigValues Property Map

A user-specified inline ReusableConfigValues.

SubjectAltNamesResponse

CustomSans List<Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.X509ExtensionResponse>

Contains additional subject alternative name values.

DnsNames List<string>

Contains only valid, fully-qualified host names.

EmailAddresses List<string>

Contains only valid RFC 2822 E-mail addresses.

IpAddresses List<string>

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

Uris List<string>

Contains only valid RFC 3986 URIs.

CustomSans []X509ExtensionResponse

Contains additional subject alternative name values.

DnsNames []string

Contains only valid, fully-qualified host names.

EmailAddresses []string

Contains only valid RFC 2822 E-mail addresses.

IpAddresses []string

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

Uris []string

Contains only valid RFC 3986 URIs.

customSans List<X509ExtensionResponse>

Contains additional subject alternative name values.

dnsNames List<String>

Contains only valid, fully-qualified host names.

emailAddresses List<String>

Contains only valid RFC 2822 E-mail addresses.

ipAddresses List<String>

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

uris List<String>

Contains only valid RFC 3986 URIs.

customSans X509ExtensionResponse[]

Contains additional subject alternative name values.

dnsNames string[]

Contains only valid, fully-qualified host names.

emailAddresses string[]

Contains only valid RFC 2822 E-mail addresses.

ipAddresses string[]

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

uris string[]

Contains only valid RFC 3986 URIs.

custom_sans Sequence[X509ExtensionResponse]

Contains additional subject alternative name values.

dns_names Sequence[str]

Contains only valid, fully-qualified host names.

email_addresses Sequence[str]

Contains only valid RFC 2822 E-mail addresses.

ip_addresses Sequence[str]

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

uris Sequence[str]

Contains only valid RFC 3986 URIs.

customSans List<Property Map>

Contains additional subject alternative name values.

dnsNames List<String>

Contains only valid, fully-qualified host names.

emailAddresses List<String>

Contains only valid RFC 2822 E-mail addresses.

ipAddresses List<String>

Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.

uris List<String>

Contains only valid RFC 3986 URIs.

SubjectConfigResponse

CommonName string

Optional. The "common name" of the distinguished name.

Subject Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectResponse

Contains distinguished name fields such as the location and organization.

SubjectAltName Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectAltNamesResponse

Optional. The subject alternative name fields.

CommonName string

Optional. The "common name" of the distinguished name.

Subject SubjectResponse

Contains distinguished name fields such as the location and organization.

SubjectAltName SubjectAltNamesResponse

Optional. The subject alternative name fields.

commonName String

Optional. The "common name" of the distinguished name.

subject SubjectResponse

Contains distinguished name fields such as the location and organization.

subjectAltName SubjectAltNamesResponse

Optional. The subject alternative name fields.

commonName string

Optional. The "common name" of the distinguished name.

subject SubjectResponse

Contains distinguished name fields such as the location and organization.

subjectAltName SubjectAltNamesResponse

Optional. The subject alternative name fields.

common_name str

Optional. The "common name" of the distinguished name.

subject SubjectResponse

Contains distinguished name fields such as the location and organization.

subject_alt_name SubjectAltNamesResponse

Optional. The subject alternative name fields.

commonName String

Optional. The "common name" of the distinguished name.

subject Property Map

Contains distinguished name fields such as the location and organization.

subjectAltName Property Map

Optional. The subject alternative name fields.

SubjectDescriptionResponse

CommonName string

The "common name" of the distinguished name.

HexSerialNumber string

The serial number encoded in lowercase hexadecimal.

Lifetime string

For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.

NotAfterTime string

The time at which the certificate expires.

NotBeforeTime string

The time at which the certificate becomes valid.

Subject Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectResponse

Contains distinguished name fields such as the location and organization.

SubjectAltName Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubjectAltNamesResponse

The subject alternative name fields.

CommonName string

The "common name" of the distinguished name.

HexSerialNumber string

The serial number encoded in lowercase hexadecimal.

Lifetime string

For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.

NotAfterTime string

The time at which the certificate expires.

NotBeforeTime string

The time at which the certificate becomes valid.

Subject SubjectResponse

Contains distinguished name fields such as the location and organization.

SubjectAltName SubjectAltNamesResponse

The subject alternative name fields.

commonName String

The "common name" of the distinguished name.

hexSerialNumber String

The serial number encoded in lowercase hexadecimal.

lifetime String

For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.

notAfterTime String

The time at which the certificate expires.

notBeforeTime String

The time at which the certificate becomes valid.

subject SubjectResponse

Contains distinguished name fields such as the location and organization.

subjectAltName SubjectAltNamesResponse

The subject alternative name fields.

commonName string

The "common name" of the distinguished name.

hexSerialNumber string

The serial number encoded in lowercase hexadecimal.

lifetime string

For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.

notAfterTime string

The time at which the certificate expires.

notBeforeTime string

The time at which the certificate becomes valid.

subject SubjectResponse

Contains distinguished name fields such as the location and organization.

subjectAltName SubjectAltNamesResponse

The subject alternative name fields.

common_name str

The "common name" of the distinguished name.

hex_serial_number str

The serial number encoded in lowercase hexadecimal.

lifetime str

For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.

not_after_time str

The time at which the certificate expires.

not_before_time str

The time at which the certificate becomes valid.

subject SubjectResponse

Contains distinguished name fields such as the location and organization.

subject_alt_name SubjectAltNamesResponse

The subject alternative name fields.

commonName String

The "common name" of the distinguished name.

hexSerialNumber String

The serial number encoded in lowercase hexadecimal.

lifetime String

For convenience, the actual lifetime of an issued certificate. Corresponds to 'not_after_time' - 'not_before_time'.

notAfterTime String

The time at which the certificate expires.

notBeforeTime String

The time at which the certificate becomes valid.

subject Property Map

Contains distinguished name fields such as the location and organization.

subjectAltName Property Map

The subject alternative name fields.

SubjectResponse

CountryCode string

The country code of the subject.

Locality string

The locality or city of the subject.

Organization string

The organization of the subject.

OrganizationalUnit string

The organizational_unit of the subject.

PostalCode string

The postal code of the subject.

Province string

The province, territory, or regional state of the subject.

StreetAddress string

The street address of the subject.

CountryCode string

The country code of the subject.

Locality string

The locality or city of the subject.

Organization string

The organization of the subject.

OrganizationalUnit string

The organizational_unit of the subject.

PostalCode string

The postal code of the subject.

Province string

The province, territory, or regional state of the subject.

StreetAddress string

The street address of the subject.

countryCode String

The country code of the subject.

locality String

The locality or city of the subject.

organization String

The organization of the subject.

organizationalUnit String

The organizational_unit of the subject.

postalCode String

The postal code of the subject.

province String

The province, territory, or regional state of the subject.

streetAddress String

The street address of the subject.

countryCode string

The country code of the subject.

locality string

The locality or city of the subject.

organization string

The organization of the subject.

organizationalUnit string

The organizational_unit of the subject.

postalCode string

The postal code of the subject.

province string

The province, territory, or regional state of the subject.

streetAddress string

The street address of the subject.

country_code str

The country code of the subject.

locality str

The locality or city of the subject.

organization str

The organization of the subject.

organizational_unit str

The organizational_unit of the subject.

postal_code str

The postal code of the subject.

province str

The province, territory, or regional state of the subject.

street_address str

The street address of the subject.

countryCode String

The country code of the subject.

locality String

The locality or city of the subject.

organization String

The organization of the subject.

organizationalUnit String

The organizational_unit of the subject.

postalCode String

The postal code of the subject.

province String

The province, territory, or regional state of the subject.

streetAddress String

The street address of the subject.

SubordinateConfigChainResponse

PemCertificates List<string>

Expected to be in leaf-to-root order according to RFC 5246.

PemCertificates []string

Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates List<String>

Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates string[]

Expected to be in leaf-to-root order according to RFC 5246.

pem_certificates Sequence[str]

Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates List<String>

Expected to be in leaf-to-root order according to RFC 5246.

SubordinateConfigResponse

CertificateAuthority string

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.

PemIssuerChain Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.SubordinateConfigChainResponse

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

CertificateAuthority string

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.

PemIssuerChain SubordinateConfigChainResponse

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority String

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.

pemIssuerChain SubordinateConfigChainResponse

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority string

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.

pemIssuerChain SubordinateConfigChainResponse

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificate_authority str

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.

pem_issuer_chain SubordinateConfigChainResponse

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority String

This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/certificateAuthorities/*.

pemIssuerChain Property Map

Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

X509ExtensionResponse

Critical bool

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

ObjectId Pulumi.GoogleNative.Privateca.V1Beta1.Inputs.ObjectIdResponse

The OID for this X.509 extension.

Value string

The value of this X.509 extension.

Critical bool

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

ObjectId ObjectIdResponse

The OID for this X.509 extension.

Value string

The value of this X.509 extension.

critical Boolean

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId ObjectIdResponse

The OID for this X.509 extension.

value String

The value of this X.509 extension.

critical boolean

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId ObjectIdResponse

The OID for this X.509 extension.

value string

The value of this X.509 extension.

critical bool

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

object_id ObjectIdResponse

The OID for this X.509 extension.

value str

The value of this X.509 extension.

critical Boolean

Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId Property Map

The OID for this X.509 extension.

value String

The value of this X.509 extension.

Package Details

Repository
https://github.com/pulumi/pulumi-google-native
License
Apache-2.0