Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.privateca/v1.CertificateAuthority
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Create a new CertificateAuthority in a given Project and Location. Auto-naming is currently not supported for this resource.
Create CertificateAuthority Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: CustomResourceOptions);@overload
def CertificateAuthority(resource_name: str,
                         args: CertificateAuthorityArgs,
                         opts: Optional[ResourceOptions] = None)
@overload
def CertificateAuthority(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         ca_pool_id: Optional[str] = None,
                         certificate_authority_id: Optional[str] = None,
                         config: Optional[CertificateConfigArgs] = None,
                         key_spec: Optional[KeyVersionSpecArgs] = None,
                         lifetime: Optional[str] = None,
                         type: Optional[CertificateAuthorityType] = None,
                         gcs_bucket: Optional[str] = None,
                         labels: Optional[Mapping[str, str]] = None,
                         location: Optional[str] = None,
                         project: Optional[str] = None,
                         request_id: Optional[str] = None,
                         subordinate_config: Optional[SubordinateConfigArgs] = None)func NewCertificateAuthority(ctx *Context, name string, args CertificateAuthorityArgs, opts ...ResourceOption) (*CertificateAuthority, error)public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions? opts = null)
public CertificateAuthority(String name, CertificateAuthorityArgs args)
public CertificateAuthority(String name, CertificateAuthorityArgs args, CustomResourceOptions options)
type: google-native:privateca/v1:CertificateAuthority
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var certificateAuthorityResource = new GoogleNative.Privateca.V1.CertificateAuthority("certificateAuthorityResource", new()
{
    CaPoolId = "string",
    CertificateAuthorityId = "string",
    Config = new GoogleNative.Privateca.V1.Inputs.CertificateConfigArgs
    {
        SubjectConfig = new GoogleNative.Privateca.V1.Inputs.SubjectConfigArgs
        {
            Subject = new GoogleNative.Privateca.V1.Inputs.SubjectArgs
            {
                CommonName = "string",
                CountryCode = "string",
                Locality = "string",
                Organization = "string",
                OrganizationalUnit = "string",
                PostalCode = "string",
                Province = "string",
                StreetAddress = "string",
            },
            SubjectAltName = new GoogleNative.Privateca.V1.Inputs.SubjectAltNamesArgs
            {
                CustomSans = new[]
                {
                    new GoogleNative.Privateca.V1.Inputs.X509ExtensionArgs
                    {
                        ObjectId = new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                        {
                            ObjectIdPath = new[]
                            {
                                0,
                            },
                        },
                        Value = "string",
                        Critical = false,
                    },
                },
                DnsNames = new[]
                {
                    "string",
                },
                EmailAddresses = new[]
                {
                    "string",
                },
                IpAddresses = new[]
                {
                    "string",
                },
                Uris = new[]
                {
                    "string",
                },
            },
        },
        X509Config = new GoogleNative.Privateca.V1.Inputs.X509ParametersArgs
        {
            AdditionalExtensions = new[]
            {
                new GoogleNative.Privateca.V1.Inputs.X509ExtensionArgs
                {
                    ObjectId = new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                    {
                        ObjectIdPath = new[]
                        {
                            0,
                        },
                    },
                    Value = "string",
                    Critical = false,
                },
            },
            AiaOcspServers = new[]
            {
                "string",
            },
            CaOptions = new GoogleNative.Privateca.V1.Inputs.CaOptionsArgs
            {
                IsCa = false,
                MaxIssuerPathLength = 0,
            },
            KeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageArgs
            {
                BaseKeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsArgs
                {
                    CertSign = false,
                    ContentCommitment = false,
                    CrlSign = false,
                    DataEncipherment = false,
                    DecipherOnly = false,
                    DigitalSignature = false,
                    EncipherOnly = false,
                    KeyAgreement = false,
                    KeyEncipherment = false,
                },
                ExtendedKeyUsage = new GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsArgs
                {
                    ClientAuth = false,
                    CodeSigning = false,
                    EmailProtection = false,
                    OcspSigning = false,
                    ServerAuth = false,
                    TimeStamping = false,
                },
                UnknownExtendedKeyUsages = new[]
                {
                    new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                    {
                        ObjectIdPath = new[]
                        {
                            0,
                        },
                    },
                },
            },
            NameConstraints = new GoogleNative.Privateca.V1.Inputs.NameConstraintsArgs
            {
                Critical = false,
                ExcludedDnsNames = new[]
                {
                    "string",
                },
                ExcludedEmailAddresses = new[]
                {
                    "string",
                },
                ExcludedIpRanges = new[]
                {
                    "string",
                },
                ExcludedUris = new[]
                {
                    "string",
                },
                PermittedDnsNames = new[]
                {
                    "string",
                },
                PermittedEmailAddresses = new[]
                {
                    "string",
                },
                PermittedIpRanges = new[]
                {
                    "string",
                },
                PermittedUris = new[]
                {
                    "string",
                },
            },
            PolicyIds = new[]
            {
                new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                {
                    ObjectIdPath = new[]
                    {
                        0,
                    },
                },
            },
        },
        PublicKey = new GoogleNative.Privateca.V1.Inputs.PublicKeyArgs
        {
            Format = GoogleNative.Privateca.V1.PublicKeyFormat.KeyFormatUnspecified,
            Key = "string",
        },
    },
    KeySpec = new GoogleNative.Privateca.V1.Inputs.KeyVersionSpecArgs
    {
        Algorithm = GoogleNative.Privateca.V1.KeyVersionSpecAlgorithm.SignHashAlgorithmUnspecified,
        CloudKmsKeyVersion = "string",
    },
    Lifetime = "string",
    Type = GoogleNative.Privateca.V1.CertificateAuthorityType.TypeUnspecified,
    GcsBucket = "string",
    Labels = 
    {
        { "string", "string" },
    },
    Location = "string",
    Project = "string",
    RequestId = "string",
    SubordinateConfig = new GoogleNative.Privateca.V1.Inputs.SubordinateConfigArgs
    {
        CertificateAuthority = "string",
        PemIssuerChain = new GoogleNative.Privateca.V1.Inputs.SubordinateConfigChainArgs
        {
            PemCertificates = new[]
            {
                "string",
            },
        },
    },
});
example, err := privateca.NewCertificateAuthority(ctx, "certificateAuthorityResource", &privateca.CertificateAuthorityArgs{
	CaPoolId:               pulumi.String("string"),
	CertificateAuthorityId: pulumi.String("string"),
	Config: &privateca.CertificateConfigArgs{
		SubjectConfig: &privateca.SubjectConfigArgs{
			Subject: &privateca.SubjectArgs{
				CommonName:         pulumi.String("string"),
				CountryCode:        pulumi.String("string"),
				Locality:           pulumi.String("string"),
				Organization:       pulumi.String("string"),
				OrganizationalUnit: pulumi.String("string"),
				PostalCode:         pulumi.String("string"),
				Province:           pulumi.String("string"),
				StreetAddress:      pulumi.String("string"),
			},
			SubjectAltName: &privateca.SubjectAltNamesArgs{
				CustomSans: privateca.X509ExtensionArray{
					&privateca.X509ExtensionArgs{
						ObjectId: &privateca.ObjectIdArgs{
							ObjectIdPath: pulumi.IntArray{
								pulumi.Int(0),
							},
						},
						Value:    pulumi.String("string"),
						Critical: pulumi.Bool(false),
					},
				},
				DnsNames: pulumi.StringArray{
					pulumi.String("string"),
				},
				EmailAddresses: pulumi.StringArray{
					pulumi.String("string"),
				},
				IpAddresses: pulumi.StringArray{
					pulumi.String("string"),
				},
				Uris: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
		},
		X509Config: &privateca.X509ParametersArgs{
			AdditionalExtensions: privateca.X509ExtensionArray{
				&privateca.X509ExtensionArgs{
					ObjectId: &privateca.ObjectIdArgs{
						ObjectIdPath: pulumi.IntArray{
							pulumi.Int(0),
						},
					},
					Value:    pulumi.String("string"),
					Critical: pulumi.Bool(false),
				},
			},
			AiaOcspServers: pulumi.StringArray{
				pulumi.String("string"),
			},
			CaOptions: &privateca.CaOptionsArgs{
				IsCa:                pulumi.Bool(false),
				MaxIssuerPathLength: pulumi.Int(0),
			},
			KeyUsage: &privateca.KeyUsageArgs{
				BaseKeyUsage: &privateca.KeyUsageOptionsArgs{
					CertSign:          pulumi.Bool(false),
					ContentCommitment: pulumi.Bool(false),
					CrlSign:           pulumi.Bool(false),
					DataEncipherment:  pulumi.Bool(false),
					DecipherOnly:      pulumi.Bool(false),
					DigitalSignature:  pulumi.Bool(false),
					EncipherOnly:      pulumi.Bool(false),
					KeyAgreement:      pulumi.Bool(false),
					KeyEncipherment:   pulumi.Bool(false),
				},
				ExtendedKeyUsage: &privateca.ExtendedKeyUsageOptionsArgs{
					ClientAuth:      pulumi.Bool(false),
					CodeSigning:     pulumi.Bool(false),
					EmailProtection: pulumi.Bool(false),
					OcspSigning:     pulumi.Bool(false),
					ServerAuth:      pulumi.Bool(false),
					TimeStamping:    pulumi.Bool(false),
				},
				UnknownExtendedKeyUsages: privateca.ObjectIdArray{
					&privateca.ObjectIdArgs{
						ObjectIdPath: pulumi.IntArray{
							pulumi.Int(0),
						},
					},
				},
			},
			NameConstraints: &privateca.NameConstraintsArgs{
				Critical: pulumi.Bool(false),
				ExcludedDnsNames: pulumi.StringArray{
					pulumi.String("string"),
				},
				ExcludedEmailAddresses: pulumi.StringArray{
					pulumi.String("string"),
				},
				ExcludedIpRanges: pulumi.StringArray{
					pulumi.String("string"),
				},
				ExcludedUris: pulumi.StringArray{
					pulumi.String("string"),
				},
				PermittedDnsNames: pulumi.StringArray{
					pulumi.String("string"),
				},
				PermittedEmailAddresses: pulumi.StringArray{
					pulumi.String("string"),
				},
				PermittedIpRanges: pulumi.StringArray{
					pulumi.String("string"),
				},
				PermittedUris: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
			PolicyIds: privateca.ObjectIdArray{
				&privateca.ObjectIdArgs{
					ObjectIdPath: pulumi.IntArray{
						pulumi.Int(0),
					},
				},
			},
		},
		PublicKey: &privateca.PublicKeyArgs{
			Format: privateca.PublicKeyFormatKeyFormatUnspecified,
			Key:    pulumi.String("string"),
		},
	},
	KeySpec: &privateca.KeyVersionSpecArgs{
		Algorithm:          privateca.KeyVersionSpecAlgorithmSignHashAlgorithmUnspecified,
		CloudKmsKeyVersion: pulumi.String("string"),
	},
	Lifetime:  pulumi.String("string"),
	Type:      privateca.CertificateAuthorityTypeTypeUnspecified,
	GcsBucket: pulumi.String("string"),
	Labels: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Location:  pulumi.String("string"),
	Project:   pulumi.String("string"),
	RequestId: pulumi.String("string"),
	SubordinateConfig: &privateca.SubordinateConfigArgs{
		CertificateAuthority: pulumi.String("string"),
		PemIssuerChain: &privateca.SubordinateConfigChainArgs{
			PemCertificates: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
})
var certificateAuthorityResource = new CertificateAuthority("certificateAuthorityResource", CertificateAuthorityArgs.builder()
    .caPoolId("string")
    .certificateAuthorityId("string")
    .config(CertificateConfigArgs.builder()
        .subjectConfig(SubjectConfigArgs.builder()
            .subject(SubjectArgs.builder()
                .commonName("string")
                .countryCode("string")
                .locality("string")
                .organization("string")
                .organizationalUnit("string")
                .postalCode("string")
                .province("string")
                .streetAddress("string")
                .build())
            .subjectAltName(SubjectAltNamesArgs.builder()
                .customSans(X509ExtensionArgs.builder()
                    .objectId(ObjectIdArgs.builder()
                        .objectIdPath(0)
                        .build())
                    .value("string")
                    .critical(false)
                    .build())
                .dnsNames("string")
                .emailAddresses("string")
                .ipAddresses("string")
                .uris("string")
                .build())
            .build())
        .x509Config(X509ParametersArgs.builder()
            .additionalExtensions(X509ExtensionArgs.builder()
                .objectId(ObjectIdArgs.builder()
                    .objectIdPath(0)
                    .build())
                .value("string")
                .critical(false)
                .build())
            .aiaOcspServers("string")
            .caOptions(CaOptionsArgs.builder()
                .isCa(false)
                .maxIssuerPathLength(0)
                .build())
            .keyUsage(KeyUsageArgs.builder()
                .baseKeyUsage(KeyUsageOptionsArgs.builder()
                    .certSign(false)
                    .contentCommitment(false)
                    .crlSign(false)
                    .dataEncipherment(false)
                    .decipherOnly(false)
                    .digitalSignature(false)
                    .encipherOnly(false)
                    .keyAgreement(false)
                    .keyEncipherment(false)
                    .build())
                .extendedKeyUsage(ExtendedKeyUsageOptionsArgs.builder()
                    .clientAuth(false)
                    .codeSigning(false)
                    .emailProtection(false)
                    .ocspSigning(false)
                    .serverAuth(false)
                    .timeStamping(false)
                    .build())
                .unknownExtendedKeyUsages(ObjectIdArgs.builder()
                    .objectIdPath(0)
                    .build())
                .build())
            .nameConstraints(NameConstraintsArgs.builder()
                .critical(false)
                .excludedDnsNames("string")
                .excludedEmailAddresses("string")
                .excludedIpRanges("string")
                .excludedUris("string")
                .permittedDnsNames("string")
                .permittedEmailAddresses("string")
                .permittedIpRanges("string")
                .permittedUris("string")
                .build())
            .policyIds(ObjectIdArgs.builder()
                .objectIdPath(0)
                .build())
            .build())
        .publicKey(PublicKeyArgs.builder()
            .format("KEY_FORMAT_UNSPECIFIED")
            .key("string")
            .build())
        .build())
    .keySpec(KeyVersionSpecArgs.builder()
        .algorithm("SIGN_HASH_ALGORITHM_UNSPECIFIED")
        .cloudKmsKeyVersion("string")
        .build())
    .lifetime("string")
    .type("TYPE_UNSPECIFIED")
    .gcsBucket("string")
    .labels(Map.of("string", "string"))
    .location("string")
    .project("string")
    .requestId("string")
    .subordinateConfig(SubordinateConfigArgs.builder()
        .certificateAuthority("string")
        .pemIssuerChain(SubordinateConfigChainArgs.builder()
            .pemCertificates("string")
            .build())
        .build())
    .build());
certificate_authority_resource = google_native.privateca.v1.CertificateAuthority("certificateAuthorityResource",
    ca_pool_id="string",
    certificate_authority_id="string",
    config={
        "subject_config": {
            "subject": {
                "common_name": "string",
                "country_code": "string",
                "locality": "string",
                "organization": "string",
                "organizational_unit": "string",
                "postal_code": "string",
                "province": "string",
                "street_address": "string",
            },
            "subject_alt_name": {
                "custom_sans": [{
                    "object_id": {
                        "object_id_path": [0],
                    },
                    "value": "string",
                    "critical": False,
                }],
                "dns_names": ["string"],
                "email_addresses": ["string"],
                "ip_addresses": ["string"],
                "uris": ["string"],
            },
        },
        "x509_config": {
            "additional_extensions": [{
                "object_id": {
                    "object_id_path": [0],
                },
                "value": "string",
                "critical": False,
            }],
            "aia_ocsp_servers": ["string"],
            "ca_options": {
                "is_ca": False,
                "max_issuer_path_length": 0,
            },
            "key_usage": {
                "base_key_usage": {
                    "cert_sign": False,
                    "content_commitment": False,
                    "crl_sign": False,
                    "data_encipherment": False,
                    "decipher_only": False,
                    "digital_signature": False,
                    "encipher_only": False,
                    "key_agreement": False,
                    "key_encipherment": False,
                },
                "extended_key_usage": {
                    "client_auth": False,
                    "code_signing": False,
                    "email_protection": False,
                    "ocsp_signing": False,
                    "server_auth": False,
                    "time_stamping": False,
                },
                "unknown_extended_key_usages": [{
                    "object_id_path": [0],
                }],
            },
            "name_constraints": {
                "critical": False,
                "excluded_dns_names": ["string"],
                "excluded_email_addresses": ["string"],
                "excluded_ip_ranges": ["string"],
                "excluded_uris": ["string"],
                "permitted_dns_names": ["string"],
                "permitted_email_addresses": ["string"],
                "permitted_ip_ranges": ["string"],
                "permitted_uris": ["string"],
            },
            "policy_ids": [{
                "object_id_path": [0],
            }],
        },
        "public_key": {
            "format": google_native.privateca.v1.PublicKeyFormat.KEY_FORMAT_UNSPECIFIED,
            "key": "string",
        },
    },
    key_spec={
        "algorithm": google_native.privateca.v1.KeyVersionSpecAlgorithm.SIGN_HASH_ALGORITHM_UNSPECIFIED,
        "cloud_kms_key_version": "string",
    },
    lifetime="string",
    type=google_native.privateca.v1.CertificateAuthorityType.TYPE_UNSPECIFIED,
    gcs_bucket="string",
    labels={
        "string": "string",
    },
    location="string",
    project="string",
    request_id="string",
    subordinate_config={
        "certificate_authority": "string",
        "pem_issuer_chain": {
            "pem_certificates": ["string"],
        },
    })
const certificateAuthorityResource = new google_native.privateca.v1.CertificateAuthority("certificateAuthorityResource", {
    caPoolId: "string",
    certificateAuthorityId: "string",
    config: {
        subjectConfig: {
            subject: {
                commonName: "string",
                countryCode: "string",
                locality: "string",
                organization: "string",
                organizationalUnit: "string",
                postalCode: "string",
                province: "string",
                streetAddress: "string",
            },
            subjectAltName: {
                customSans: [{
                    objectId: {
                        objectIdPath: [0],
                    },
                    value: "string",
                    critical: false,
                }],
                dnsNames: ["string"],
                emailAddresses: ["string"],
                ipAddresses: ["string"],
                uris: ["string"],
            },
        },
        x509Config: {
            additionalExtensions: [{
                objectId: {
                    objectIdPath: [0],
                },
                value: "string",
                critical: false,
            }],
            aiaOcspServers: ["string"],
            caOptions: {
                isCa: false,
                maxIssuerPathLength: 0,
            },
            keyUsage: {
                baseKeyUsage: {
                    certSign: false,
                    contentCommitment: false,
                    crlSign: false,
                    dataEncipherment: false,
                    decipherOnly: false,
                    digitalSignature: false,
                    encipherOnly: false,
                    keyAgreement: false,
                    keyEncipherment: false,
                },
                extendedKeyUsage: {
                    clientAuth: false,
                    codeSigning: false,
                    emailProtection: false,
                    ocspSigning: false,
                    serverAuth: false,
                    timeStamping: false,
                },
                unknownExtendedKeyUsages: [{
                    objectIdPath: [0],
                }],
            },
            nameConstraints: {
                critical: false,
                excludedDnsNames: ["string"],
                excludedEmailAddresses: ["string"],
                excludedIpRanges: ["string"],
                excludedUris: ["string"],
                permittedDnsNames: ["string"],
                permittedEmailAddresses: ["string"],
                permittedIpRanges: ["string"],
                permittedUris: ["string"],
            },
            policyIds: [{
                objectIdPath: [0],
            }],
        },
        publicKey: {
            format: google_native.privateca.v1.PublicKeyFormat.KeyFormatUnspecified,
            key: "string",
        },
    },
    keySpec: {
        algorithm: google_native.privateca.v1.KeyVersionSpecAlgorithm.SignHashAlgorithmUnspecified,
        cloudKmsKeyVersion: "string",
    },
    lifetime: "string",
    type: google_native.privateca.v1.CertificateAuthorityType.TypeUnspecified,
    gcsBucket: "string",
    labels: {
        string: "string",
    },
    location: "string",
    project: "string",
    requestId: "string",
    subordinateConfig: {
        certificateAuthority: "string",
        pemIssuerChain: {
            pemCertificates: ["string"],
        },
    },
});
type: google-native:privateca/v1:CertificateAuthority
properties:
    caPoolId: string
    certificateAuthorityId: string
    config:
        publicKey:
            format: KEY_FORMAT_UNSPECIFIED
            key: string
        subjectConfig:
            subject:
                commonName: string
                countryCode: string
                locality: string
                organization: string
                organizationalUnit: string
                postalCode: string
                province: string
                streetAddress: string
            subjectAltName:
                customSans:
                    - critical: false
                      objectId:
                        objectIdPath:
                            - 0
                      value: string
                dnsNames:
                    - string
                emailAddresses:
                    - string
                ipAddresses:
                    - string
                uris:
                    - string
        x509Config:
            additionalExtensions:
                - critical: false
                  objectId:
                    objectIdPath:
                        - 0
                  value: string
            aiaOcspServers:
                - string
            caOptions:
                isCa: false
                maxIssuerPathLength: 0
            keyUsage:
                baseKeyUsage:
                    certSign: false
                    contentCommitment: false
                    crlSign: false
                    dataEncipherment: false
                    decipherOnly: false
                    digitalSignature: false
                    encipherOnly: false
                    keyAgreement: false
                    keyEncipherment: false
                extendedKeyUsage:
                    clientAuth: false
                    codeSigning: false
                    emailProtection: false
                    ocspSigning: false
                    serverAuth: false
                    timeStamping: false
                unknownExtendedKeyUsages:
                    - objectIdPath:
                        - 0
            nameConstraints:
                critical: false
                excludedDnsNames:
                    - string
                excludedEmailAddresses:
                    - string
                excludedIpRanges:
                    - string
                excludedUris:
                    - string
                permittedDnsNames:
                    - string
                permittedEmailAddresses:
                    - string
                permittedIpRanges:
                    - string
                permittedUris:
                    - string
            policyIds:
                - objectIdPath:
                    - 0
    gcsBucket: string
    keySpec:
        algorithm: SIGN_HASH_ALGORITHM_UNSPECIFIED
        cloudKmsKeyVersion: string
    labels:
        string: string
    lifetime: string
    location: string
    project: string
    requestId: string
    subordinateConfig:
        certificateAuthority: string
        pemIssuerChain:
            pemCertificates:
                - string
    type: TYPE_UNSPECIFIED
CertificateAuthority Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CertificateAuthority resource accepts the following input properties:
- CaPool stringId 
- string
- Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
- Config
Pulumi.Google Native. Privateca. V1. Inputs. Certificate Config 
- Immutable. The config used to create a self-signed X.509 certificate or CSR.
- KeySpec Pulumi.Google Native. Privateca. V1. Inputs. Key Version Spec 
- Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- Lifetime string
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- Type
Pulumi.Google Native. Privateca. V1. Certificate Authority Type 
- Immutable. The Type of this CertificateAuthority.
- GcsBucket string
- Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as.googleapis.com). For example, to use a bucket namedmy-bucket, you would simply specifymy-bucket. If not specified, a managed bucket will be created.
- Labels Dictionary<string, string>
- Optional. Labels with user-defined metadata.
- Location string
- Project string
- RequestId string
- Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- SubordinateConfig Pulumi.Google Native. Privateca. V1. Inputs. Subordinate Config 
- Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- CaPool stringId 
- string
- Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
- Config
CertificateConfig Args 
- Immutable. The config used to create a self-signed X.509 certificate or CSR.
- KeySpec KeyVersion Spec Args 
- Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- Lifetime string
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- Type
CertificateAuthority Type 
- Immutable. The Type of this CertificateAuthority.
- GcsBucket string
- Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as.googleapis.com). For example, to use a bucket namedmy-bucket, you would simply specifymy-bucket. If not specified, a managed bucket will be created.
- Labels map[string]string
- Optional. Labels with user-defined metadata.
- Location string
- Project string
- RequestId string
- Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- SubordinateConfig SubordinateConfig Args 
- Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- caPool StringId 
- String
- Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
- config
CertificateConfig 
- Immutable. The config used to create a self-signed X.509 certificate or CSR.
- keySpec KeyVersion Spec 
- Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- lifetime String
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- type
CertificateAuthority Type 
- Immutable. The Type of this CertificateAuthority.
- gcsBucket String
- Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as.googleapis.com). For example, to use a bucket namedmy-bucket, you would simply specifymy-bucket. If not specified, a managed bucket will be created.
- labels Map<String,String>
- Optional. Labels with user-defined metadata.
- location String
- project String
- requestId String
- Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- subordinateConfig SubordinateConfig 
- Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- caPool stringId 
- string
- Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
- config
CertificateConfig 
- Immutable. The config used to create a self-signed X.509 certificate or CSR.
- keySpec KeyVersion Spec 
- Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- lifetime string
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- type
CertificateAuthority Type 
- Immutable. The Type of this CertificateAuthority.
- gcsBucket string
- Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as.googleapis.com). For example, to use a bucket namedmy-bucket, you would simply specifymy-bucket. If not specified, a managed bucket will be created.
- labels {[key: string]: string}
- Optional. Labels with user-defined metadata.
- location string
- project string
- requestId string
- Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- subordinateConfig SubordinateConfig 
- Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- ca_pool_ strid 
- str
- Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
- config
CertificateConfig Args 
- Immutable. The config used to create a self-signed X.509 certificate or CSR.
- key_spec KeyVersion Spec Args 
- Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- lifetime str
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- type
CertificateAuthority Type 
- Immutable. The Type of this CertificateAuthority.
- gcs_bucket str
- Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as.googleapis.com). For example, to use a bucket namedmy-bucket, you would simply specifymy-bucket. If not specified, a managed bucket will be created.
- labels Mapping[str, str]
- Optional. Labels with user-defined metadata.
- location str
- project str
- request_id str
- Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- subordinate_config SubordinateConfig Args 
- Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- caPool StringId 
- String
- Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
- config Property Map
- Immutable. The config used to create a self-signed X.509 certificate or CSR.
- keySpec Property Map
- Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- lifetime String
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- type "TYPE_UNSPECIFIED" | "SELF_SIGNED" | "SUBORDINATE"
- Immutable. The Type of this CertificateAuthority.
- gcsBucket String
- Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as.googleapis.com). For example, to use a bucket namedmy-bucket, you would simply specifymy-bucket. If not specified, a managed bucket will be created.
- labels Map<String>
- Optional. Labels with user-defined metadata.
- location String
- project String
- requestId String
- Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- subordinateConfig Property Map
- Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
Outputs
All input properties are implicitly available as output properties. Additionally, the CertificateAuthority resource produces the following output properties:
- AccessUrls Pulumi.Google Native. Privateca. V1. Outputs. Access Urls Response 
- URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- CaCertificate List<Pulumi.Descriptions Google Native. Privateca. V1. Outputs. Certificate Description Response> 
- A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- CreateTime string
- The time at which this CertificateAuthority was created.
- DeleteTime string
- The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- ExpireTime string
- The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- PemCa List<string>Certificates 
- This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- State string
- The State for this CertificateAuthority.
- Tier string
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- UpdateTime string
- The time at which this CertificateAuthority was last updated.
- AccessUrls AccessUrls Response 
- URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- CaCertificate []CertificateDescriptions Description Response 
- A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- CreateTime string
- The time at which this CertificateAuthority was created.
- DeleteTime string
- The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- ExpireTime string
- The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- PemCa []stringCertificates 
- This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- State string
- The State for this CertificateAuthority.
- Tier string
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- UpdateTime string
- The time at which this CertificateAuthority was last updated.
- accessUrls AccessUrls Response 
- URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- caCertificate List<CertificateDescriptions Description Response> 
- A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- createTime String
- The time at which this CertificateAuthority was created.
- deleteTime String
- The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expireTime String
- The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pemCa List<String>Certificates 
- This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state String
- The State for this CertificateAuthority.
- tier String
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- updateTime String
- The time at which this CertificateAuthority was last updated.
- accessUrls AccessUrls Response 
- URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- caCertificate CertificateDescriptions Description Response[] 
- A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- createTime string
- The time at which this CertificateAuthority was created.
- deleteTime string
- The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expireTime string
- The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pemCa string[]Certificates 
- This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state string
- The State for this CertificateAuthority.
- tier string
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- updateTime string
- The time at which this CertificateAuthority was last updated.
- access_urls AccessUrls Response 
- URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- ca_certificate_ Sequence[Certificatedescriptions Description Response] 
- A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- create_time str
- The time at which this CertificateAuthority was created.
- delete_time str
- The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expire_time str
- The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pem_ca_ Sequence[str]certificates 
- This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state str
- The State for this CertificateAuthority.
- tier str
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- update_time str
- The time at which this CertificateAuthority was last updated.
- accessUrls Property Map
- URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- caCertificate List<Property Map>Descriptions 
- A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- createTime String
- The time at which this CertificateAuthority was created.
- deleteTime String
- The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expireTime String
- The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pemCa List<String>Certificates 
- This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state String
- The State for this CertificateAuthority.
- tier String
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- updateTime String
- The time at which this CertificateAuthority was last updated.
Supporting Types
AccessUrlsResponse, AccessUrlsResponseArgs      
- CaCertificate stringAccess Url 
- The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- CrlAccess List<string>Urls 
- The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- CaCertificate stringAccess Url 
- The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- CrlAccess []stringUrls 
- The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- caCertificate StringAccess Url 
- The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crlAccess List<String>Urls 
- The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- caCertificate stringAccess Url 
- The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crlAccess string[]Urls 
- The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca_certificate_ straccess_ url 
- The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl_access_ Sequence[str]urls 
- The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- caCertificate StringAccess Url 
- The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crlAccess List<String>Urls 
- The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
CaOptions, CaOptionsArgs    
- IsCa bool
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- MaxIssuer intPath Length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- IsCa bool
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- MaxIssuer intPath Length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- isCa Boolean
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- maxIssuer IntegerPath Length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- isCa boolean
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- maxIssuer numberPath Length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_ca bool
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_issuer_ intpath_ length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- isCa Boolean
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- maxIssuer NumberPath Length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CaOptionsResponse, CaOptionsResponseArgs      
- IsCa bool
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- MaxIssuer intPath Length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- IsCa bool
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- MaxIssuer intPath Length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- isCa Boolean
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- maxIssuer IntegerPath Length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- isCa boolean
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- maxIssuer numberPath Length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_ca bool
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_issuer_ intpath_ length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- isCa Boolean
- Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- maxIssuer NumberPath Length 
- Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CertificateAuthorityType, CertificateAuthorityTypeArgs      
- TypeUnspecified 
- TYPE_UNSPECIFIEDNot specified.
- SelfSigned 
- SELF_SIGNEDSelf-signed CA.
- Subordinate
- SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
- CertificateAuthority Type Type Unspecified 
- TYPE_UNSPECIFIEDNot specified.
- CertificateAuthority Type Self Signed 
- SELF_SIGNEDSelf-signed CA.
- CertificateAuthority Type Subordinate 
- SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
- TypeUnspecified 
- TYPE_UNSPECIFIEDNot specified.
- SelfSigned 
- SELF_SIGNEDSelf-signed CA.
- Subordinate
- SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
- TypeUnspecified 
- TYPE_UNSPECIFIEDNot specified.
- SelfSigned 
- SELF_SIGNEDSelf-signed CA.
- Subordinate
- SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
- TYPE_UNSPECIFIED
- TYPE_UNSPECIFIEDNot specified.
- SELF_SIGNED
- SELF_SIGNEDSelf-signed CA.
- SUBORDINATE
- SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
- "TYPE_UNSPECIFIED"
- TYPE_UNSPECIFIEDNot specified.
- "SELF_SIGNED"
- SELF_SIGNEDSelf-signed CA.
- "SUBORDINATE"
- SUBORDINATESubordinate CA. Could be issued by a Private CA CertificateAuthority or an unmanaged CA.
CertificateConfig, CertificateConfigArgs    
- SubjectConfig Pulumi.Google Native. Privateca. V1. Inputs. Subject Config 
- Specifies some of the values in a certificate that are related to the subject.
- X509Config
Pulumi.Google Native. Privateca. V1. Inputs. X509Parameters 
- Describes how some of the technical X.509 fields in a certificate should be populated.
- PublicKey Pulumi.Google Native. Privateca. V1. Inputs. Public Key 
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- SubjectConfig SubjectConfig 
- Specifies some of the values in a certificate that are related to the subject.
- X509Config X509Parameters
- Describes how some of the technical X.509 fields in a certificate should be populated.
- PublicKey PublicKey 
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subjectConfig SubjectConfig 
- Specifies some of the values in a certificate that are related to the subject.
- x509Config X509Parameters
- Describes how some of the technical X.509 fields in a certificate should be populated.
- publicKey PublicKey 
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subjectConfig SubjectConfig 
- Specifies some of the values in a certificate that are related to the subject.
- x509Config X509Parameters
- Describes how some of the technical X.509 fields in a certificate should be populated.
- publicKey PublicKey 
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject_config SubjectConfig 
- Specifies some of the values in a certificate that are related to the subject.
- x509_config X509Parameters
- Describes how some of the technical X.509 fields in a certificate should be populated.
- public_key PublicKey 
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subjectConfig Property Map
- Specifies some of the values in a certificate that are related to the subject.
- x509Config Property Map
- Describes how some of the technical X.509 fields in a certificate should be populated.
- publicKey Property Map
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
CertificateConfigResponse, CertificateConfigResponseArgs      
- PublicKey Pulumi.Google Native. Privateca. V1. Inputs. Public Key Response 
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- SubjectConfig Pulumi.Google Native. Privateca. V1. Inputs. Subject Config Response 
- Specifies some of the values in a certificate that are related to the subject.
- X509Config
Pulumi.Google Native. Privateca. V1. Inputs. X509Parameters Response 
- Describes how some of the technical X.509 fields in a certificate should be populated.
- PublicKey PublicKey Response 
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- SubjectConfig SubjectConfig Response 
- Specifies some of the values in a certificate that are related to the subject.
- X509Config
X509ParametersResponse 
- Describes how some of the technical X.509 fields in a certificate should be populated.
- publicKey PublicKey Response 
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subjectConfig SubjectConfig Response 
- Specifies some of the values in a certificate that are related to the subject.
- x509Config
X509ParametersResponse 
- Describes how some of the technical X.509 fields in a certificate should be populated.
- publicKey PublicKey Response 
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subjectConfig SubjectConfig Response 
- Specifies some of the values in a certificate that are related to the subject.
- x509Config
X509ParametersResponse 
- Describes how some of the technical X.509 fields in a certificate should be populated.
- public_key PublicKey Response 
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject_config SubjectConfig Response 
- Specifies some of the values in a certificate that are related to the subject.
- x509_config X509ParametersResponse 
- Describes how some of the technical X.509 fields in a certificate should be populated.
- publicKey Property Map
- Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subjectConfig Property Map
- Specifies some of the values in a certificate that are related to the subject.
- x509Config Property Map
- Describes how some of the technical X.509 fields in a certificate should be populated.
CertificateDescriptionResponse, CertificateDescriptionResponseArgs      
- AiaIssuing List<string>Certificate Urls 
- Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- 
Pulumi.Google Native. Privateca. V1. Inputs. Key Id Response 
- Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- CertFingerprint Pulumi.Google Native. Privateca. V1. Inputs. Certificate Fingerprint Response 
- The hash of the x.509 certificate.
- CrlDistribution List<string>Points 
- Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- PublicKey Pulumi.Google Native. Privateca. V1. Inputs. Public Key Response 
- The public key that corresponds to an issued certificate.
- SubjectDescription Pulumi.Google Native. Privateca. V1. Inputs. Subject Description Response 
- Describes some of the values in a certificate that are related to the subject and lifetime.
- SubjectKey Pulumi.Id Google Native. Privateca. V1. Inputs. Key Id Response 
- Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- X509Description
Pulumi.Google Native. Privateca. V1. Inputs. X509Parameters Response 
- Describes some of the technical X.509 fields in a certificate.
- AiaIssuing []stringCertificate Urls 
- Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- 
KeyId Response 
- Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- CertFingerprint CertificateFingerprint Response 
- The hash of the x.509 certificate.
- CrlDistribution []stringPoints 
- Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- PublicKey PublicKey Response 
- The public key that corresponds to an issued certificate.
- SubjectDescription SubjectDescription Response 
- Describes some of the values in a certificate that are related to the subject and lifetime.
- SubjectKey KeyId Id Response 
- Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- X509Description
X509ParametersResponse 
- Describes some of the technical X.509 fields in a certificate.
- aiaIssuing List<String>Certificate Urls 
- Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- 
KeyId Response 
- Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- certFingerprint CertificateFingerprint Response 
- The hash of the x.509 certificate.
- crlDistribution List<String>Points 
- Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- publicKey PublicKey Response 
- The public key that corresponds to an issued certificate.
- subjectDescription SubjectDescription Response 
- Describes some of the values in a certificate that are related to the subject and lifetime.
- subjectKey KeyId Id Response 
- Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description
X509ParametersResponse 
- Describes some of the technical X.509 fields in a certificate.
- aiaIssuing string[]Certificate Urls 
- Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- 
KeyId Response 
- Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- certFingerprint CertificateFingerprint Response 
- The hash of the x.509 certificate.
- crlDistribution string[]Points 
- Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- publicKey PublicKey Response 
- The public key that corresponds to an issued certificate.
- subjectDescription SubjectDescription Response 
- Describes some of the values in a certificate that are related to the subject and lifetime.
- subjectKey KeyId Id Response 
- Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description
X509ParametersResponse 
- Describes some of the technical X.509 fields in a certificate.
- aia_issuing_ Sequence[str]certificate_ urls 
- Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- 
KeyId Response 
- Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert_fingerprint CertificateFingerprint Response 
- The hash of the x.509 certificate.
- crl_distribution_ Sequence[str]points 
- Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public_key PublicKey Response 
- The public key that corresponds to an issued certificate.
- subject_description SubjectDescription Response 
- Describes some of the values in a certificate that are related to the subject and lifetime.
- subject_key_ Keyid Id Response 
- Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509_description X509ParametersResponse 
- Describes some of the technical X.509 fields in a certificate.
- aiaIssuing List<String>Certificate Urls 
- Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
- Property Map
- Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- certFingerprint Property Map
- The hash of the x.509 certificate.
- crlDistribution List<String>Points 
- Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- publicKey Property Map
- The public key that corresponds to an issued certificate.
- subjectDescription Property Map
- Describes some of the values in a certificate that are related to the subject and lifetime.
- subjectKey Property MapId 
- Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description Property Map
- Describes some of the technical X.509 fields in a certificate.
CertificateFingerprintResponse, CertificateFingerprintResponseArgs      
- Sha256Hash string
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- Sha256Hash string
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash String
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash string
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256_hash str
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash String
- The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
ExtendedKeyUsageOptions, ExtendedKeyUsageOptionsArgs        
- ClientAuth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- CodeSigning bool
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- EmailProtection bool
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- OcspSigning bool
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- ServerAuth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- TimeStamping bool
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- ClientAuth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- CodeSigning bool
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- EmailProtection bool
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- OcspSigning bool
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- ServerAuth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- TimeStamping bool
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- clientAuth Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- codeSigning Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- emailProtection Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocspSigning Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- serverAuth Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- timeStamping Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- clientAuth boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- codeSigning boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- emailProtection boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocspSigning boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- serverAuth boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- timeStamping boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_auth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_signing bool
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_protection bool
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_signing bool
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_auth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_stamping bool
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- clientAuth Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- codeSigning Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- emailProtection Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocspSigning Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- serverAuth Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- timeStamping Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
ExtendedKeyUsageOptionsResponse, ExtendedKeyUsageOptionsResponseArgs          
- ClientAuth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- CodeSigning bool
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- EmailProtection bool
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- OcspSigning bool
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- ServerAuth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- TimeStamping bool
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- ClientAuth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- CodeSigning bool
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- EmailProtection bool
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- OcspSigning bool
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- ServerAuth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- TimeStamping bool
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- clientAuth Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- codeSigning Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- emailProtection Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocspSigning Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- serverAuth Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- timeStamping Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- clientAuth boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- codeSigning boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- emailProtection boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocspSigning boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- serverAuth boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- timeStamping boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_auth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_signing bool
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_protection bool
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_signing bool
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_auth bool
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_stamping bool
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- clientAuth Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- codeSigning Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- emailProtection Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocspSigning Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- serverAuth Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- timeStamping Boolean
- Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
KeyIdResponse, KeyIdResponseArgs      
- KeyId string
- Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- KeyId string
- Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- keyId String
- Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- keyId string
- Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key_id str
- Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- keyId String
- Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
KeyUsage, KeyUsageArgs    
- BaseKey Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options 
- Describes high-level ways in which a key may be used.
- ExtendedKey Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options 
- Detailed scenarios in which a key may be used.
- UnknownExtended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id> 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- BaseKey KeyUsage Usage Options 
- Describes high-level ways in which a key may be used.
- ExtendedKey ExtendedUsage Key Usage Options 
- Detailed scenarios in which a key may be used.
- UnknownExtended []ObjectKey Usages Id 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- baseKey KeyUsage Usage Options 
- Describes high-level ways in which a key may be used.
- extendedKey ExtendedUsage Key Usage Options 
- Detailed scenarios in which a key may be used.
- unknownExtended List<ObjectKey Usages Id> 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- baseKey KeyUsage Usage Options 
- Describes high-level ways in which a key may be used.
- extendedKey ExtendedUsage Key Usage Options 
- Detailed scenarios in which a key may be used.
- unknownExtended ObjectKey Usages Id[] 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_key_ Keyusage Usage Options 
- Describes high-level ways in which a key may be used.
- extended_key_ Extendedusage Key Usage Options 
- Detailed scenarios in which a key may be used.
- unknown_extended_ Sequence[Objectkey_ usages Id] 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- baseKey Property MapUsage 
- Describes high-level ways in which a key may be used.
- extendedKey Property MapUsage 
- Detailed scenarios in which a key may be used.
- unknownExtended List<Property Map>Key Usages 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
KeyUsageOptions, KeyUsageOptionsArgs      
- CertSign bool
- The key may be used to sign certificates.
- ContentCommitment bool
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- CrlSign bool
- The key may be used sign certificate revocation lists.
- DataEncipherment bool
- The key may be used to encipher data.
- DecipherOnly bool
- The key may be used to decipher only.
- DigitalSignature bool
- The key may be used for digital signatures.
- EncipherOnly bool
- The key may be used to encipher only.
- KeyAgreement bool
- The key may be used in a key agreement protocol.
- KeyEncipherment bool
- The key may be used to encipher other keys.
- CertSign bool
- The key may be used to sign certificates.
- ContentCommitment bool
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- CrlSign bool
- The key may be used sign certificate revocation lists.
- DataEncipherment bool
- The key may be used to encipher data.
- DecipherOnly bool
- The key may be used to decipher only.
- DigitalSignature bool
- The key may be used for digital signatures.
- EncipherOnly bool
- The key may be used to encipher only.
- KeyAgreement bool
- The key may be used in a key agreement protocol.
- KeyEncipherment bool
- The key may be used to encipher other keys.
- certSign Boolean
- The key may be used to sign certificates.
- contentCommitment Boolean
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crlSign Boolean
- The key may be used sign certificate revocation lists.
- dataEncipherment Boolean
- The key may be used to encipher data.
- decipherOnly Boolean
- The key may be used to decipher only.
- digitalSignature Boolean
- The key may be used for digital signatures.
- encipherOnly Boolean
- The key may be used to encipher only.
- keyAgreement Boolean
- The key may be used in a key agreement protocol.
- keyEncipherment Boolean
- The key may be used to encipher other keys.
- certSign boolean
- The key may be used to sign certificates.
- contentCommitment boolean
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crlSign boolean
- The key may be used sign certificate revocation lists.
- dataEncipherment boolean
- The key may be used to encipher data.
- decipherOnly boolean
- The key may be used to decipher only.
- digitalSignature boolean
- The key may be used for digital signatures.
- encipherOnly boolean
- The key may be used to encipher only.
- keyAgreement boolean
- The key may be used in a key agreement protocol.
- keyEncipherment boolean
- The key may be used to encipher other keys.
- cert_sign bool
- The key may be used to sign certificates.
- content_commitment bool
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_sign bool
- The key may be used sign certificate revocation lists.
- data_encipherment bool
- The key may be used to encipher data.
- decipher_only bool
- The key may be used to decipher only.
- digital_signature bool
- The key may be used for digital signatures.
- encipher_only bool
- The key may be used to encipher only.
- key_agreement bool
- The key may be used in a key agreement protocol.
- key_encipherment bool
- The key may be used to encipher other keys.
- certSign Boolean
- The key may be used to sign certificates.
- contentCommitment Boolean
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crlSign Boolean
- The key may be used sign certificate revocation lists.
- dataEncipherment Boolean
- The key may be used to encipher data.
- decipherOnly Boolean
- The key may be used to decipher only.
- digitalSignature Boolean
- The key may be used for digital signatures.
- encipherOnly Boolean
- The key may be used to encipher only.
- keyAgreement Boolean
- The key may be used in a key agreement protocol.
- keyEncipherment Boolean
- The key may be used to encipher other keys.
KeyUsageOptionsResponse, KeyUsageOptionsResponseArgs        
- CertSign bool
- The key may be used to sign certificates.
- ContentCommitment bool
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- CrlSign bool
- The key may be used sign certificate revocation lists.
- DataEncipherment bool
- The key may be used to encipher data.
- DecipherOnly bool
- The key may be used to decipher only.
- DigitalSignature bool
- The key may be used for digital signatures.
- EncipherOnly bool
- The key may be used to encipher only.
- KeyAgreement bool
- The key may be used in a key agreement protocol.
- KeyEncipherment bool
- The key may be used to encipher other keys.
- CertSign bool
- The key may be used to sign certificates.
- ContentCommitment bool
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- CrlSign bool
- The key may be used sign certificate revocation lists.
- DataEncipherment bool
- The key may be used to encipher data.
- DecipherOnly bool
- The key may be used to decipher only.
- DigitalSignature bool
- The key may be used for digital signatures.
- EncipherOnly bool
- The key may be used to encipher only.
- KeyAgreement bool
- The key may be used in a key agreement protocol.
- KeyEncipherment bool
- The key may be used to encipher other keys.
- certSign Boolean
- The key may be used to sign certificates.
- contentCommitment Boolean
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crlSign Boolean
- The key may be used sign certificate revocation lists.
- dataEncipherment Boolean
- The key may be used to encipher data.
- decipherOnly Boolean
- The key may be used to decipher only.
- digitalSignature Boolean
- The key may be used for digital signatures.
- encipherOnly Boolean
- The key may be used to encipher only.
- keyAgreement Boolean
- The key may be used in a key agreement protocol.
- keyEncipherment Boolean
- The key may be used to encipher other keys.
- certSign boolean
- The key may be used to sign certificates.
- contentCommitment boolean
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crlSign boolean
- The key may be used sign certificate revocation lists.
- dataEncipherment boolean
- The key may be used to encipher data.
- decipherOnly boolean
- The key may be used to decipher only.
- digitalSignature boolean
- The key may be used for digital signatures.
- encipherOnly boolean
- The key may be used to encipher only.
- keyAgreement boolean
- The key may be used in a key agreement protocol.
- keyEncipherment boolean
- The key may be used to encipher other keys.
- cert_sign bool
- The key may be used to sign certificates.
- content_commitment bool
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_sign bool
- The key may be used sign certificate revocation lists.
- data_encipherment bool
- The key may be used to encipher data.
- decipher_only bool
- The key may be used to decipher only.
- digital_signature bool
- The key may be used for digital signatures.
- encipher_only bool
- The key may be used to encipher only.
- key_agreement bool
- The key may be used in a key agreement protocol.
- key_encipherment bool
- The key may be used to encipher other keys.
- certSign Boolean
- The key may be used to sign certificates.
- contentCommitment Boolean
- The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crlSign Boolean
- The key may be used sign certificate revocation lists.
- dataEncipherment Boolean
- The key may be used to encipher data.
- decipherOnly Boolean
- The key may be used to decipher only.
- digitalSignature Boolean
- The key may be used for digital signatures.
- encipherOnly Boolean
- The key may be used to encipher only.
- keyAgreement Boolean
- The key may be used in a key agreement protocol.
- keyEncipherment Boolean
- The key may be used to encipher other keys.
KeyUsageResponse, KeyUsageResponseArgs      
- BaseKey Pulumi.Usage Google Native. Privateca. V1. Inputs. Key Usage Options Response 
- Describes high-level ways in which a key may be used.
- ExtendedKey Pulumi.Usage Google Native. Privateca. V1. Inputs. Extended Key Usage Options Response 
- Detailed scenarios in which a key may be used.
- UnknownExtended List<Pulumi.Key Usages Google Native. Privateca. V1. Inputs. Object Id Response> 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- BaseKey KeyUsage Usage Options Response 
- Describes high-level ways in which a key may be used.
- ExtendedKey ExtendedUsage Key Usage Options Response 
- Detailed scenarios in which a key may be used.
- UnknownExtended []ObjectKey Usages Id Response 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- baseKey KeyUsage Usage Options Response 
- Describes high-level ways in which a key may be used.
- extendedKey ExtendedUsage Key Usage Options Response 
- Detailed scenarios in which a key may be used.
- unknownExtended List<ObjectKey Usages Id Response> 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- baseKey KeyUsage Usage Options Response 
- Describes high-level ways in which a key may be used.
- extendedKey ExtendedUsage Key Usage Options Response 
- Detailed scenarios in which a key may be used.
- unknownExtended ObjectKey Usages Id Response[] 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_key_ Keyusage Usage Options Response 
- Describes high-level ways in which a key may be used.
- extended_key_ Extendedusage Key Usage Options Response 
- Detailed scenarios in which a key may be used.
- unknown_extended_ Sequence[Objectkey_ usages Id Response] 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- baseKey Property MapUsage 
- Describes high-level ways in which a key may be used.
- extendedKey Property MapUsage 
- Detailed scenarios in which a key may be used.
- unknownExtended List<Property Map>Key Usages 
- Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
KeyVersionSpec, KeyVersionSpecArgs      
- Algorithm
Pulumi.Google Native. Privateca. V1. Key Version Spec Algorithm 
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- CloudKms stringKey Version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
- Algorithm
KeyVersion Spec Algorithm 
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- CloudKms stringKey Version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
- algorithm
KeyVersion Spec Algorithm 
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- cloudKms StringKey Version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
- algorithm
KeyVersion Spec Algorithm 
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- cloudKms stringKey Version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
- algorithm
KeyVersion Spec Algorithm 
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- cloud_kms_ strkey_ version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
- algorithm "SIGN_HASH_ALGORITHM_UNSPECIFIED" | "RSA_PSS_2048_SHA256" | "RSA_PSS_3072_SHA256" | "RSA_PSS_4096_SHA256" | "RSA_PKCS1_2048_SHA256" | "RSA_PKCS1_3072_SHA256" | "RSA_PKCS1_4096_SHA256" | "EC_P256_SHA256" | "EC_P384_SHA384"
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- cloudKms StringKey Version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
KeyVersionSpecAlgorithm, KeyVersionSpecAlgorithmArgs        
- SignHash Algorithm Unspecified 
- SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
- RsaPss2048Sha256 
- RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- RsaPss3072Sha256 
- RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- RsaPss4096Sha256 
- RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- RsaPkcs12048Sha256 
- RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- RsaPkcs13072Sha256 
- RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- RsaPkcs14096Sha256 
- RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- EcP256Sha256 
- EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- EcP384Sha384 
- EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
- KeyVersion Spec Algorithm Sign Hash Algorithm Unspecified 
- SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
- KeyVersion Spec Algorithm Rsa Pss2048Sha256 
- RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- KeyVersion Spec Algorithm Rsa Pss3072Sha256 
- RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- KeyVersion Spec Algorithm Rsa Pss4096Sha256 
- RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- KeyVersion Spec Algorithm Rsa Pkcs12048Sha256 
- RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- KeyVersion Spec Algorithm Rsa Pkcs13072Sha256 
- RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- KeyVersion Spec Algorithm Rsa Pkcs14096Sha256 
- RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- KeyVersion Spec Algorithm Ec P256Sha256 
- EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- KeyVersion Spec Algorithm Ec P384Sha384 
- EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
- SignHash Algorithm Unspecified 
- SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
- RsaPss2048Sha256 
- RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- RsaPss3072Sha256 
- RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- RsaPss4096Sha256 
- RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- RsaPkcs12048Sha256 
- RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- RsaPkcs13072Sha256 
- RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- RsaPkcs14096Sha256 
- RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- EcP256Sha256 
- EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- EcP384Sha384 
- EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
- SignHash Algorithm Unspecified 
- SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
- RsaPss2048Sha256 
- RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- RsaPss3072Sha256 
- RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- RsaPss4096Sha256 
- RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- RsaPkcs12048Sha256 
- RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- RsaPkcs13072Sha256 
- RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- RsaPkcs14096Sha256 
- RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- EcP256Sha256 
- EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- EcP384Sha384 
- EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
- SIGN_HASH_ALGORITHM_UNSPECIFIED
- SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
- RSA_PSS2048_SHA256
- RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- RSA_PSS3072_SHA256
- RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- RSA_PSS4096_SHA256
- RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- RSA_PKCS12048_SHA256
- RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- RSA_PKCS13072_SHA256
- RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- RSA_PKCS14096_SHA256
- RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- EC_P256_SHA256
- EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- EC_P384_SHA384
- EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
- "SIGN_HASH_ALGORITHM_UNSPECIFIED"
- SIGN_HASH_ALGORITHM_UNSPECIFIEDNot specified.
- "RSA_PSS_2048_SHA256"
- RSA_PSS_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
- "RSA_PSS_3072_SHA256"
- RSA_PSS_3072_SHA256maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
- "RSA_PSS_4096_SHA256"
- RSA_PSS_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
- "RSA_PKCS1_2048_SHA256"
- RSA_PKCS1_2048_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
- "RSA_PKCS1_3072_SHA256"
- RSA_PKCS1_3072_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
- "RSA_PKCS1_4096_SHA256"
- RSA_PKCS1_4096_SHA256maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
- "EC_P256_SHA256"
- EC_P256_SHA256maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
- "EC_P384_SHA384"
- EC_P384_SHA384maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
KeyVersionSpecResponse, KeyVersionSpecResponseArgs        
- Algorithm string
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- CloudKms stringKey Version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
- Algorithm string
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- CloudKms stringKey Version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
- algorithm String
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- cloudKms StringKey Version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
- algorithm string
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- cloudKms stringKey Version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
- algorithm str
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- cloud_kms_ strkey_ version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
- algorithm String
- The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
- cloudKms StringKey Version 
- The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
NameConstraints, NameConstraintsArgs    
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- ExcludedDns List<string>Names 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- ExcludedEmail List<string>Addresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- ExcludedIp List<string>Ranges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- ExcludedUris List<string>
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- PermittedDns List<string>Names 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- PermittedEmail List<string>Addresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- PermittedIp List<string>Ranges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- PermittedUris List<string>
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- ExcludedDns []stringNames 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- ExcludedEmail []stringAddresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- ExcludedIp []stringRanges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- ExcludedUris []string
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- PermittedDns []stringNames 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- PermittedEmail []stringAddresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- PermittedIp []stringRanges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- PermittedUris []string
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excludedDns List<String>Names 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- excludedEmail List<String>Addresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- excludedIp List<String>Ranges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excludedUris List<String>
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- permittedDns List<String>Names 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- permittedEmail List<String>Addresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- permittedIp List<String>Ranges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permittedUris List<String>
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- critical boolean
- Indicates whether or not the name constraints are marked critical.
- excludedDns string[]Names 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- excludedEmail string[]Addresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- excludedIp string[]Ranges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excludedUris string[]
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- permittedDns string[]Names 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- permittedEmail string[]Addresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- permittedIp string[]Ranges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permittedUris string[]
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- critical bool
- Indicates whether or not the name constraints are marked critical.
- excluded_dns_ Sequence[str]names 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- excluded_email_ Sequence[str]addresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- excluded_ip_ Sequence[str]ranges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_uris Sequence[str]
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- permitted_dns_ Sequence[str]names 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- permitted_email_ Sequence[str]addresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- permitted_ip_ Sequence[str]ranges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_uris Sequence[str]
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excludedDns List<String>Names 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- excludedEmail List<String>Addresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- excludedIp List<String>Ranges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excludedUris List<String>
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- permittedDns List<String>Names 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- permittedEmail List<String>Addresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- permittedIp List<String>Ranges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permittedUris List<String>
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
NameConstraintsResponse, NameConstraintsResponseArgs      
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- ExcludedDns List<string>Names 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- ExcludedEmail List<string>Addresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- ExcludedIp List<string>Ranges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- ExcludedUris List<string>
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- PermittedDns List<string>Names 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- PermittedEmail List<string>Addresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- PermittedIp List<string>Ranges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- PermittedUris List<string>
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- Critical bool
- Indicates whether or not the name constraints are marked critical.
- ExcludedDns []stringNames 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- ExcludedEmail []stringAddresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- ExcludedIp []stringRanges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- ExcludedUris []string
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- PermittedDns []stringNames 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- PermittedEmail []stringAddresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- PermittedIp []stringRanges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- PermittedUris []string
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excludedDns List<String>Names 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- excludedEmail List<String>Addresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- excludedIp List<String>Ranges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excludedUris List<String>
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- permittedDns List<String>Names 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- permittedEmail List<String>Addresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- permittedIp List<String>Ranges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permittedUris List<String>
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- critical boolean
- Indicates whether or not the name constraints are marked critical.
- excludedDns string[]Names 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- excludedEmail string[]Addresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- excludedIp string[]Ranges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excludedUris string[]
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- permittedDns string[]Names 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- permittedEmail string[]Addresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- permittedIp string[]Ranges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permittedUris string[]
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- critical bool
- Indicates whether or not the name constraints are marked critical.
- excluded_dns_ Sequence[str]names 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- excluded_email_ Sequence[str]addresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- excluded_ip_ Sequence[str]ranges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_uris Sequence[str]
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- permitted_dns_ Sequence[str]names 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- permitted_email_ Sequence[str]addresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- permitted_ip_ Sequence[str]ranges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_uris Sequence[str]
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- critical Boolean
- Indicates whether or not the name constraints are marked critical.
- excludedDns List<String>Names 
- Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- excludedEmail List<String>Addresses 
- Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- excludedIp List<String>Ranges 
- Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excludedUris List<String>
- Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
- permittedDns List<String>Names 
- Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com,www.example.com,www.sub.example.comwould satisfyexample.comwhileexample1.comdoes not.
- permittedEmail List<String>Addresses 
- Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
- permittedIp List<String>Ranges 
- Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permittedUris List<String>
- Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
ObjectId, ObjectIdArgs    
- ObjectId List<int>Path 
- The parts of an OID path. The most significant parts of the path come first.
- ObjectId []intPath 
- The parts of an OID path. The most significant parts of the path come first.
- objectId List<Integer>Path 
- The parts of an OID path. The most significant parts of the path come first.
- objectId number[]Path 
- The parts of an OID path. The most significant parts of the path come first.
- object_id_ Sequence[int]path 
- The parts of an OID path. The most significant parts of the path come first.
- objectId List<Number>Path 
- The parts of an OID path. The most significant parts of the path come first.
ObjectIdResponse, ObjectIdResponseArgs      
- ObjectId List<int>Path 
- The parts of an OID path. The most significant parts of the path come first.
- ObjectId []intPath 
- The parts of an OID path. The most significant parts of the path come first.
- objectId List<Integer>Path 
- The parts of an OID path. The most significant parts of the path come first.
- objectId number[]Path 
- The parts of an OID path. The most significant parts of the path come first.
- object_id_ Sequence[int]path 
- The parts of an OID path. The most significant parts of the path come first.
- objectId List<Number>Path 
- The parts of an OID path. The most significant parts of the path come first.
PublicKey, PublicKeyArgs    
- Format
Pulumi.Google Native. Privateca. V1. Public Key Format 
- The format of the public key.
- Key string
- A public key. The padding and encoding must match with the KeyFormatvalue specified for theformatfield.
- Format
PublicKey Format 
- The format of the public key.
- Key string
- A public key. The padding and encoding must match with the KeyFormatvalue specified for theformatfield.
- format
PublicKey Format 
- The format of the public key.
- key String
- A public key. The padding and encoding must match with the KeyFormatvalue specified for theformatfield.
- format
PublicKey Format 
- The format of the public key.
- key string
- A public key. The padding and encoding must match with the KeyFormatvalue specified for theformatfield.
- format
PublicKey Format 
- The format of the public key.
- key str
- A public key. The padding and encoding must match with the KeyFormatvalue specified for theformatfield.
- format "KEY_FORMAT_UNSPECIFIED" | "PEM"
- The format of the public key.
- key String
- A public key. The padding and encoding must match with the KeyFormatvalue specified for theformatfield.
PublicKeyFormat, PublicKeyFormatArgs      
- KeyFormat Unspecified 
- KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
- Pem
- PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
- PublicKey Format Key Format Unspecified 
- KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
- PublicKey Format Pem 
- PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
- KeyFormat Unspecified 
- KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
- Pem
- PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
- KeyFormat Unspecified 
- KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
- Pem
- PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
- KEY_FORMAT_UNSPECIFIED
- KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
- PEM
- PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
- "KEY_FORMAT_UNSPECIFIED"
- KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
- "PEM"
- PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.
PublicKeyResponse, PublicKeyResponseArgs      
Subject, SubjectArgs  
- CommonName string
- The "common name" of the subject.
- CountryCode string
- The country code of the subject.
- Locality string
- The locality or city of the subject.
- Organization string
- The organization of the subject.
- OrganizationalUnit string
- The organizational_unit of the subject.
- PostalCode string
- The postal code of the subject.
- Province string
- The province, territory, or regional state of the subject.
- StreetAddress string
- The street address of the subject.
- CommonName string
- The "common name" of the subject.
- CountryCode string
- The country code of the subject.
- Locality string
- The locality or city of the subject.
- Organization string
- The organization of the subject.
- OrganizationalUnit string
- The organizational_unit of the subject.
- PostalCode string
- The postal code of the subject.
- Province string
- The province, territory, or regional state of the subject.
- StreetAddress string
- The street address of the subject.
- commonName String
- The "common name" of the subject.
- countryCode String
- The country code of the subject.
- locality String
- The locality or city of the subject.
- organization String
- The organization of the subject.
- organizationalUnit String
- The organizational_unit of the subject.
- postalCode String
- The postal code of the subject.
- province String
- The province, territory, or regional state of the subject.
- streetAddress String
- The street address of the subject.
- commonName string
- The "common name" of the subject.
- countryCode string
- The country code of the subject.
- locality string
- The locality or city of the subject.
- organization string
- The organization of the subject.
- organizationalUnit string
- The organizational_unit of the subject.
- postalCode string
- The postal code of the subject.
- province string
- The province, territory, or regional state of the subject.
- streetAddress string
- The street address of the subject.
- common_name str
- The "common name" of the subject.
- country_code str
- The country code of the subject.
- locality str
- The locality or city of the subject.
- organization str
- The organization of the subject.
- organizational_unit str
- The organizational_unit of the subject.
- postal_code str
- The postal code of the subject.
- province str
- The province, territory, or regional state of the subject.
- street_address str
- The street address of the subject.
- commonName String
- The "common name" of the subject.
- countryCode String
- The country code of the subject.
- locality String
- The locality or city of the subject.
- organization String
- The organization of the subject.
- organizationalUnit String
- The organizational_unit of the subject.
- postalCode String
- The postal code of the subject.
- province String
- The province, territory, or regional state of the subject.
- streetAddress String
- The street address of the subject.
SubjectAltNames, SubjectAltNamesArgs      
- CustomSans List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension> 
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- DnsNames List<string>
- Contains only valid, fully-qualified host names.
- EmailAddresses List<string>
- Contains only valid RFC 2822 E-mail addresses.
- IpAddresses List<string>
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris List<string>
- Contains only valid RFC 3986 URIs.
- CustomSans []X509Extension
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- DnsNames []string
- Contains only valid, fully-qualified host names.
- EmailAddresses []string
- Contains only valid RFC 2822 E-mail addresses.
- IpAddresses []string
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris []string
- Contains only valid RFC 3986 URIs.
- customSans List<X509Extension>
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- dnsNames List<String>
- Contains only valid, fully-qualified host names.
- emailAddresses List<String>
- Contains only valid RFC 2822 E-mail addresses.
- ipAddresses List<String>
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
- Contains only valid RFC 3986 URIs.
- customSans X509Extension[]
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- dnsNames string[]
- Contains only valid, fully-qualified host names.
- emailAddresses string[]
- Contains only valid RFC 2822 E-mail addresses.
- ipAddresses string[]
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris string[]
- Contains only valid RFC 3986 URIs.
- custom_sans Sequence[X509Extension]
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- dns_names Sequence[str]
- Contains only valid, fully-qualified host names.
- email_addresses Sequence[str]
- Contains only valid RFC 2822 E-mail addresses.
- ip_addresses Sequence[str]
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris Sequence[str]
- Contains only valid RFC 3986 URIs.
- customSans List<Property Map>
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- dnsNames List<String>
- Contains only valid, fully-qualified host names.
- emailAddresses List<String>
- Contains only valid RFC 2822 E-mail addresses.
- ipAddresses List<String>
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
- Contains only valid RFC 3986 URIs.
SubjectAltNamesResponse, SubjectAltNamesResponseArgs        
- CustomSans List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> 
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- DnsNames List<string>
- Contains only valid, fully-qualified host names.
- EmailAddresses List<string>
- Contains only valid RFC 2822 E-mail addresses.
- IpAddresses List<string>
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris List<string>
- Contains only valid RFC 3986 URIs.
- CustomSans []X509ExtensionResponse 
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- DnsNames []string
- Contains only valid, fully-qualified host names.
- EmailAddresses []string
- Contains only valid RFC 2822 E-mail addresses.
- IpAddresses []string
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris []string
- Contains only valid RFC 3986 URIs.
- customSans List<X509ExtensionResponse> 
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- dnsNames List<String>
- Contains only valid, fully-qualified host names.
- emailAddresses List<String>
- Contains only valid RFC 2822 E-mail addresses.
- ipAddresses List<String>
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
- Contains only valid RFC 3986 URIs.
- customSans X509ExtensionResponse[] 
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- dnsNames string[]
- Contains only valid, fully-qualified host names.
- emailAddresses string[]
- Contains only valid RFC 2822 E-mail addresses.
- ipAddresses string[]
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris string[]
- Contains only valid RFC 3986 URIs.
- custom_sans Sequence[X509ExtensionResponse] 
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- dns_names Sequence[str]
- Contains only valid, fully-qualified host names.
- email_addresses Sequence[str]
- Contains only valid RFC 2822 E-mail addresses.
- ip_addresses Sequence[str]
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris Sequence[str]
- Contains only valid RFC 3986 URIs.
- customSans List<Property Map>
- Contains additional subject alternative name values. For each custom_san, the valuefield must contain an ASN.1 encoded UTF8String.
- dnsNames List<String>
- Contains only valid, fully-qualified host names.
- emailAddresses List<String>
- Contains only valid RFC 2822 E-mail addresses.
- ipAddresses List<String>
- Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
- Contains only valid RFC 3986 URIs.
SubjectConfig, SubjectConfigArgs    
- Subject
Pulumi.Google Native. Privateca. V1. Inputs. Subject 
- Optional. Contains distinguished name fields such as the common name, location and organization.
- SubjectAlt Pulumi.Name Google Native. Privateca. V1. Inputs. Subject Alt Names 
- Optional. The subject alternative name fields.
- Subject Subject
- Optional. Contains distinguished name fields such as the common name, location and organization.
- SubjectAlt SubjectName Alt Names 
- Optional. The subject alternative name fields.
- subject Subject
- Optional. Contains distinguished name fields such as the common name, location and organization.
- subjectAlt SubjectName Alt Names 
- Optional. The subject alternative name fields.
- subject Subject
- Optional. Contains distinguished name fields such as the common name, location and organization.
- subjectAlt SubjectName Alt Names 
- Optional. The subject alternative name fields.
- subject Subject
- Optional. Contains distinguished name fields such as the common name, location and organization.
- subject_alt_ Subjectname Alt Names 
- Optional. The subject alternative name fields.
- subject Property Map
- Optional. Contains distinguished name fields such as the common name, location and organization.
- subjectAlt Property MapName 
- Optional. The subject alternative name fields.
SubjectConfigResponse, SubjectConfigResponseArgs      
- Subject
Pulumi.Google Native. Privateca. V1. Inputs. Subject Response 
- Optional. Contains distinguished name fields such as the common name, location and organization.
- SubjectAlt Pulumi.Name Google Native. Privateca. V1. Inputs. Subject Alt Names Response 
- Optional. The subject alternative name fields.
- Subject
SubjectResponse 
- Optional. Contains distinguished name fields such as the common name, location and organization.
- SubjectAlt SubjectName Alt Names Response 
- Optional. The subject alternative name fields.
- subject
SubjectResponse 
- Optional. Contains distinguished name fields such as the common name, location and organization.
- subjectAlt SubjectName Alt Names Response 
- Optional. The subject alternative name fields.
- subject
SubjectResponse 
- Optional. Contains distinguished name fields such as the common name, location and organization.
- subjectAlt SubjectName Alt Names Response 
- Optional. The subject alternative name fields.
- subject
SubjectResponse 
- Optional. Contains distinguished name fields such as the common name, location and organization.
- subject_alt_ Subjectname Alt Names Response 
- Optional. The subject alternative name fields.
- subject Property Map
- Optional. Contains distinguished name fields such as the common name, location and organization.
- subjectAlt Property MapName 
- Optional. The subject alternative name fields.
SubjectDescriptionResponse, SubjectDescriptionResponseArgs      
- HexSerial stringNumber 
- The serial number encoded in lowercase hexadecimal.
- Lifetime string
- For convenience, the actual lifetime of an issued certificate.
- NotAfter stringTime 
- The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- NotBefore stringTime 
- The time at which the certificate becomes valid.
- Subject
Pulumi.Google Native. Privateca. V1. Inputs. Subject Response 
- Contains distinguished name fields such as the common name, location and / organization.
- SubjectAlt Pulumi.Name Google Native. Privateca. V1. Inputs. Subject Alt Names Response 
- The subject alternative name fields.
- HexSerial stringNumber 
- The serial number encoded in lowercase hexadecimal.
- Lifetime string
- For convenience, the actual lifetime of an issued certificate.
- NotAfter stringTime 
- The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- NotBefore stringTime 
- The time at which the certificate becomes valid.
- Subject
SubjectResponse 
- Contains distinguished name fields such as the common name, location and / organization.
- SubjectAlt SubjectName Alt Names Response 
- The subject alternative name fields.
- hexSerial StringNumber 
- The serial number encoded in lowercase hexadecimal.
- lifetime String
- For convenience, the actual lifetime of an issued certificate.
- notAfter StringTime 
- The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- notBefore StringTime 
- The time at which the certificate becomes valid.
- subject
SubjectResponse 
- Contains distinguished name fields such as the common name, location and / organization.
- subjectAlt SubjectName Alt Names Response 
- The subject alternative name fields.
- hexSerial stringNumber 
- The serial number encoded in lowercase hexadecimal.
- lifetime string
- For convenience, the actual lifetime of an issued certificate.
- notAfter stringTime 
- The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- notBefore stringTime 
- The time at which the certificate becomes valid.
- subject
SubjectResponse 
- Contains distinguished name fields such as the common name, location and / organization.
- subjectAlt SubjectName Alt Names Response 
- The subject alternative name fields.
- hex_serial_ strnumber 
- The serial number encoded in lowercase hexadecimal.
- lifetime str
- For convenience, the actual lifetime of an issued certificate.
- not_after_ strtime 
- The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not_before_ strtime 
- The time at which the certificate becomes valid.
- subject
SubjectResponse 
- Contains distinguished name fields such as the common name, location and / organization.
- subject_alt_ Subjectname Alt Names Response 
- The subject alternative name fields.
- hexSerial StringNumber 
- The serial number encoded in lowercase hexadecimal.
- lifetime String
- For convenience, the actual lifetime of an issued certificate.
- notAfter StringTime 
- The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- notBefore StringTime 
- The time at which the certificate becomes valid.
- subject Property Map
- Contains distinguished name fields such as the common name, location and / organization.
- subjectAlt Property MapName 
- The subject alternative name fields.
SubjectResponse, SubjectResponseArgs    
- CommonName string
- The "common name" of the subject.
- CountryCode string
- The country code of the subject.
- Locality string
- The locality or city of the subject.
- Organization string
- The organization of the subject.
- OrganizationalUnit string
- The organizational_unit of the subject.
- PostalCode string
- The postal code of the subject.
- Province string
- The province, territory, or regional state of the subject.
- StreetAddress string
- The street address of the subject.
- CommonName string
- The "common name" of the subject.
- CountryCode string
- The country code of the subject.
- Locality string
- The locality or city of the subject.
- Organization string
- The organization of the subject.
- OrganizationalUnit string
- The organizational_unit of the subject.
- PostalCode string
- The postal code of the subject.
- Province string
- The province, territory, or regional state of the subject.
- StreetAddress string
- The street address of the subject.
- commonName String
- The "common name" of the subject.
- countryCode String
- The country code of the subject.
- locality String
- The locality or city of the subject.
- organization String
- The organization of the subject.
- organizationalUnit String
- The organizational_unit of the subject.
- postalCode String
- The postal code of the subject.
- province String
- The province, territory, or regional state of the subject.
- streetAddress String
- The street address of the subject.
- commonName string
- The "common name" of the subject.
- countryCode string
- The country code of the subject.
- locality string
- The locality or city of the subject.
- organization string
- The organization of the subject.
- organizationalUnit string
- The organizational_unit of the subject.
- postalCode string
- The postal code of the subject.
- province string
- The province, territory, or regional state of the subject.
- streetAddress string
- The street address of the subject.
- common_name str
- The "common name" of the subject.
- country_code str
- The country code of the subject.
- locality str
- The locality or city of the subject.
- organization str
- The organization of the subject.
- organizational_unit str
- The organizational_unit of the subject.
- postal_code str
- The postal code of the subject.
- province str
- The province, territory, or regional state of the subject.
- street_address str
- The street address of the subject.
- commonName String
- The "common name" of the subject.
- countryCode String
- The country code of the subject.
- locality String
- The locality or city of the subject.
- organization String
- The organization of the subject.
- organizationalUnit String
- The organizational_unit of the subject.
- postalCode String
- The postal code of the subject.
- province String
- The province, territory, or regional state of the subject.
- streetAddress String
- The street address of the subject.
SubordinateConfig, SubordinateConfigArgs    
- string
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- PemIssuer Pulumi.Chain Google Native. Privateca. V1. Inputs. Subordinate Config Chain 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- string
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- PemIssuer SubordinateChain Config Chain 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- String
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pemIssuer SubordinateChain Config Chain 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- string
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pemIssuer SubordinateChain Config Chain 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- str
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pem_issuer_ Subordinatechain Config Chain 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- String
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pemIssuer Property MapChain 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
SubordinateConfigChain, SubordinateConfigChainArgs      
- PemCertificates List<string>
- Expected to be in leaf-to-root order according to RFC 5246.
- PemCertificates []string
- Expected to be in leaf-to-root order according to RFC 5246.
- pemCertificates List<String>
- Expected to be in leaf-to-root order according to RFC 5246.
- pemCertificates string[]
- Expected to be in leaf-to-root order according to RFC 5246.
- pem_certificates Sequence[str]
- Expected to be in leaf-to-root order according to RFC 5246.
- pemCertificates List<String>
- Expected to be in leaf-to-root order according to RFC 5246.
SubordinateConfigChainResponse, SubordinateConfigChainResponseArgs        
- PemCertificates List<string>
- Expected to be in leaf-to-root order according to RFC 5246.
- PemCertificates []string
- Expected to be in leaf-to-root order according to RFC 5246.
- pemCertificates List<String>
- Expected to be in leaf-to-root order according to RFC 5246.
- pemCertificates string[]
- Expected to be in leaf-to-root order according to RFC 5246.
- pem_certificates Sequence[str]
- Expected to be in leaf-to-root order according to RFC 5246.
- pemCertificates List<String>
- Expected to be in leaf-to-root order according to RFC 5246.
SubordinateConfigResponse, SubordinateConfigResponseArgs      
- string
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- PemIssuer Pulumi.Chain Google Native. Privateca. V1. Inputs. Subordinate Config Chain Response 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- string
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- PemIssuer SubordinateChain Config Chain Response 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- String
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pemIssuer SubordinateChain Config Chain Response 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- string
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pemIssuer SubordinateChain Config Chain Response 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- str
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pem_issuer_ Subordinatechain Config Chain Response 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
- String
- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
- pemIssuer Property MapChain 
- Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
X509Extension, X509ExtensionArgs  
- ObjectId Pulumi.Google Native. Privateca. V1. Inputs. Object Id 
- The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- objectId Property Map
- The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
X509ExtensionResponse, X509ExtensionResponseArgs    
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- ObjectId Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response 
- The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- Critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- ObjectId ObjectId Response 
- The OID for this X.509 extension.
- Value string
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- objectId ObjectId Response 
- The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
- critical boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- objectId ObjectId Response 
- The OID for this X.509 extension.
- value string
- The value of this X.509 extension.
- critical bool
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_id ObjectId Response 
- The OID for this X.509 extension.
- value str
- The value of this X.509 extension.
- critical Boolean
- Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- objectId Property Map
- The OID for this X.509 extension.
- value String
- The value of this X.509 extension.
X509Parameters, X509ParametersArgs  
- AdditionalExtensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension> 
- Optional. Describes custom X.509 extensions.
- AiaOcsp List<string>Servers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- CaOptions Pulumi.Google Native. Privateca. V1. Inputs. Ca Options 
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- KeyUsage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage 
- Optional. Indicates the intended use for keys that correspond to a certificate.
- NameConstraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints 
- Optional. Describes the X.509 name constraints extension.
- PolicyIds List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id> 
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- AdditionalExtensions []X509Extension
- Optional. Describes custom X.509 extensions.
- AiaOcsp []stringServers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- CaOptions CaOptions 
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- KeyUsage KeyUsage 
- Optional. Indicates the intended use for keys that correspond to a certificate.
- NameConstraints NameConstraints 
- Optional. Describes the X.509 name constraints extension.
- PolicyIds []ObjectId 
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additionalExtensions List<X509Extension>
- Optional. Describes custom X.509 extensions.
- aiaOcsp List<String>Servers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- caOptions CaOptions 
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- keyUsage KeyUsage 
- Optional. Indicates the intended use for keys that correspond to a certificate.
- nameConstraints NameConstraints 
- Optional. Describes the X.509 name constraints extension.
- policyIds List<ObjectId> 
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additionalExtensions X509Extension[]
- Optional. Describes custom X.509 extensions.
- aiaOcsp string[]Servers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- caOptions CaOptions 
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- keyUsage KeyUsage 
- Optional. Indicates the intended use for keys that correspond to a certificate.
- nameConstraints NameConstraints 
- Optional. Describes the X.509 name constraints extension.
- policyIds ObjectId[] 
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_extensions Sequence[X509Extension]
- Optional. Describes custom X.509 extensions.
- aia_ocsp_ Sequence[str]servers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_options CaOptions 
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_usage KeyUsage 
- Optional. Indicates the intended use for keys that correspond to a certificate.
- name_constraints NameConstraints 
- Optional. Describes the X.509 name constraints extension.
- policy_ids Sequence[ObjectId] 
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additionalExtensions List<Property Map>
- Optional. Describes custom X.509 extensions.
- aiaOcsp List<String>Servers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- caOptions Property Map
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- keyUsage Property Map
- Optional. Indicates the intended use for keys that correspond to a certificate.
- nameConstraints Property Map
- Optional. Describes the X.509 name constraints extension.
- policyIds List<Property Map>
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
X509ParametersResponse, X509ParametersResponseArgs    
- AdditionalExtensions List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> 
- Optional. Describes custom X.509 extensions.
- AiaOcsp List<string>Servers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- CaOptions Pulumi.Google Native. Privateca. V1. Inputs. Ca Options Response 
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- KeyUsage Pulumi.Google Native. Privateca. V1. Inputs. Key Usage Response 
- Optional. Indicates the intended use for keys that correspond to a certificate.
- NameConstraints Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints Response 
- Optional. Describes the X.509 name constraints extension.
- PolicyIds List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> 
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- AdditionalExtensions []X509ExtensionResponse 
- Optional. Describes custom X.509 extensions.
- AiaOcsp []stringServers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- CaOptions CaOptions Response 
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- KeyUsage KeyUsage Response 
- Optional. Indicates the intended use for keys that correspond to a certificate.
- NameConstraints NameConstraints Response 
- Optional. Describes the X.509 name constraints extension.
- PolicyIds []ObjectId Response 
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additionalExtensions List<X509ExtensionResponse> 
- Optional. Describes custom X.509 extensions.
- aiaOcsp List<String>Servers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- caOptions CaOptions Response 
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- keyUsage KeyUsage Response 
- Optional. Indicates the intended use for keys that correspond to a certificate.
- nameConstraints NameConstraints Response 
- Optional. Describes the X.509 name constraints extension.
- policyIds List<ObjectId Response> 
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additionalExtensions X509ExtensionResponse[] 
- Optional. Describes custom X.509 extensions.
- aiaOcsp string[]Servers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- caOptions CaOptions Response 
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- keyUsage KeyUsage Response 
- Optional. Indicates the intended use for keys that correspond to a certificate.
- nameConstraints NameConstraints Response 
- Optional. Describes the X.509 name constraints extension.
- policyIds ObjectId Response[] 
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_extensions Sequence[X509ExtensionResponse] 
- Optional. Describes custom X.509 extensions.
- aia_ocsp_ Sequence[str]servers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_options CaOptions Response 
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_usage KeyUsage Response 
- Optional. Indicates the intended use for keys that correspond to a certificate.
- name_constraints NameConstraints Response 
- Optional. Describes the X.509 name constraints extension.
- policy_ids Sequence[ObjectId Response] 
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additionalExtensions List<Property Map>
- Optional. Describes custom X.509 extensions.
- aiaOcsp List<String>Servers 
- Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- caOptions Property Map
- Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- keyUsage Property Map
- Optional. Indicates the intended use for keys that correspond to a certificate.
- nameConstraints Property Map
- Optional. Describes the X.509 name constraints extension.
- policyIds List<Property Map>
- Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.