1. Packages
  2. Google Cloud Native
  3. API Docs
  4. privateca
  5. privateca/v1
  6. getCertificateAuthority

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.privateca/v1.getCertificateAuthority

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

Returns a CertificateAuthority.

Using getCertificateAuthority

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getCertificateAuthority(args: GetCertificateAuthorityArgs, opts?: InvokeOptions): Promise<GetCertificateAuthorityResult>
function getCertificateAuthorityOutput(args: GetCertificateAuthorityOutputArgs, opts?: InvokeOptions): Output<GetCertificateAuthorityResult>
Copy
def get_certificate_authority(ca_pool_id: Optional[str] = None,
                              certificate_authority_id: Optional[str] = None,
                              location: Optional[str] = None,
                              project: Optional[str] = None,
                              opts: Optional[InvokeOptions] = None) -> GetCertificateAuthorityResult
def get_certificate_authority_output(ca_pool_id: Optional[pulumi.Input[str]] = None,
                              certificate_authority_id: Optional[pulumi.Input[str]] = None,
                              location: Optional[pulumi.Input[str]] = None,
                              project: Optional[pulumi.Input[str]] = None,
                              opts: Optional[InvokeOptions] = None) -> Output[GetCertificateAuthorityResult]
Copy
func LookupCertificateAuthority(ctx *Context, args *LookupCertificateAuthorityArgs, opts ...InvokeOption) (*LookupCertificateAuthorityResult, error)
func LookupCertificateAuthorityOutput(ctx *Context, args *LookupCertificateAuthorityOutputArgs, opts ...InvokeOption) LookupCertificateAuthorityResultOutput
Copy

> Note: This function is named LookupCertificateAuthority in the Go SDK.

public static class GetCertificateAuthority 
{
    public static Task<GetCertificateAuthorityResult> InvokeAsync(GetCertificateAuthorityArgs args, InvokeOptions? opts = null)
    public static Output<GetCertificateAuthorityResult> Invoke(GetCertificateAuthorityInvokeArgs args, InvokeOptions? opts = null)
}
Copy
public static CompletableFuture<GetCertificateAuthorityResult> getCertificateAuthority(GetCertificateAuthorityArgs args, InvokeOptions options)
public static Output<GetCertificateAuthorityResult> getCertificateAuthority(GetCertificateAuthorityArgs args, InvokeOptions options)
Copy
fn::invoke:
  function: google-native:privateca/v1:getCertificateAuthority
  arguments:
    # arguments dictionary
Copy

The following arguments are supported:

CaPoolId This property is required. string
CertificateAuthorityId This property is required. string
Location This property is required. string
Project string
CaPoolId This property is required. string
CertificateAuthorityId This property is required. string
Location This property is required. string
Project string
caPoolId This property is required. String
certificateAuthorityId This property is required. String
location This property is required. String
project String
caPoolId This property is required. string
certificateAuthorityId This property is required. string
location This property is required. string
project string
ca_pool_id This property is required. str
certificate_authority_id This property is required. str
location This property is required. str
project str
caPoolId This property is required. String
certificateAuthorityId This property is required. String
location This property is required. String
project String

getCertificateAuthority Result

The following output properties are available:

AccessUrls Pulumi.GoogleNative.Privateca.V1.Outputs.AccessUrlsResponse
URLs for accessing content published by this CA, such as the CA certificate and CRLs.
CaCertificateDescriptions List<Pulumi.GoogleNative.Privateca.V1.Outputs.CertificateDescriptionResponse>
A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
Config Pulumi.GoogleNative.Privateca.V1.Outputs.CertificateConfigResponse
Immutable. The config used to create a self-signed X.509 certificate or CSR.
CreateTime string
The time at which this CertificateAuthority was created.
DeleteTime string
The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
ExpireTime string
The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
GcsBucket string
Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
KeySpec Pulumi.GoogleNative.Privateca.V1.Outputs.KeyVersionSpecResponse
Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
Labels Dictionary<string, string>
Optional. Labels with user-defined metadata.
Lifetime string
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
Name string
The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
PemCaCertificates List<string>
This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
State string
The State for this CertificateAuthority.
SubordinateConfig Pulumi.GoogleNative.Privateca.V1.Outputs.SubordinateConfigResponse
Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
Tier string
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
Type string
Immutable. The Type of this CertificateAuthority.
UpdateTime string
The time at which this CertificateAuthority was last updated.
AccessUrls AccessUrlsResponse
URLs for accessing content published by this CA, such as the CA certificate and CRLs.
CaCertificateDescriptions []CertificateDescriptionResponse
A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
Config CertificateConfigResponse
Immutable. The config used to create a self-signed X.509 certificate or CSR.
CreateTime string
The time at which this CertificateAuthority was created.
DeleteTime string
The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
ExpireTime string
The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
GcsBucket string
Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
KeySpec KeyVersionSpecResponse
Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
Labels map[string]string
Optional. Labels with user-defined metadata.
Lifetime string
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
Name string
The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
PemCaCertificates []string
This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
State string
The State for this CertificateAuthority.
SubordinateConfig SubordinateConfigResponse
Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
Tier string
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
Type string
Immutable. The Type of this CertificateAuthority.
UpdateTime string
The time at which this CertificateAuthority was last updated.
accessUrls AccessUrlsResponse
URLs for accessing content published by this CA, such as the CA certificate and CRLs.
caCertificateDescriptions List<CertificateDescriptionResponse>
A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
config CertificateConfigResponse
Immutable. The config used to create a self-signed X.509 certificate or CSR.
createTime String
The time at which this CertificateAuthority was created.
deleteTime String
The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
expireTime String
The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
gcsBucket String
Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
keySpec KeyVersionSpecResponse
Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
labels Map<String,String>
Optional. Labels with user-defined metadata.
lifetime String
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
name String
The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
pemCaCertificates List<String>
This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
state String
The State for this CertificateAuthority.
subordinateConfig SubordinateConfigResponse
Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
tier String
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
type String
Immutable. The Type of this CertificateAuthority.
updateTime String
The time at which this CertificateAuthority was last updated.
accessUrls AccessUrlsResponse
URLs for accessing content published by this CA, such as the CA certificate and CRLs.
caCertificateDescriptions CertificateDescriptionResponse[]
A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
config CertificateConfigResponse
Immutable. The config used to create a self-signed X.509 certificate or CSR.
createTime string
The time at which this CertificateAuthority was created.
deleteTime string
The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
expireTime string
The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
gcsBucket string
Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
keySpec KeyVersionSpecResponse
Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
labels {[key: string]: string}
Optional. Labels with user-defined metadata.
lifetime string
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
name string
The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
pemCaCertificates string[]
This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
state string
The State for this CertificateAuthority.
subordinateConfig SubordinateConfigResponse
Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
tier string
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
type string
Immutable. The Type of this CertificateAuthority.
updateTime string
The time at which this CertificateAuthority was last updated.
access_urls AccessUrlsResponse
URLs for accessing content published by this CA, such as the CA certificate and CRLs.
ca_certificate_descriptions Sequence[CertificateDescriptionResponse]
A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
config CertificateConfigResponse
Immutable. The config used to create a self-signed X.509 certificate or CSR.
create_time str
The time at which this CertificateAuthority was created.
delete_time str
The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
expire_time str
The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
gcs_bucket str
Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
key_spec KeyVersionSpecResponse
Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
labels Mapping[str, str]
Optional. Labels with user-defined metadata.
lifetime str
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
name str
The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
pem_ca_certificates Sequence[str]
This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
state str
The State for this CertificateAuthority.
subordinate_config SubordinateConfigResponse
Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
tier str
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
type str
Immutable. The Type of this CertificateAuthority.
update_time str
The time at which this CertificateAuthority was last updated.
accessUrls Property Map
URLs for accessing content published by this CA, such as the CA certificate and CRLs.
caCertificateDescriptions List<Property Map>
A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
config Property Map
Immutable. The config used to create a self-signed X.509 certificate or CSR.
createTime String
The time at which this CertificateAuthority was created.
deleteTime String
The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
expireTime String
The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
gcsBucket String
Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
keySpec Property Map
Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
labels Map<String>
Optional. Labels with user-defined metadata.
lifetime String
Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
name String
The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
pemCaCertificates List<String>
This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
state String
The State for this CertificateAuthority.
subordinateConfig Property Map
Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
tier String
The CaPool.Tier of the CaPool that includes this CertificateAuthority.
type String
Immutable. The Type of this CertificateAuthority.
updateTime String
The time at which this CertificateAuthority was last updated.

Supporting Types

AccessUrlsResponse

CaCertificateAccessUrl This property is required. string
The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
CrlAccessUrls This property is required. List<string>
The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
CaCertificateAccessUrl This property is required. string
The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
CrlAccessUrls This property is required. []string
The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
caCertificateAccessUrl This property is required. String
The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crlAccessUrls This property is required. List<String>
The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
caCertificateAccessUrl This property is required. string
The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crlAccessUrls This property is required. string[]
The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
ca_certificate_access_url This property is required. str
The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crl_access_urls This property is required. Sequence[str]
The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
caCertificateAccessUrl This property is required. String
The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crlAccessUrls This property is required. List<String>
The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

CaOptionsResponse

IsCa This property is required. bool
Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength This property is required. int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
IsCa This property is required. bool
Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength This property is required. int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
isCa This property is required. Boolean
Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength This property is required. Integer
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
isCa This property is required. boolean
Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength This property is required. number
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
is_ca This property is required. bool
Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length This property is required. int
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
isCa This property is required. Boolean
Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength This property is required. Number
Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CertificateConfigResponse

PublicKey This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKeyResponse
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
SubjectConfig This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectConfigResponse
Specifies some of the values in a certificate that are related to the subject.
X509Config This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse
Describes how some of the technical X.509 fields in a certificate should be populated.
PublicKey This property is required. PublicKeyResponse
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
SubjectConfig This property is required. SubjectConfigResponse
Specifies some of the values in a certificate that are related to the subject.
X509Config This property is required. X509ParametersResponse
Describes how some of the technical X.509 fields in a certificate should be populated.
publicKey This property is required. PublicKeyResponse
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subjectConfig This property is required. SubjectConfigResponse
Specifies some of the values in a certificate that are related to the subject.
x509Config This property is required. X509ParametersResponse
Describes how some of the technical X.509 fields in a certificate should be populated.
publicKey This property is required. PublicKeyResponse
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subjectConfig This property is required. SubjectConfigResponse
Specifies some of the values in a certificate that are related to the subject.
x509Config This property is required. X509ParametersResponse
Describes how some of the technical X.509 fields in a certificate should be populated.
public_key This property is required. PublicKeyResponse
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subject_config This property is required. SubjectConfigResponse
Specifies some of the values in a certificate that are related to the subject.
x509_config This property is required. X509ParametersResponse
Describes how some of the technical X.509 fields in a certificate should be populated.
publicKey This property is required. Property Map
Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subjectConfig This property is required. Property Map
Specifies some of the values in a certificate that are related to the subject.
x509Config This property is required. Property Map
Describes how some of the technical X.509 fields in a certificate should be populated.

CertificateDescriptionResponse

AiaIssuingCertificateUrls This property is required. List<string>
Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
AuthorityKeyId This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.KeyIdResponse
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
CertFingerprint This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateFingerprintResponse
The hash of the x.509 certificate.
CrlDistributionPoints This property is required. List<string>
Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
PublicKey This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKeyResponse
The public key that corresponds to an issued certificate.
SubjectDescription This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectDescriptionResponse
Describes some of the values in a certificate that are related to the subject and lifetime.
SubjectKeyId This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.KeyIdResponse
Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
X509Description This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse
Describes some of the technical X.509 fields in a certificate.
AiaIssuingCertificateUrls This property is required. []string
Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
AuthorityKeyId This property is required. KeyIdResponse
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
CertFingerprint This property is required. CertificateFingerprintResponse
The hash of the x.509 certificate.
CrlDistributionPoints This property is required. []string
Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
PublicKey This property is required. PublicKeyResponse
The public key that corresponds to an issued certificate.
SubjectDescription This property is required. SubjectDescriptionResponse
Describes some of the values in a certificate that are related to the subject and lifetime.
SubjectKeyId This property is required. KeyIdResponse
Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
X509Description This property is required. X509ParametersResponse
Describes some of the technical X.509 fields in a certificate.
aiaIssuingCertificateUrls This property is required. List<String>
Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authorityKeyId This property is required. KeyIdResponse
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
certFingerprint This property is required. CertificateFingerprintResponse
The hash of the x.509 certificate.
crlDistributionPoints This property is required. List<String>
Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
publicKey This property is required. PublicKeyResponse
The public key that corresponds to an issued certificate.
subjectDescription This property is required. SubjectDescriptionResponse
Describes some of the values in a certificate that are related to the subject and lifetime.
subjectKeyId This property is required. KeyIdResponse
Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
x509Description This property is required. X509ParametersResponse
Describes some of the technical X.509 fields in a certificate.
aiaIssuingCertificateUrls This property is required. string[]
Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authorityKeyId This property is required. KeyIdResponse
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
certFingerprint This property is required. CertificateFingerprintResponse
The hash of the x.509 certificate.
crlDistributionPoints This property is required. string[]
Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
publicKey This property is required. PublicKeyResponse
The public key that corresponds to an issued certificate.
subjectDescription This property is required. SubjectDescriptionResponse
Describes some of the values in a certificate that are related to the subject and lifetime.
subjectKeyId This property is required. KeyIdResponse
Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
x509Description This property is required. X509ParametersResponse
Describes some of the technical X.509 fields in a certificate.
aia_issuing_certificate_urls This property is required. Sequence[str]
Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authority_key_id This property is required. KeyIdResponse
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
cert_fingerprint This property is required. CertificateFingerprintResponse
The hash of the x.509 certificate.
crl_distribution_points This property is required. Sequence[str]
Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
public_key This property is required. PublicKeyResponse
The public key that corresponds to an issued certificate.
subject_description This property is required. SubjectDescriptionResponse
Describes some of the values in a certificate that are related to the subject and lifetime.
subject_key_id This property is required. KeyIdResponse
Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
x509_description This property is required. X509ParametersResponse
Describes some of the technical X.509 fields in a certificate.
aiaIssuingCertificateUrls This property is required. List<String>
Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authorityKeyId This property is required. Property Map
Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
certFingerprint This property is required. Property Map
The hash of the x.509 certificate.
crlDistributionPoints This property is required. List<String>
Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
publicKey This property is required. Property Map
The public key that corresponds to an issued certificate.
subjectDescription This property is required. Property Map
Describes some of the values in a certificate that are related to the subject and lifetime.
subjectKeyId This property is required. Property Map
Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
x509Description This property is required. Property Map
Describes some of the technical X.509 fields in a certificate.

CertificateFingerprintResponse

Sha256Hash This property is required. string
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
Sha256Hash This property is required. string
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
sha256Hash This property is required. String
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
sha256Hash This property is required. string
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
sha256_hash This property is required. str
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
sha256Hash This property is required. String
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

ExtendedKeyUsageOptionsResponse

ClientAuth This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
ClientAuth This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
clientAuth This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
clientAuth This property is required. boolean
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning This property is required. boolean
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection This property is required. boolean
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning This property is required. boolean
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth This property is required. boolean
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping This property is required. boolean
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
client_auth This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
code_signing This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
email_protection This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocsp_signing This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
server_auth This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
time_stamping This property is required. bool
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
clientAuth This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping This property is required. Boolean
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

KeyIdResponse

KeyId This property is required. string
Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
KeyId This property is required. string
Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
keyId This property is required. String
Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
keyId This property is required. string
Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
key_id This property is required. str
Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
keyId This property is required. String
Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

KeyUsageOptionsResponse

CertSign This property is required. bool
The key may be used to sign certificates.
ContentCommitment This property is required. bool
The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign This property is required. bool
The key may be used sign certificate revocation lists.
DataEncipherment This property is required. bool
The key may be used to encipher data.
DecipherOnly This property is required. bool
The key may be used to decipher only.
DigitalSignature This property is required. bool
The key may be used for digital signatures.
EncipherOnly This property is required. bool
The key may be used to encipher only.
KeyAgreement This property is required. bool
The key may be used in a key agreement protocol.
KeyEncipherment This property is required. bool
The key may be used to encipher other keys.
CertSign This property is required. bool
The key may be used to sign certificates.
ContentCommitment This property is required. bool
The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign This property is required. bool
The key may be used sign certificate revocation lists.
DataEncipherment This property is required. bool
The key may be used to encipher data.
DecipherOnly This property is required. bool
The key may be used to decipher only.
DigitalSignature This property is required. bool
The key may be used for digital signatures.
EncipherOnly This property is required. bool
The key may be used to encipher only.
KeyAgreement This property is required. bool
The key may be used in a key agreement protocol.
KeyEncipherment This property is required. bool
The key may be used to encipher other keys.
certSign This property is required. Boolean
The key may be used to sign certificates.
contentCommitment This property is required. Boolean
The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign This property is required. Boolean
The key may be used sign certificate revocation lists.
dataEncipherment This property is required. Boolean
The key may be used to encipher data.
decipherOnly This property is required. Boolean
The key may be used to decipher only.
digitalSignature This property is required. Boolean
The key may be used for digital signatures.
encipherOnly This property is required. Boolean
The key may be used to encipher only.
keyAgreement This property is required. Boolean
The key may be used in a key agreement protocol.
keyEncipherment This property is required. Boolean
The key may be used to encipher other keys.
certSign This property is required. boolean
The key may be used to sign certificates.
contentCommitment This property is required. boolean
The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign This property is required. boolean
The key may be used sign certificate revocation lists.
dataEncipherment This property is required. boolean
The key may be used to encipher data.
decipherOnly This property is required. boolean
The key may be used to decipher only.
digitalSignature This property is required. boolean
The key may be used for digital signatures.
encipherOnly This property is required. boolean
The key may be used to encipher only.
keyAgreement This property is required. boolean
The key may be used in a key agreement protocol.
keyEncipherment This property is required. boolean
The key may be used to encipher other keys.
cert_sign This property is required. bool
The key may be used to sign certificates.
content_commitment This property is required. bool
The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crl_sign This property is required. bool
The key may be used sign certificate revocation lists.
data_encipherment This property is required. bool
The key may be used to encipher data.
decipher_only This property is required. bool
The key may be used to decipher only.
digital_signature This property is required. bool
The key may be used for digital signatures.
encipher_only This property is required. bool
The key may be used to encipher only.
key_agreement This property is required. bool
The key may be used in a key agreement protocol.
key_encipherment This property is required. bool
The key may be used to encipher other keys.
certSign This property is required. Boolean
The key may be used to sign certificates.
contentCommitment This property is required. Boolean
The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign This property is required. Boolean
The key may be used sign certificate revocation lists.
dataEncipherment This property is required. Boolean
The key may be used to encipher data.
decipherOnly This property is required. Boolean
The key may be used to decipher only.
digitalSignature This property is required. Boolean
The key may be used for digital signatures.
encipherOnly This property is required. Boolean
The key may be used to encipher only.
keyAgreement This property is required. Boolean
The key may be used in a key agreement protocol.
keyEncipherment This property is required. Boolean
The key may be used to encipher other keys.

KeyUsageResponse

BaseKeyUsage This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
ExtendedKeyUsage This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages This property is required. List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
BaseKeyUsage This property is required. KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
ExtendedKeyUsage This property is required. ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages This property is required. []ObjectIdResponse
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
baseKeyUsage This property is required. KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
extendedKeyUsage This property is required. ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages This property is required. List<ObjectIdResponse>
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
baseKeyUsage This property is required. KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
extendedKeyUsage This property is required. ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages This property is required. ObjectIdResponse[]
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
base_key_usage This property is required. KeyUsageOptionsResponse
Describes high-level ways in which a key may be used.
extended_key_usage This property is required. ExtendedKeyUsageOptionsResponse
Detailed scenarios in which a key may be used.
unknown_extended_key_usages This property is required. Sequence[ObjectIdResponse]
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
baseKeyUsage This property is required. Property Map
Describes high-level ways in which a key may be used.
extendedKeyUsage This property is required. Property Map
Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages This property is required. List<Property Map>
Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

KeyVersionSpecResponse

Algorithm This property is required. string
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
CloudKmsKeyVersion This property is required. string
The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
Algorithm This property is required. string
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
CloudKmsKeyVersion This property is required. string
The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
algorithm This property is required. String
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloudKmsKeyVersion This property is required. String
The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
algorithm This property is required. string
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloudKmsKeyVersion This property is required. string
The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
algorithm This property is required. str
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloud_kms_key_version This property is required. str
The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.
algorithm This property is required. String
The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM.
cloudKmsKeyVersion This property is required. String
The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

NameConstraintsResponse

Critical This property is required. bool
Indicates whether or not the name constraints are marked critical.
ExcludedDnsNames This property is required. List<string>
Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
ExcludedEmailAddresses This property is required. List<string>
Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
ExcludedIpRanges This property is required. List<string>
Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
ExcludedUris This property is required. List<string>
Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
PermittedDnsNames This property is required. List<string>
Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
PermittedEmailAddresses This property is required. List<string>
Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
PermittedIpRanges This property is required. List<string>
Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
PermittedUris This property is required. List<string>
Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
Critical This property is required. bool
Indicates whether or not the name constraints are marked critical.
ExcludedDnsNames This property is required. []string
Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
ExcludedEmailAddresses This property is required. []string
Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
ExcludedIpRanges This property is required. []string
Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
ExcludedUris This property is required. []string
Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
PermittedDnsNames This property is required. []string
Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
PermittedEmailAddresses This property is required. []string
Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
PermittedIpRanges This property is required. []string
Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
PermittedUris This property is required. []string
Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
critical This property is required. Boolean
Indicates whether or not the name constraints are marked critical.
excludedDnsNames This property is required. List<String>
Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses This property is required. List<String>
Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges This property is required. List<String>
Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris This property is required. List<String>
Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames This property is required. List<String>
Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses This property is required. List<String>
Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges This property is required. List<String>
Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris This property is required. List<String>
Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
critical This property is required. boolean
Indicates whether or not the name constraints are marked critical.
excludedDnsNames This property is required. string[]
Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses This property is required. string[]
Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges This property is required. string[]
Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris This property is required. string[]
Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames This property is required. string[]
Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses This property is required. string[]
Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges This property is required. string[]
Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris This property is required. string[]
Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
critical This property is required. bool
Indicates whether or not the name constraints are marked critical.
excluded_dns_names This property is required. Sequence[str]
Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excluded_email_addresses This property is required. Sequence[str]
Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excluded_ip_ranges This property is required. Sequence[str]
Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excluded_uris This property is required. Sequence[str]
Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permitted_dns_names This property is required. Sequence[str]
Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permitted_email_addresses This property is required. Sequence[str]
Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permitted_ip_ranges This property is required. Sequence[str]
Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permitted_uris This property is required. Sequence[str]
Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
critical This property is required. Boolean
Indicates whether or not the name constraints are marked critical.
excludedDnsNames This property is required. List<String>
Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses This property is required. List<String>
Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges This property is required. List<String>
Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris This property is required. List<String>
Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames This property is required. List<String>
Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses This property is required. List<String>
Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges This property is required. List<String>
Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris This property is required. List<String>
Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

ObjectIdResponse

ObjectIdPath This property is required. List<int>
The parts of an OID path. The most significant parts of the path come first.
ObjectIdPath This property is required. []int
The parts of an OID path. The most significant parts of the path come first.
objectIdPath This property is required. List<Integer>
The parts of an OID path. The most significant parts of the path come first.
objectIdPath This property is required. number[]
The parts of an OID path. The most significant parts of the path come first.
object_id_path This property is required. Sequence[int]
The parts of an OID path. The most significant parts of the path come first.
objectIdPath This property is required. List<Number>
The parts of an OID path. The most significant parts of the path come first.

PublicKeyResponse

Format This property is required. string
The format of the public key.
Key This property is required. string
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
Format This property is required. string
The format of the public key.
Key This property is required. string
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
format This property is required. String
The format of the public key.
key This property is required. String
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
format This property is required. string
The format of the public key.
key This property is required. string
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
format This property is required. str
The format of the public key.
key This property is required. str
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.
format This property is required. String
The format of the public key.
key This property is required. String
A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

SubjectAltNamesResponse

CustomSans This property is required. List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>
Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
DnsNames This property is required. List<string>
Contains only valid, fully-qualified host names.
EmailAddresses This property is required. List<string>
Contains only valid RFC 2822 E-mail addresses.
IpAddresses This property is required. List<string>
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris This property is required. List<string>
Contains only valid RFC 3986 URIs.
CustomSans This property is required. []X509ExtensionResponse
Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
DnsNames This property is required. []string
Contains only valid, fully-qualified host names.
EmailAddresses This property is required. []string
Contains only valid RFC 2822 E-mail addresses.
IpAddresses This property is required. []string
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris This property is required. []string
Contains only valid RFC 3986 URIs.
customSans This property is required. List<X509ExtensionResponse>
Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dnsNames This property is required. List<String>
Contains only valid, fully-qualified host names.
emailAddresses This property is required. List<String>
Contains only valid RFC 2822 E-mail addresses.
ipAddresses This property is required. List<String>
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris This property is required. List<String>
Contains only valid RFC 3986 URIs.
customSans This property is required. X509ExtensionResponse[]
Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dnsNames This property is required. string[]
Contains only valid, fully-qualified host names.
emailAddresses This property is required. string[]
Contains only valid RFC 2822 E-mail addresses.
ipAddresses This property is required. string[]
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris This property is required. string[]
Contains only valid RFC 3986 URIs.
custom_sans This property is required. Sequence[X509ExtensionResponse]
Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dns_names This property is required. Sequence[str]
Contains only valid, fully-qualified host names.
email_addresses This property is required. Sequence[str]
Contains only valid RFC 2822 E-mail addresses.
ip_addresses This property is required. Sequence[str]
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris This property is required. Sequence[str]
Contains only valid RFC 3986 URIs.
customSans This property is required. List<Property Map>
Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dnsNames This property is required. List<String>
Contains only valid, fully-qualified host names.
emailAddresses This property is required. List<String>
Contains only valid RFC 2822 E-mail addresses.
ipAddresses This property is required. List<String>
Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris This property is required. List<String>
Contains only valid RFC 3986 URIs.

SubjectConfigResponse

Subject This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectResponse
Optional. Contains distinguished name fields such as the common name, location and organization.
SubjectAltName This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNamesResponse
Optional. The subject alternative name fields.
Subject This property is required. SubjectResponse
Optional. Contains distinguished name fields such as the common name, location and organization.
SubjectAltName This property is required. SubjectAltNamesResponse
Optional. The subject alternative name fields.
subject This property is required. SubjectResponse
Optional. Contains distinguished name fields such as the common name, location and organization.
subjectAltName This property is required. SubjectAltNamesResponse
Optional. The subject alternative name fields.
subject This property is required. SubjectResponse
Optional. Contains distinguished name fields such as the common name, location and organization.
subjectAltName This property is required. SubjectAltNamesResponse
Optional. The subject alternative name fields.
subject This property is required. SubjectResponse
Optional. Contains distinguished name fields such as the common name, location and organization.
subject_alt_name This property is required. SubjectAltNamesResponse
Optional. The subject alternative name fields.
subject This property is required. Property Map
Optional. Contains distinguished name fields such as the common name, location and organization.
subjectAltName This property is required. Property Map
Optional. The subject alternative name fields.

SubjectDescriptionResponse

HexSerialNumber This property is required. string
The serial number encoded in lowercase hexadecimal.
Lifetime This property is required. string
For convenience, the actual lifetime of an issued certificate.
NotAfterTime This property is required. string
The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
NotBeforeTime This property is required. string
The time at which the certificate becomes valid.
Subject This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectResponse
Contains distinguished name fields such as the common name, location and / organization.
SubjectAltName This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNamesResponse
The subject alternative name fields.
HexSerialNumber This property is required. string
The serial number encoded in lowercase hexadecimal.
Lifetime This property is required. string
For convenience, the actual lifetime of an issued certificate.
NotAfterTime This property is required. string
The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
NotBeforeTime This property is required. string
The time at which the certificate becomes valid.
Subject This property is required. SubjectResponse
Contains distinguished name fields such as the common name, location and / organization.
SubjectAltName This property is required. SubjectAltNamesResponse
The subject alternative name fields.
hexSerialNumber This property is required. String
The serial number encoded in lowercase hexadecimal.
lifetime This property is required. String
For convenience, the actual lifetime of an issued certificate.
notAfterTime This property is required. String
The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
notBeforeTime This property is required. String
The time at which the certificate becomes valid.
subject This property is required. SubjectResponse
Contains distinguished name fields such as the common name, location and / organization.
subjectAltName This property is required. SubjectAltNamesResponse
The subject alternative name fields.
hexSerialNumber This property is required. string
The serial number encoded in lowercase hexadecimal.
lifetime This property is required. string
For convenience, the actual lifetime of an issued certificate.
notAfterTime This property is required. string
The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
notBeforeTime This property is required. string
The time at which the certificate becomes valid.
subject This property is required. SubjectResponse
Contains distinguished name fields such as the common name, location and / organization.
subjectAltName This property is required. SubjectAltNamesResponse
The subject alternative name fields.
hex_serial_number This property is required. str
The serial number encoded in lowercase hexadecimal.
lifetime This property is required. str
For convenience, the actual lifetime of an issued certificate.
not_after_time This property is required. str
The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
not_before_time This property is required. str
The time at which the certificate becomes valid.
subject This property is required. SubjectResponse
Contains distinguished name fields such as the common name, location and / organization.
subject_alt_name This property is required. SubjectAltNamesResponse
The subject alternative name fields.
hexSerialNumber This property is required. String
The serial number encoded in lowercase hexadecimal.
lifetime This property is required. String
For convenience, the actual lifetime of an issued certificate.
notAfterTime This property is required. String
The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
notBeforeTime This property is required. String
The time at which the certificate becomes valid.
subject This property is required. Property Map
Contains distinguished name fields such as the common name, location and / organization.
subjectAltName This property is required. Property Map
The subject alternative name fields.

SubjectResponse

CommonName This property is required. string
The "common name" of the subject.
CountryCode This property is required. string
The country code of the subject.
Locality This property is required. string
The locality or city of the subject.
Organization This property is required. string
The organization of the subject.
OrganizationalUnit This property is required. string
The organizational_unit of the subject.
PostalCode This property is required. string
The postal code of the subject.
Province This property is required. string
The province, territory, or regional state of the subject.
StreetAddress This property is required. string
The street address of the subject.
CommonName This property is required. string
The "common name" of the subject.
CountryCode This property is required. string
The country code of the subject.
Locality This property is required. string
The locality or city of the subject.
Organization This property is required. string
The organization of the subject.
OrganizationalUnit This property is required. string
The organizational_unit of the subject.
PostalCode This property is required. string
The postal code of the subject.
Province This property is required. string
The province, territory, or regional state of the subject.
StreetAddress This property is required. string
The street address of the subject.
commonName This property is required. String
The "common name" of the subject.
countryCode This property is required. String
The country code of the subject.
locality This property is required. String
The locality or city of the subject.
organization This property is required. String
The organization of the subject.
organizationalUnit This property is required. String
The organizational_unit of the subject.
postalCode This property is required. String
The postal code of the subject.
province This property is required. String
The province, territory, or regional state of the subject.
streetAddress This property is required. String
The street address of the subject.
commonName This property is required. string
The "common name" of the subject.
countryCode This property is required. string
The country code of the subject.
locality This property is required. string
The locality or city of the subject.
organization This property is required. string
The organization of the subject.
organizationalUnit This property is required. string
The organizational_unit of the subject.
postalCode This property is required. string
The postal code of the subject.
province This property is required. string
The province, territory, or regional state of the subject.
streetAddress This property is required. string
The street address of the subject.
common_name This property is required. str
The "common name" of the subject.
country_code This property is required. str
The country code of the subject.
locality This property is required. str
The locality or city of the subject.
organization This property is required. str
The organization of the subject.
organizational_unit This property is required. str
The organizational_unit of the subject.
postal_code This property is required. str
The postal code of the subject.
province This property is required. str
The province, territory, or regional state of the subject.
street_address This property is required. str
The street address of the subject.
commonName This property is required. String
The "common name" of the subject.
countryCode This property is required. String
The country code of the subject.
locality This property is required. String
The locality or city of the subject.
organization This property is required. String
The organization of the subject.
organizationalUnit This property is required. String
The organizational_unit of the subject.
postalCode This property is required. String
The postal code of the subject.
province This property is required. String
The province, territory, or regional state of the subject.
streetAddress This property is required. String
The street address of the subject.

SubordinateConfigChainResponse

PemCertificates This property is required. List<string>
Expected to be in leaf-to-root order according to RFC 5246.
PemCertificates This property is required. []string
Expected to be in leaf-to-root order according to RFC 5246.
pemCertificates This property is required. List<String>
Expected to be in leaf-to-root order according to RFC 5246.
pemCertificates This property is required. string[]
Expected to be in leaf-to-root order according to RFC 5246.
pem_certificates This property is required. Sequence[str]
Expected to be in leaf-to-root order according to RFC 5246.
pemCertificates This property is required. List<String>
Expected to be in leaf-to-root order according to RFC 5246.

SubordinateConfigResponse

CertificateAuthority This property is required. string
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
PemIssuerChain This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.SubordinateConfigChainResponse
Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
CertificateAuthority This property is required. string
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
PemIssuerChain This property is required. SubordinateConfigChainResponse
Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
certificateAuthority This property is required. String
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
pemIssuerChain This property is required. SubordinateConfigChainResponse
Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
certificateAuthority This property is required. string
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
pemIssuerChain This property is required. SubordinateConfigChainResponse
Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
certificate_authority This property is required. str
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
pem_issuer_chain This property is required. SubordinateConfigChainResponse
Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
certificateAuthority This property is required. String
This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
pemIssuerChain This property is required. Property Map
Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

X509ExtensionResponse

Critical This property is required. bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse
The OID for this X.509 extension.
Value This property is required. string
The value of this X.509 extension.
Critical This property is required. bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId This property is required. ObjectIdResponse
The OID for this X.509 extension.
Value This property is required. string
The value of this X.509 extension.
critical This property is required. Boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId This property is required. ObjectIdResponse
The OID for this X.509 extension.
value This property is required. String
The value of this X.509 extension.
critical This property is required. boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId This property is required. ObjectIdResponse
The OID for this X.509 extension.
value This property is required. string
The value of this X.509 extension.
critical This property is required. bool
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
object_id This property is required. ObjectIdResponse
The OID for this X.509 extension.
value This property is required. str
The value of this X.509 extension.
critical This property is required. Boolean
Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId This property is required. Property Map
The OID for this X.509 extension.
value This property is required. String
The value of this X.509 extension.

X509ParametersResponse

AdditionalExtensions This property is required. List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>
Optional. Describes custom X.509 extensions.
AiaOcspServers This property is required. List<string>
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
NameConstraints This property is required. Pulumi.GoogleNative.Privateca.V1.Inputs.NameConstraintsResponse
Optional. Describes the X.509 name constraints extension.
PolicyIds This property is required. List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
AdditionalExtensions This property is required. []X509ExtensionResponse
Optional. Describes custom X.509 extensions.
AiaOcspServers This property is required. []string
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions This property is required. CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage This property is required. KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
NameConstraints This property is required. NameConstraintsResponse
Optional. Describes the X.509 name constraints extension.
PolicyIds This property is required. []ObjectIdResponse
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additionalExtensions This property is required. List<X509ExtensionResponse>
Optional. Describes custom X.509 extensions.
aiaOcspServers This property is required. List<String>
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions This property is required. CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage This property is required. KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints This property is required. NameConstraintsResponse
Optional. Describes the X.509 name constraints extension.
policyIds This property is required. List<ObjectIdResponse>
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additionalExtensions This property is required. X509ExtensionResponse[]
Optional. Describes custom X.509 extensions.
aiaOcspServers This property is required. string[]
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions This property is required. CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage This property is required. KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints This property is required. NameConstraintsResponse
Optional. Describes the X.509 name constraints extension.
policyIds This property is required. ObjectIdResponse[]
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additional_extensions This property is required. Sequence[X509ExtensionResponse]
Optional. Describes custom X.509 extensions.
aia_ocsp_servers This property is required. Sequence[str]
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
ca_options This property is required. CaOptionsResponse
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
key_usage This property is required. KeyUsageResponse
Optional. Indicates the intended use for keys that correspond to a certificate.
name_constraints This property is required. NameConstraintsResponse
Optional. Describes the X.509 name constraints extension.
policy_ids This property is required. Sequence[ObjectIdResponse]
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
additionalExtensions This property is required. List<Property Map>
Optional. Describes custom X.509 extensions.
aiaOcspServers This property is required. List<String>
Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions This property is required. Property Map
Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage This property is required. Property Map
Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints This property is required. Property Map
Optional. Describes the X.509 name constraints extension.
policyIds This property is required. List<Property Map>
Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

Package Details

Repository
Google Cloud Native pulumi/pulumi-google-native
License
Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi