Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
google-native.privateca/v1.getCertificateAuthority
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
Returns a CertificateAuthority.
Using getCertificateAuthority
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCertificateAuthority(args: GetCertificateAuthorityArgs, opts?: InvokeOptions): Promise<GetCertificateAuthorityResult>
function getCertificateAuthorityOutput(args: GetCertificateAuthorityOutputArgs, opts?: InvokeOptions): Output<GetCertificateAuthorityResult>
def get_certificate_authority(ca_pool_id: Optional[str] = None,
certificate_authority_id: Optional[str] = None,
location: Optional[str] = None,
project: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetCertificateAuthorityResult
def get_certificate_authority_output(ca_pool_id: Optional[pulumi.Input[str]] = None,
certificate_authority_id: Optional[pulumi.Input[str]] = None,
location: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCertificateAuthorityResult]
func LookupCertificateAuthority(ctx *Context, args *LookupCertificateAuthorityArgs, opts ...InvokeOption) (*LookupCertificateAuthorityResult, error)
func LookupCertificateAuthorityOutput(ctx *Context, args *LookupCertificateAuthorityOutputArgs, opts ...InvokeOption) LookupCertificateAuthorityResultOutput
> Note: This function is named LookupCertificateAuthority
in the Go SDK.
public static class GetCertificateAuthority
{
public static Task<GetCertificateAuthorityResult> InvokeAsync(GetCertificateAuthorityArgs args, InvokeOptions? opts = null)
public static Output<GetCertificateAuthorityResult> Invoke(GetCertificateAuthorityInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetCertificateAuthorityResult> getCertificateAuthority(GetCertificateAuthorityArgs args, InvokeOptions options)
public static Output<GetCertificateAuthorityResult> getCertificateAuthority(GetCertificateAuthorityArgs args, InvokeOptions options)
fn::invoke:
function: google-native:privateca/v1:getCertificateAuthority
arguments:
# arguments dictionary
The following arguments are supported:
- ca_
pool_ id This property is required. str This property is required. str- location
This property is required. str - project str
getCertificateAuthority Result
The following output properties are available:
- Access
Urls Pulumi.Google Native. Privateca. V1. Outputs. Access Urls Response - URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- Ca
Certificate List<Pulumi.Descriptions Google Native. Privateca. V1. Outputs. Certificate Description Response> - A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- Config
Pulumi.
Google Native. Privateca. V1. Outputs. Certificate Config Response - Immutable. The config used to create a self-signed X.509 certificate or CSR.
- Create
Time string - The time at which this CertificateAuthority was created.
- Delete
Time string - The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- Expire
Time string - The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- Gcs
Bucket string - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created. - Key
Spec Pulumi.Google Native. Privateca. V1. Outputs. Key Version Spec Response - Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- Labels Dictionary<string, string>
- Optional. Labels with user-defined metadata.
- Lifetime string
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- Name string
- The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - Pem
Ca List<string>Certificates - This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- State string
- The State for this CertificateAuthority.
- Subordinate
Config Pulumi.Google Native. Privateca. V1. Outputs. Subordinate Config Response - Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- Tier string
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- Type string
- Immutable. The Type of this CertificateAuthority.
- Update
Time string - The time at which this CertificateAuthority was last updated.
- Access
Urls AccessUrls Response - URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- Ca
Certificate []CertificateDescriptions Description Response - A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- Config
Certificate
Config Response - Immutable. The config used to create a self-signed X.509 certificate or CSR.
- Create
Time string - The time at which this CertificateAuthority was created.
- Delete
Time string - The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- Expire
Time string - The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- Gcs
Bucket string - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created. - Key
Spec KeyVersion Spec Response - Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- Labels map[string]string
- Optional. Labels with user-defined metadata.
- Lifetime string
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- Name string
- The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - Pem
Ca []stringCertificates - This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- State string
- The State for this CertificateAuthority.
- Subordinate
Config SubordinateConfig Response - Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- Tier string
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- Type string
- Immutable. The Type of this CertificateAuthority.
- Update
Time string - The time at which this CertificateAuthority was last updated.
- access
Urls AccessUrls Response - URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- ca
Certificate List<CertificateDescriptions Description Response> - A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- config
Certificate
Config Response - Immutable. The config used to create a self-signed X.509 certificate or CSR.
- create
Time String - The time at which this CertificateAuthority was created.
- delete
Time String - The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expire
Time String - The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- gcs
Bucket String - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created. - key
Spec KeyVersion Spec Response - Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- labels Map<String,String>
- Optional. Labels with user-defined metadata.
- lifetime String
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- name String
- The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - pem
Ca List<String>Certificates - This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state String
- The State for this CertificateAuthority.
- subordinate
Config SubordinateConfig Response - Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- tier String
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- type String
- Immutable. The Type of this CertificateAuthority.
- update
Time String - The time at which this CertificateAuthority was last updated.
- access
Urls AccessUrls Response - URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- ca
Certificate CertificateDescriptions Description Response[] - A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- config
Certificate
Config Response - Immutable. The config used to create a self-signed X.509 certificate or CSR.
- create
Time string - The time at which this CertificateAuthority was created.
- delete
Time string - The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expire
Time string - The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- gcs
Bucket string - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created. - key
Spec KeyVersion Spec Response - Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- labels {[key: string]: string}
- Optional. Labels with user-defined metadata.
- lifetime string
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- name string
- The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - pem
Ca string[]Certificates - This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state string
- The State for this CertificateAuthority.
- subordinate
Config SubordinateConfig Response - Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- tier string
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- type string
- Immutable. The Type of this CertificateAuthority.
- update
Time string - The time at which this CertificateAuthority was last updated.
- access_
urls AccessUrls Response - URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- ca_
certificate_ Sequence[Certificatedescriptions Description Response] - A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- config
Certificate
Config Response - Immutable. The config used to create a self-signed X.509 certificate or CSR.
- create_
time str - The time at which this CertificateAuthority was created.
- delete_
time str - The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expire_
time str - The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- gcs_
bucket str - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created. - key_
spec KeyVersion Spec Response - Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- labels Mapping[str, str]
- Optional. Labels with user-defined metadata.
- lifetime str
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- name str
- The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - pem_
ca_ Sequence[str]certificates - This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state str
- The State for this CertificateAuthority.
- subordinate_
config SubordinateConfig Response - Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- tier str
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- type str
- Immutable. The Type of this CertificateAuthority.
- update_
time str - The time at which this CertificateAuthority was last updated.
- access
Urls Property Map - URLs for accessing content published by this CA, such as the CA certificate and CRLs.
- ca
Certificate List<Property Map>Descriptions - A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
- config Property Map
- Immutable. The config used to create a self-signed X.509 certificate or CSR.
- create
Time String - The time at which this CertificateAuthority was created.
- delete
Time String - The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
- expire
Time String - The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
- gcs
Bucket String - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as
gs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created. - key
Spec Property Map - Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
- labels Map<String>
- Optional. Labels with user-defined metadata.
- lifetime String
- Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
- name String
- The resource name for this CertificateAuthority in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - pem
Ca List<String>Certificates - This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
- state String
- The State for this CertificateAuthority.
- subordinate
Config Property Map - Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
- tier String
- The CaPool.Tier of the CaPool that includes this CertificateAuthority.
- type String
- Immutable. The Type of this CertificateAuthority.
- update
Time String - The time at which this CertificateAuthority was last updated.
Supporting Types
AccessUrlsResponse
- Ca
Certificate Access Url This property is required. string - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- Crl
Access Urls This property is required. List<string> - The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- Ca
Certificate Access Url This property is required. string - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- Crl
Access Urls This property is required. []string - The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca
Certificate Access Url This property is required. String - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl
Access Urls This property is required. List<String> - The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca
Certificate Access Url This property is required. string - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl
Access Urls This property is required. string[] - The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca_
certificate_ access_ url This property is required. str - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl_
access_ urls This property is required. Sequence[str] - The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- ca
Certificate Access Url This property is required. String - The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
- crl
Access Urls This property is required. List<String> - The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
CaOptionsResponse
- Is
Ca This property is required. bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer Path Length This property is required. int - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- Is
Ca This property is required. bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- Max
Issuer Path Length This property is required. int - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca This property is required. Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer Path Length This property is required. Integer - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca This property is required. boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer Path Length This property is required. number - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is_
ca This property is required. bool - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max_
issuer_ path_ length This property is required. int - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- is
Ca This property is required. Boolean - Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
- max
Issuer Path Length This property is required. Number - Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
CertificateConfigResponse
- Public
Key This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Public Key Response - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- Subject
Config This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Subject Config Response - Specifies some of the values in a certificate that are related to the subject.
- X509Config
This property is required. Pulumi.Google Native. Privateca. V1. Inputs. X509Parameters Response - Describes how some of the technical X.509 fields in a certificate should be populated.
- Public
Key This property is required. PublicKey Response - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- Subject
Config This property is required. SubjectConfig Response - Specifies some of the values in a certificate that are related to the subject.
- X509Config
This property is required. X509ParametersResponse - Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key This property is required. PublicKey Response - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config This property is required. SubjectConfig Response - Specifies some of the values in a certificate that are related to the subject.
- x509Config
This property is required. X509ParametersResponse - Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key This property is required. PublicKey Response - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config This property is required. SubjectConfig Response - Specifies some of the values in a certificate that are related to the subject.
- x509Config
This property is required. X509ParametersResponse - Describes how some of the technical X.509 fields in a certificate should be populated.
- public_
key This property is required. PublicKey Response - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject_
config This property is required. SubjectConfig Response - Specifies some of the values in a certificate that are related to the subject.
- x509_
config This property is required. X509ParametersResponse - Describes how some of the technical X.509 fields in a certificate should be populated.
- public
Key This property is required. Property Map - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
- subject
Config This property is required. Property Map - Specifies some of the values in a certificate that are related to the subject.
- x509Config
This property is required. Property Map - Describes how some of the technical X.509 fields in a certificate should be populated.
CertificateDescriptionResponse
- Aia
Issuing Certificate Urls This property is required. List<string> - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Key Id Response - Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- Cert
Fingerprint This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Certificate Fingerprint Response - The hash of the x.509 certificate.
- Crl
Distribution Points This property is required. List<string> - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- Public
Key This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Public Key Response - The public key that corresponds to an issued certificate.
- Subject
Description This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Subject Description Response - Describes some of the values in a certificate that are related to the subject and lifetime.
- Subject
Key Id This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Key Id Response - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- X509Description
This property is required. Pulumi.Google Native. Privateca. V1. Inputs. X509Parameters Response - Describes some of the technical X.509 fields in a certificate.
- Aia
Issuing Certificate Urls This property is required. []string - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
This property is required. KeyId Response - Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- Cert
Fingerprint This property is required. CertificateFingerprint Response - The hash of the x.509 certificate.
- Crl
Distribution Points This property is required. []string - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- Public
Key This property is required. PublicKey Response - The public key that corresponds to an issued certificate.
- Subject
Description This property is required. SubjectDescription Response - Describes some of the values in a certificate that are related to the subject and lifetime.
- Subject
Key Id This property is required. KeyId Response - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- X509Description
This property is required. X509ParametersResponse - Describes some of the technical X.509 fields in a certificate.
- aia
Issuing Certificate Urls This property is required. List<String> - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
This property is required. KeyId Response - Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert
Fingerprint This property is required. CertificateFingerprint Response - The hash of the x.509 certificate.
- crl
Distribution Points This property is required. List<String> - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public
Key This property is required. PublicKey Response - The public key that corresponds to an issued certificate.
- subject
Description This property is required. SubjectDescription Response - Describes some of the values in a certificate that are related to the subject and lifetime.
- subject
Key Id This property is required. KeyId Response - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description
This property is required. X509ParametersResponse - Describes some of the technical X.509 fields in a certificate.
- aia
Issuing Certificate Urls This property is required. string[] - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
This property is required. KeyId Response - Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert
Fingerprint This property is required. CertificateFingerprint Response - The hash of the x.509 certificate.
- crl
Distribution Points This property is required. string[] - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public
Key This property is required. PublicKey Response - The public key that corresponds to an issued certificate.
- subject
Description This property is required. SubjectDescription Response - Describes some of the values in a certificate that are related to the subject and lifetime.
- subject
Key Id This property is required. KeyId Response - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description
This property is required. X509ParametersResponse - Describes some of the technical X.509 fields in a certificate.
- aia_
issuing_ certificate_ urls This property is required. Sequence[str] - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
This property is required. KeyId Response - Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert_
fingerprint This property is required. CertificateFingerprint Response - The hash of the x.509 certificate.
- crl_
distribution_ points This property is required. Sequence[str] - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public_
key This property is required. PublicKey Response - The public key that corresponds to an issued certificate.
- subject_
description This property is required. SubjectDescription Response - Describes some of the values in a certificate that are related to the subject and lifetime.
- subject_
key_ id This property is required. KeyId Response - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509_
description This property is required. X509ParametersResponse - Describes some of the technical X.509 fields in a certificate.
- aia
Issuing Certificate Urls This property is required. List<String> - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
This property is required. Property Map- Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- cert
Fingerprint This property is required. Property Map - The hash of the x.509 certificate.
- crl
Distribution Points This property is required. List<String> - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
- public
Key This property is required. Property Map - The public key that corresponds to an issued certificate.
- subject
Description This property is required. Property Map - Describes some of the values in a certificate that are related to the subject and lifetime.
- subject
Key Id This property is required. Property Map - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
- x509Description
This property is required. Property Map - Describes some of the technical X.509 fields in a certificate.
CertificateFingerprintResponse
- Sha256Hash
This property is required. string - The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- Sha256Hash
This property is required. string - The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash
This property is required. String - The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash
This property is required. string - The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256_
hash This property is required. str - The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash
This property is required. String - The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
ExtendedKeyUsageOptionsResponse
- Client
Auth This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth This property is required. boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing This property is required. boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection This property is required. boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing This property is required. boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth This property is required. boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping This property is required. boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping This property is required. bool - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping This property is required. Boolean - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
KeyIdResponse
- Key
Id This property is required. string - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- Key
Id This property is required. string - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key
Id This property is required. String - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key
Id This property is required. string - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key_
id This property is required. str - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- key
Id This property is required. String - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
KeyUsageOptionsResponse
- Cert
Sign This property is required. bool - The key may be used to sign certificates.
- Content
Commitment This property is required. bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign This property is required. bool - The key may be used sign certificate revocation lists.
- Data
Encipherment This property is required. bool - The key may be used to encipher data.
- Decipher
Only This property is required. bool - The key may be used to decipher only.
- Digital
Signature This property is required. bool - The key may be used for digital signatures.
- Encipher
Only This property is required. bool - The key may be used to encipher only.
- Key
Agreement This property is required. bool - The key may be used in a key agreement protocol.
- Key
Encipherment This property is required. bool - The key may be used to encipher other keys.
- Cert
Sign This property is required. bool - The key may be used to sign certificates.
- Content
Commitment This property is required. bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign This property is required. bool - The key may be used sign certificate revocation lists.
- Data
Encipherment This property is required. bool - The key may be used to encipher data.
- Decipher
Only This property is required. bool - The key may be used to decipher only.
- Digital
Signature This property is required. bool - The key may be used for digital signatures.
- Encipher
Only This property is required. bool - The key may be used to encipher only.
- Key
Agreement This property is required. bool - The key may be used in a key agreement protocol.
- Key
Encipherment This property is required. bool - The key may be used to encipher other keys.
- cert
Sign This property is required. Boolean - The key may be used to sign certificates.
- content
Commitment This property is required. Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign This property is required. Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment This property is required. Boolean - The key may be used to encipher data.
- decipher
Only This property is required. Boolean - The key may be used to decipher only.
- digital
Signature This property is required. Boolean - The key may be used for digital signatures.
- encipher
Only This property is required. Boolean - The key may be used to encipher only.
- key
Agreement This property is required. Boolean - The key may be used in a key agreement protocol.
- key
Encipherment This property is required. Boolean - The key may be used to encipher other keys.
- cert
Sign This property is required. boolean - The key may be used to sign certificates.
- content
Commitment This property is required. boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign This property is required. boolean - The key may be used sign certificate revocation lists.
- data
Encipherment This property is required. boolean - The key may be used to encipher data.
- decipher
Only This property is required. boolean - The key may be used to decipher only.
- digital
Signature This property is required. boolean - The key may be used for digital signatures.
- encipher
Only This property is required. boolean - The key may be used to encipher only.
- key
Agreement This property is required. boolean - The key may be used in a key agreement protocol.
- key
Encipherment This property is required. boolean - The key may be used to encipher other keys.
- cert_
sign This property is required. bool - The key may be used to sign certificates.
- content_
commitment This property is required. bool - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign This property is required. bool - The key may be used sign certificate revocation lists.
- data_
encipherment This property is required. bool - The key may be used to encipher data.
- decipher_
only This property is required. bool - The key may be used to decipher only.
- digital_
signature This property is required. bool - The key may be used for digital signatures.
- encipher_
only This property is required. bool - The key may be used to encipher only.
- key_
agreement This property is required. bool - The key may be used in a key agreement protocol.
- key_
encipherment This property is required. bool - The key may be used to encipher other keys.
- cert
Sign This property is required. Boolean - The key may be used to sign certificates.
- content
Commitment This property is required. Boolean - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign This property is required. Boolean - The key may be used sign certificate revocation lists.
- data
Encipherment This property is required. Boolean - The key may be used to encipher data.
- decipher
Only This property is required. Boolean - The key may be used to decipher only.
- digital
Signature This property is required. Boolean - The key may be used for digital signatures.
- encipher
Only This property is required. Boolean - The key may be used to encipher only.
- key
Agreement This property is required. Boolean - The key may be used in a key agreement protocol.
- key
Encipherment This property is required. Boolean - The key may be used to encipher other keys.
KeyUsageResponse
- Base
Key Usage This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Key Usage Options Response - Describes high-level ways in which a key may be used.
- Extended
Key Usage This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Extended Key Usage Options Response - Detailed scenarios in which a key may be used.
- Unknown
Extended Key Usages This property is required. List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- Base
Key Usage This property is required. KeyUsage Options Response - Describes high-level ways in which a key may be used.
- Extended
Key Usage This property is required. ExtendedKey Usage Options Response - Detailed scenarios in which a key may be used.
- Unknown
Extended Key Usages This property is required. []ObjectId Response - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Usage This property is required. KeyUsage Options Response - Describes high-level ways in which a key may be used.
- extended
Key Usage This property is required. ExtendedKey Usage Options Response - Detailed scenarios in which a key may be used.
- unknown
Extended Key Usages This property is required. List<ObjectId Response> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Usage This property is required. KeyUsage Options Response - Describes high-level ways in which a key may be used.
- extended
Key Usage This property is required. ExtendedKey Usage Options Response - Detailed scenarios in which a key may be used.
- unknown
Extended Key Usages This property is required. ObjectId Response[] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base_
key_ usage This property is required. KeyUsage Options Response - Describes high-level ways in which a key may be used.
- extended_
key_ usage This property is required. ExtendedKey Usage Options Response - Detailed scenarios in which a key may be used.
- unknown_
extended_ key_ usages This property is required. Sequence[ObjectId Response] - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
- base
Key Usage This property is required. Property Map - Describes high-level ways in which a key may be used.
- extended
Key Usage This property is required. Property Map - Detailed scenarios in which a key may be used.
- unknown
Extended Key Usages This property is required. List<Property Map> - Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
KeyVersionSpecResponse
- Algorithm
This property is required. string - The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
. - Cloud
Kms Key Version This property is required. string - The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- Algorithm
This property is required. string - The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
. - Cloud
Kms Key Version This property is required. string - The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm
This property is required. String - The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
. - cloud
Kms Key Version This property is required. String - The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm
This property is required. string - The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
. - cloud
Kms Key Version This property is required. string - The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm
This property is required. str - The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
. - cloud_
kms_ key_ version This property is required. str - The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
- algorithm
This property is required. String - The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as
HSM
. - cloud
Kms Key Version This property is required. String - The resource name for an existing Cloud KMS CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. This option enables full flexibility in the key's capabilities and properties.
NameConstraintsResponse
- Critical
This property is required. bool - Indicates whether or not the name constraints are marked critical.
- Excluded
Dns Names This property is required. List<string> - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email Addresses This property is required. List<string> - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip Ranges This property is required. List<string> - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris This property is required. List<string> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns Names This property is required. List<string> - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email Addresses This property is required. List<string> - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip Ranges This property is required. List<string> - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris This property is required. List<string> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- Critical
This property is required. bool - Indicates whether or not the name constraints are marked critical.
- Excluded
Dns Names This property is required. []string - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Excluded
Email Addresses This property is required. []string - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Excluded
Ip Ranges This property is required. []string - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Excluded
Uris This property is required. []string - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - Permitted
Dns Names This property is required. []string - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - Permitted
Email Addresses This property is required. []string - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - Permitted
Ip Ranges This property is required. []string - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- Permitted
Uris This property is required. []string - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical
This property is required. Boolean - Indicates whether or not the name constraints are marked critical.
- excluded
Dns Names This property is required. List<String> - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email Addresses This property is required. List<String> - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip Ranges This property is required. List<String> - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris This property is required. List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns Names This property is required. List<String> - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email Addresses This property is required. List<String> - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip Ranges This property is required. List<String> - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris This property is required. List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical
This property is required. boolean - Indicates whether or not the name constraints are marked critical.
- excluded
Dns Names This property is required. string[] - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email Addresses This property is required. string[] - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip Ranges This property is required. string[] - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris This property is required. string[] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns Names This property is required. string[] - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email Addresses This property is required. string[] - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip Ranges This property is required. string[] - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris This property is required. string[] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical
This property is required. bool - Indicates whether or not the name constraints are marked critical.
- excluded_
dns_ names This property is required. Sequence[str] - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded_
email_ addresses This property is required. Sequence[str] - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded_
ip_ ranges This property is required. Sequence[str] - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded_
uris This property is required. Sequence[str] - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted_
dns_ names This property is required. Sequence[str] - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted_
email_ addresses This property is required. Sequence[str] - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted_
ip_ ranges This property is required. Sequence[str] - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted_
uris This property is required. Sequence[str] - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
- critical
This property is required. Boolean - Indicates whether or not the name constraints are marked critical.
- excluded
Dns Names This property is required. List<String> - Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - excluded
Email Addresses This property is required. List<String> - Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - excluded
Ip Ranges This property is required. List<String> - Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- excluded
Uris This property is required. List<String> - Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
) - permitted
Dns Names This property is required. List<String> - Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example,
example.com
,www.example.com
,www.sub.example.com
would satisfyexample.com
whileexample1.com
does not. - permitted
Email Addresses This property is required. List<String> - Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g.
.example.com
) to indicate all email addresses in that domain. - permitted
Ip Ranges This property is required. List<String> - Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
- permitted
Uris This property is required. List<String> - Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like
.example.com
)
ObjectIdResponse
- Object
Id Path This property is required. List<int> - The parts of an OID path. The most significant parts of the path come first.
- Object
Id Path This property is required. []int - The parts of an OID path. The most significant parts of the path come first.
- object
Id Path This property is required. List<Integer> - The parts of an OID path. The most significant parts of the path come first.
- object
Id Path This property is required. number[] - The parts of an OID path. The most significant parts of the path come first.
- object_
id_ path This property is required. Sequence[int] - The parts of an OID path. The most significant parts of the path come first.
- object
Id Path This property is required. List<Number> - The parts of an OID path. The most significant parts of the path come first.
PublicKeyResponse
SubjectAltNamesResponse
- Custom
Sans This property is required. List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - Dns
Names This property is required. List<string> - Contains only valid, fully-qualified host names.
- Email
Addresses This property is required. List<string> - Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses This property is required. List<string> - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris
This property is required. List<string> - Contains only valid RFC 3986 URIs.
- Custom
Sans This property is required. []X509ExtensionResponse - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - Dns
Names This property is required. []string - Contains only valid, fully-qualified host names.
- Email
Addresses This property is required. []string - Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses This property is required. []string - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris
This property is required. []string - Contains only valid RFC 3986 URIs.
- custom
Sans This property is required. List<X509ExtensionResponse> - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - dns
Names This property is required. List<String> - Contains only valid, fully-qualified host names.
- email
Addresses This property is required. List<String> - Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses This property is required. List<String> - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris
This property is required. List<String> - Contains only valid RFC 3986 URIs.
- custom
Sans This property is required. X509ExtensionResponse[] - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - dns
Names This property is required. string[] - Contains only valid, fully-qualified host names.
- email
Addresses This property is required. string[] - Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses This property is required. string[] - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris
This property is required. string[] - Contains only valid RFC 3986 URIs.
- custom_
sans This property is required. Sequence[X509ExtensionResponse] - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - dns_
names This property is required. Sequence[str] - Contains only valid, fully-qualified host names.
- email_
addresses This property is required. Sequence[str] - Contains only valid RFC 2822 E-mail addresses.
- ip_
addresses This property is required. Sequence[str] - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris
This property is required. Sequence[str] - Contains only valid RFC 3986 URIs.
- custom
Sans This property is required. List<Property Map> - Contains additional subject alternative name values. For each custom_san, the
value
field must contain an ASN.1 encoded UTF8String. - dns
Names This property is required. List<String> - Contains only valid, fully-qualified host names.
- email
Addresses This property is required. List<String> - Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses This property is required. List<String> - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris
This property is required. List<String> - Contains only valid RFC 3986 URIs.
SubjectConfigResponse
- Subject
This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Subject Response - Optional. Contains distinguished name fields such as the common name, location and organization.
- Subject
Alt Name This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Subject Alt Names Response - Optional. The subject alternative name fields.
- Subject
This property is required. SubjectResponse - Optional. Contains distinguished name fields such as the common name, location and organization.
- Subject
Alt Name This property is required. SubjectAlt Names Response - Optional. The subject alternative name fields.
- subject
This property is required. SubjectResponse - Optional. Contains distinguished name fields such as the common name, location and organization.
- subject
Alt Name This property is required. SubjectAlt Names Response - Optional. The subject alternative name fields.
- subject
This property is required. SubjectResponse - Optional. Contains distinguished name fields such as the common name, location and organization.
- subject
Alt Name This property is required. SubjectAlt Names Response - Optional. The subject alternative name fields.
- subject
This property is required. SubjectResponse - Optional. Contains distinguished name fields such as the common name, location and organization.
- subject_
alt_ name This property is required. SubjectAlt Names Response - Optional. The subject alternative name fields.
- subject
This property is required. Property Map - Optional. Contains distinguished name fields such as the common name, location and organization.
- subject
Alt Name This property is required. Property Map - Optional. The subject alternative name fields.
SubjectDescriptionResponse
- Hex
Serial Number This property is required. string - The serial number encoded in lowercase hexadecimal.
- Lifetime
This property is required. string - For convenience, the actual lifetime of an issued certificate.
- Not
After Time This property is required. string - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- Not
Before Time This property is required. string - The time at which the certificate becomes valid.
- Subject
This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Subject Response - Contains distinguished name fields such as the common name, location and / organization.
- Subject
Alt Name This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Subject Alt Names Response - The subject alternative name fields.
- Hex
Serial Number This property is required. string - The serial number encoded in lowercase hexadecimal.
- Lifetime
This property is required. string - For convenience, the actual lifetime of an issued certificate.
- Not
After Time This property is required. string - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- Not
Before Time This property is required. string - The time at which the certificate becomes valid.
- Subject
This property is required. SubjectResponse - Contains distinguished name fields such as the common name, location and / organization.
- Subject
Alt Name This property is required. SubjectAlt Names Response - The subject alternative name fields.
- hex
Serial Number This property is required. String - The serial number encoded in lowercase hexadecimal.
- lifetime
This property is required. String - For convenience, the actual lifetime of an issued certificate.
- not
After Time This property is required. String - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not
Before Time This property is required. String - The time at which the certificate becomes valid.
- subject
This property is required. SubjectResponse - Contains distinguished name fields such as the common name, location and / organization.
- subject
Alt Name This property is required. SubjectAlt Names Response - The subject alternative name fields.
- hex
Serial Number This property is required. string - The serial number encoded in lowercase hexadecimal.
- lifetime
This property is required. string - For convenience, the actual lifetime of an issued certificate.
- not
After Time This property is required. string - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not
Before Time This property is required. string - The time at which the certificate becomes valid.
- subject
This property is required. SubjectResponse - Contains distinguished name fields such as the common name, location and / organization.
- subject
Alt Name This property is required. SubjectAlt Names Response - The subject alternative name fields.
- hex_
serial_ number This property is required. str - The serial number encoded in lowercase hexadecimal.
- lifetime
This property is required. str - For convenience, the actual lifetime of an issued certificate.
- not_
after_ time This property is required. str - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not_
before_ time This property is required. str - The time at which the certificate becomes valid.
- subject
This property is required. SubjectResponse - Contains distinguished name fields such as the common name, location and / organization.
- subject_
alt_ name This property is required. SubjectAlt Names Response - The subject alternative name fields.
- hex
Serial Number This property is required. String - The serial number encoded in lowercase hexadecimal.
- lifetime
This property is required. String - For convenience, the actual lifetime of an issued certificate.
- not
After Time This property is required. String - The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
- not
Before Time This property is required. String - The time at which the certificate becomes valid.
- subject
This property is required. Property Map - Contains distinguished name fields such as the common name, location and / organization.
- subject
Alt Name This property is required. Property Map - The subject alternative name fields.
SubjectResponse
- Common
Name This property is required. string - The "common name" of the subject.
- Country
Code This property is required. string - The country code of the subject.
- Locality
This property is required. string - The locality or city of the subject.
- Organization
This property is required. string - The organization of the subject.
- Organizational
Unit This property is required. string - The organizational_unit of the subject.
- Postal
Code This property is required. string - The postal code of the subject.
- Province
This property is required. string - The province, territory, or regional state of the subject.
- Street
Address This property is required. string - The street address of the subject.
- Common
Name This property is required. string - The "common name" of the subject.
- Country
Code This property is required. string - The country code of the subject.
- Locality
This property is required. string - The locality or city of the subject.
- Organization
This property is required. string - The organization of the subject.
- Organizational
Unit This property is required. string - The organizational_unit of the subject.
- Postal
Code This property is required. string - The postal code of the subject.
- Province
This property is required. string - The province, territory, or regional state of the subject.
- Street
Address This property is required. string - The street address of the subject.
- common
Name This property is required. String - The "common name" of the subject.
- country
Code This property is required. String - The country code of the subject.
- locality
This property is required. String - The locality or city of the subject.
- organization
This property is required. String - The organization of the subject.
- organizational
Unit This property is required. String - The organizational_unit of the subject.
- postal
Code This property is required. String - The postal code of the subject.
- province
This property is required. String - The province, territory, or regional state of the subject.
- street
Address This property is required. String - The street address of the subject.
- common
Name This property is required. string - The "common name" of the subject.
- country
Code This property is required. string - The country code of the subject.
- locality
This property is required. string - The locality or city of the subject.
- organization
This property is required. string - The organization of the subject.
- organizational
Unit This property is required. string - The organizational_unit of the subject.
- postal
Code This property is required. string - The postal code of the subject.
- province
This property is required. string - The province, territory, or regional state of the subject.
- street
Address This property is required. string - The street address of the subject.
- common_
name This property is required. str - The "common name" of the subject.
- country_
code This property is required. str - The country code of the subject.
- locality
This property is required. str - The locality or city of the subject.
- organization
This property is required. str - The organization of the subject.
- organizational_
unit This property is required. str - The organizational_unit of the subject.
- postal_
code This property is required. str - The postal code of the subject.
- province
This property is required. str - The province, territory, or regional state of the subject.
- street_
address This property is required. str - The street address of the subject.
- common
Name This property is required. String - The "common name" of the subject.
- country
Code This property is required. String - The country code of the subject.
- locality
This property is required. String - The locality or city of the subject.
- organization
This property is required. String - The organization of the subject.
- organizational
Unit This property is required. String - The organizational_unit of the subject.
- postal
Code This property is required. String - The postal code of the subject.
- province
This property is required. String - The province, territory, or regional state of the subject.
- street
Address This property is required. String - The street address of the subject.
SubordinateConfigChainResponse
- Pem
Certificates This property is required. List<string> - Expected to be in leaf-to-root order according to RFC 5246.
- Pem
Certificates This property is required. []string - Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates This property is required. List<String> - Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates This property is required. string[] - Expected to be in leaf-to-root order according to RFC 5246.
- pem_
certificates This property is required. Sequence[str] - Expected to be in leaf-to-root order according to RFC 5246.
- pem
Certificates This property is required. List<String> - Expected to be in leaf-to-root order according to RFC 5246.
SubordinateConfigResponse
This property is required. string- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - Pem
Issuer Chain This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Subordinate Config Chain Response - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
This property is required. string- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - Pem
Issuer Chain This property is required. SubordinateConfig Chain Response - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
This property is required. String- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - pem
Issuer Chain This property is required. SubordinateConfig Chain Response - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
This property is required. string- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - pem
Issuer Chain This property is required. SubordinateConfig Chain Response - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
This property is required. str- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - pem_
issuer_ chain This property is required. SubordinateConfig Chain Response - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
This property is required. String- This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format
projects/*/locations/*/caPools/*/certificateAuthorities/*
. - pem
Issuer Chain This property is required. Property Map - Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.
X509ExtensionResponse
- Critical
This property is required. bool - Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response - The OID for this X.509 extension.
- Value
This property is required. string - The value of this X.509 extension.
- Critical
This property is required. bool - Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id This property is required. ObjectId Response - The OID for this X.509 extension.
- Value
This property is required. string - The value of this X.509 extension.
- critical
This property is required. Boolean - Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id This property is required. ObjectId Response - The OID for this X.509 extension.
- value
This property is required. String - The value of this X.509 extension.
- critical
This property is required. boolean - Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id This property is required. ObjectId Response - The OID for this X.509 extension.
- value
This property is required. string - The value of this X.509 extension.
- critical
This property is required. bool - Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
id This property is required. ObjectId Response - The OID for this X.509 extension.
- value
This property is required. str - The value of this X.509 extension.
- critical
This property is required. Boolean - Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id This property is required. Property Map - The OID for this X.509 extension.
- value
This property is required. String - The value of this X.509 extension.
X509ParametersResponse
- Additional
Extensions This property is required. List<Pulumi.Google Native. Privateca. V1. Inputs. X509Extension Response> - Optional. Describes custom X.509 extensions.
- Aia
Ocsp Servers This property is required. List<string> - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Ca Options Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Key Usage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints This property is required. Pulumi.Google Native. Privateca. V1. Inputs. Name Constraints Response - Optional. Describes the X.509 name constraints extension.
- Policy
Ids This property is required. List<Pulumi.Google Native. Privateca. V1. Inputs. Object Id Response> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- Additional
Extensions This property is required. []X509ExtensionResponse - Optional. Describes custom X.509 extensions.
- Aia
Ocsp Servers This property is required. []string - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options This property is required. CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- Key
Usage This property is required. KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- Name
Constraints This property is required. NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- Policy
Ids This property is required. []ObjectId Response - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions This property is required. List<X509ExtensionResponse> - Optional. Describes custom X.509 extensions.
- aia
Ocsp Servers This property is required. List<String> - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options This property is required. CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage This property is required. KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints This property is required. NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy
Ids This property is required. List<ObjectId Response> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions This property is required. X509ExtensionResponse[] - Optional. Describes custom X.509 extensions.
- aia
Ocsp Servers This property is required. string[] - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options This property is required. CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage This property is required. KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints This property is required. NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy
Ids This property is required. ObjectId Response[] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional_
extensions This property is required. Sequence[X509ExtensionResponse] - Optional. Describes custom X.509 extensions.
- aia_
ocsp_ servers This property is required. Sequence[str] - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options This property is required. CaOptions Response - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key_
usage This property is required. KeyUsage Response - Optional. Indicates the intended use for keys that correspond to a certificate.
- name_
constraints This property is required. NameConstraints Response - Optional. Describes the X.509 name constraints extension.
- policy_
ids This property is required. Sequence[ObjectId Response] - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
- additional
Extensions This property is required. List<Property Map> - Optional. Describes custom X.509 extensions.
- aia
Ocsp Servers This property is required. List<String> - Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options This property is required. Property Map - Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
- key
Usage This property is required. Property Map - Optional. Indicates the intended use for keys that correspond to a certificate.
- name
Constraints This property is required. Property Map - Optional. Describes the X.509 name constraints extension.
- policy
Ids This property is required. List<Property Map> - Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi