Google Cloud Native v0.32.0, Nov 29 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.privateca/v1.Certificate

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

Create a new Certificate in a given Project, Location from a particular CaPool. Auto-naming is currently not supported for this resource. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Create Certificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);

@overload
def Certificate(resource_name: str,
                args: CertificateArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                ca_pool_id: Optional[str] = None,
                lifetime: Optional[str] = None,
                certificate_id: Optional[str] = None,
                certificate_template: Optional[str] = None,
                config: Optional[CertificateConfigArgs] = None,
                issuing_certificate_authority_id: Optional[str] = None,
                labels: Optional[Mapping[str, str]] = None,
                location: Optional[str] = None,
                pem_csr: Optional[str] = None,
                project: Optional[str] = None,
                request_id: Optional[str] = None,
                subject_mode: Optional[CertificateSubjectMode] = None)

func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)

public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)

public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)

type: google-native:privateca/v1:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var examplecertificateResourceResourceFromPrivatecav1 = new GoogleNative.Privateca.V1.Certificate("examplecertificateResourceResourceFromPrivatecav1", new()
{
    CaPoolId = "string",
    Lifetime = "string",
    CertificateId = "string",
    CertificateTemplate = "string",
    Config = new GoogleNative.Privateca.V1.Inputs.CertificateConfigArgs
    {
        SubjectConfig = new GoogleNative.Privateca.V1.Inputs.SubjectConfigArgs
        {
            Subject = new GoogleNative.Privateca.V1.Inputs.SubjectArgs
            {
                CommonName = "string",
                CountryCode = "string",
                Locality = "string",
                Organization = "string",
                OrganizationalUnit = "string",
                PostalCode = "string",
                Province = "string",
                StreetAddress = "string",
            },
            SubjectAltName = new GoogleNative.Privateca.V1.Inputs.SubjectAltNamesArgs
            {
                CustomSans = new[]
                {
                    new GoogleNative.Privateca.V1.Inputs.X509ExtensionArgs
                    {
                        ObjectId = new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                        {
                            ObjectIdPath = new[]
                            {
                                0,
                            },
                        },
                        Value = "string",
                        Critical = false,
                    },
                },
                DnsNames = new[]
                {
                    "string",
                },
                EmailAddresses = new[]
                {
                    "string",
                },
                IpAddresses = new[]
                {
                    "string",
                },
                Uris = new[]
                {
                    "string",
                },
            },
        },
        X509Config = new GoogleNative.Privateca.V1.Inputs.X509ParametersArgs
        {
            AdditionalExtensions = new[]
            {
                new GoogleNative.Privateca.V1.Inputs.X509ExtensionArgs
                {
                    ObjectId = new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                    {
                        ObjectIdPath = new[]
                        {
                            0,
                        },
                    },
                    Value = "string",
                    Critical = false,
                },
            },
            AiaOcspServers = new[]
            {
                "string",
            },
            CaOptions = new GoogleNative.Privateca.V1.Inputs.CaOptionsArgs
            {
                IsCa = false,
                MaxIssuerPathLength = 0,
            },
            KeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageArgs
            {
                BaseKeyUsage = new GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsArgs
                {
                    CertSign = false,
                    ContentCommitment = false,
                    CrlSign = false,
                    DataEncipherment = false,
                    DecipherOnly = false,
                    DigitalSignature = false,
                    EncipherOnly = false,
                    KeyAgreement = false,
                    KeyEncipherment = false,
                },
                ExtendedKeyUsage = new GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsArgs
                {
                    ClientAuth = false,
                    CodeSigning = false,
                    EmailProtection = false,
                    OcspSigning = false,
                    ServerAuth = false,
                    TimeStamping = false,
                },
                UnknownExtendedKeyUsages = new[]
                {
                    new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                    {
                        ObjectIdPath = new[]
                        {
                            0,
                        },
                    },
                },
            },
            NameConstraints = new GoogleNative.Privateca.V1.Inputs.NameConstraintsArgs
            {
                Critical = false,
                ExcludedDnsNames = new[]
                {
                    "string",
                },
                ExcludedEmailAddresses = new[]
                {
                    "string",
                },
                ExcludedIpRanges = new[]
                {
                    "string",
                },
                ExcludedUris = new[]
                {
                    "string",
                },
                PermittedDnsNames = new[]
                {
                    "string",
                },
                PermittedEmailAddresses = new[]
                {
                    "string",
                },
                PermittedIpRanges = new[]
                {
                    "string",
                },
                PermittedUris = new[]
                {
                    "string",
                },
            },
            PolicyIds = new[]
            {
                new GoogleNative.Privateca.V1.Inputs.ObjectIdArgs
                {
                    ObjectIdPath = new[]
                    {
                        0,
                    },
                },
            },
        },
        PublicKey = new GoogleNative.Privateca.V1.Inputs.PublicKeyArgs
        {
            Format = GoogleNative.Privateca.V1.PublicKeyFormat.KeyFormatUnspecified,
            Key = "string",
        },
    },
    IssuingCertificateAuthorityId = "string",
    Labels = 
    {
        { "string", "string" },
    },
    Location = "string",
    PemCsr = "string",
    Project = "string",
    RequestId = "string",
    SubjectMode = GoogleNative.Privateca.V1.CertificateSubjectMode.SubjectRequestModeUnspecified,
});

example, err := privateca.NewCertificate(ctx, "examplecertificateResourceResourceFromPrivatecav1", &privateca.CertificateArgs{
	CaPoolId:            pulumi.String("string"),
	Lifetime:            pulumi.String("string"),
	CertificateId:       pulumi.String("string"),
	CertificateTemplate: pulumi.String("string"),
	Config: &privateca.CertificateConfigArgs{
		SubjectConfig: &privateca.SubjectConfigArgs{
			Subject: &privateca.SubjectArgs{
				CommonName:         pulumi.String("string"),
				CountryCode:        pulumi.String("string"),
				Locality:           pulumi.String("string"),
				Organization:       pulumi.String("string"),
				OrganizationalUnit: pulumi.String("string"),
				PostalCode:         pulumi.String("string"),
				Province:           pulumi.String("string"),
				StreetAddress:      pulumi.String("string"),
			},
			SubjectAltName: &privateca.SubjectAltNamesArgs{
				CustomSans: privateca.X509ExtensionArray{
					&privateca.X509ExtensionArgs{
						ObjectId: &privateca.ObjectIdArgs{
							ObjectIdPath: pulumi.IntArray{
								pulumi.Int(0),
							},
						},
						Value:    pulumi.String("string"),
						Critical: pulumi.Bool(false),
					},
				},
				DnsNames: pulumi.StringArray{
					pulumi.String("string"),
				},
				EmailAddresses: pulumi.StringArray{
					pulumi.String("string"),
				},
				IpAddresses: pulumi.StringArray{
					pulumi.String("string"),
				},
				Uris: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
		},
		X509Config: &privateca.X509ParametersArgs{
			AdditionalExtensions: privateca.X509ExtensionArray{
				&privateca.X509ExtensionArgs{
					ObjectId: &privateca.ObjectIdArgs{
						ObjectIdPath: pulumi.IntArray{
							pulumi.Int(0),
						},
					},
					Value:    pulumi.String("string"),
					Critical: pulumi.Bool(false),
				},
			},
			AiaOcspServers: pulumi.StringArray{
				pulumi.String("string"),
			},
			CaOptions: &privateca.CaOptionsArgs{
				IsCa:                pulumi.Bool(false),
				MaxIssuerPathLength: pulumi.Int(0),
			},
			KeyUsage: &privateca.KeyUsageArgs{
				BaseKeyUsage: &privateca.KeyUsageOptionsArgs{
					CertSign:          pulumi.Bool(false),
					ContentCommitment: pulumi.Bool(false),
					CrlSign:           pulumi.Bool(false),
					DataEncipherment:  pulumi.Bool(false),
					DecipherOnly:      pulumi.Bool(false),
					DigitalSignature:  pulumi.Bool(false),
					EncipherOnly:      pulumi.Bool(false),
					KeyAgreement:      pulumi.Bool(false),
					KeyEncipherment:   pulumi.Bool(false),
				},
				ExtendedKeyUsage: &privateca.ExtendedKeyUsageOptionsArgs{
					ClientAuth:      pulumi.Bool(false),
					CodeSigning:     pulumi.Bool(false),
					EmailProtection: pulumi.Bool(false),
					OcspSigning:     pulumi.Bool(false),
					ServerAuth:      pulumi.Bool(false),
					TimeStamping:    pulumi.Bool(false),
				},
				UnknownExtendedKeyUsages: privateca.ObjectIdArray{
					&privateca.ObjectIdArgs{
						ObjectIdPath: pulumi.IntArray{
							pulumi.Int(0),
						},
					},
				},
			},
			NameConstraints: &privateca.NameConstraintsArgs{
				Critical: pulumi.Bool(false),
				ExcludedDnsNames: pulumi.StringArray{
					pulumi.String("string"),
				},
				ExcludedEmailAddresses: pulumi.StringArray{
					pulumi.String("string"),
				},
				ExcludedIpRanges: pulumi.StringArray{
					pulumi.String("string"),
				},
				ExcludedUris: pulumi.StringArray{
					pulumi.String("string"),
				},
				PermittedDnsNames: pulumi.StringArray{
					pulumi.String("string"),
				},
				PermittedEmailAddresses: pulumi.StringArray{
					pulumi.String("string"),
				},
				PermittedIpRanges: pulumi.StringArray{
					pulumi.String("string"),
				},
				PermittedUris: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
			PolicyIds: privateca.ObjectIdArray{
				&privateca.ObjectIdArgs{
					ObjectIdPath: pulumi.IntArray{
						pulumi.Int(0),
					},
				},
			},
		},
		PublicKey: &privateca.PublicKeyArgs{
			Format: privateca.PublicKeyFormatKeyFormatUnspecified,
			Key:    pulumi.String("string"),
		},
	},
	IssuingCertificateAuthorityId: pulumi.String("string"),
	Labels: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Location:    pulumi.String("string"),
	PemCsr:      pulumi.String("string"),
	Project:     pulumi.String("string"),
	RequestId:   pulumi.String("string"),
	SubjectMode: privateca.CertificateSubjectModeSubjectRequestModeUnspecified,
})

var examplecertificateResourceResourceFromPrivatecav1 = new Certificate("examplecertificateResourceResourceFromPrivatecav1", CertificateArgs.builder()
    .caPoolId("string")
    .lifetime("string")
    .certificateId("string")
    .certificateTemplate("string")
    .config(CertificateConfigArgs.builder()
        .subjectConfig(SubjectConfigArgs.builder()
            .subject(SubjectArgs.builder()
                .commonName("string")
                .countryCode("string")
                .locality("string")
                .organization("string")
                .organizationalUnit("string")
                .postalCode("string")
                .province("string")
                .streetAddress("string")
                .build())
            .subjectAltName(SubjectAltNamesArgs.builder()
                .customSans(X509ExtensionArgs.builder()
                    .objectId(ObjectIdArgs.builder()
                        .objectIdPath(0)
                        .build())
                    .value("string")
                    .critical(false)
                    .build())
                .dnsNames("string")
                .emailAddresses("string")
                .ipAddresses("string")
                .uris("string")
                .build())
            .build())
        .x509Config(X509ParametersArgs.builder()
            .additionalExtensions(X509ExtensionArgs.builder()
                .objectId(ObjectIdArgs.builder()
                    .objectIdPath(0)
                    .build())
                .value("string")
                .critical(false)
                .build())
            .aiaOcspServers("string")
            .caOptions(CaOptionsArgs.builder()
                .isCa(false)
                .maxIssuerPathLength(0)
                .build())
            .keyUsage(KeyUsageArgs.builder()
                .baseKeyUsage(KeyUsageOptionsArgs.builder()
                    .certSign(false)
                    .contentCommitment(false)
                    .crlSign(false)
                    .dataEncipherment(false)
                    .decipherOnly(false)
                    .digitalSignature(false)
                    .encipherOnly(false)
                    .keyAgreement(false)
                    .keyEncipherment(false)
                    .build())
                .extendedKeyUsage(ExtendedKeyUsageOptionsArgs.builder()
                    .clientAuth(false)
                    .codeSigning(false)
                    .emailProtection(false)
                    .ocspSigning(false)
                    .serverAuth(false)
                    .timeStamping(false)
                    .build())
                .unknownExtendedKeyUsages(ObjectIdArgs.builder()
                    .objectIdPath(0)
                    .build())
                .build())
            .nameConstraints(NameConstraintsArgs.builder()
                .critical(false)
                .excludedDnsNames("string")
                .excludedEmailAddresses("string")
                .excludedIpRanges("string")
                .excludedUris("string")
                .permittedDnsNames("string")
                .permittedEmailAddresses("string")
                .permittedIpRanges("string")
                .permittedUris("string")
                .build())
            .policyIds(ObjectIdArgs.builder()
                .objectIdPath(0)
                .build())
            .build())
        .publicKey(PublicKeyArgs.builder()
            .format("KEY_FORMAT_UNSPECIFIED")
            .key("string")
            .build())
        .build())
    .issuingCertificateAuthorityId("string")
    .labels(Map.of("string", "string"))
    .location("string")
    .pemCsr("string")
    .project("string")
    .requestId("string")
    .subjectMode("SUBJECT_REQUEST_MODE_UNSPECIFIED")
    .build());

examplecertificate_resource_resource_from_privatecav1 = google_native.privateca.v1.Certificate("examplecertificateResourceResourceFromPrivatecav1",
    ca_pool_id="string",
    lifetime="string",
    certificate_id="string",
    certificate_template="string",
    config={
        "subject_config": {
            "subject": {
                "common_name": "string",
                "country_code": "string",
                "locality": "string",
                "organization": "string",
                "organizational_unit": "string",
                "postal_code": "string",
                "province": "string",
                "street_address": "string",
            },
            "subject_alt_name": {
                "custom_sans": [{
                    "object_id": {
                        "object_id_path": [0],
                    },
                    "value": "string",
                    "critical": False,
                }],
                "dns_names": ["string"],
                "email_addresses": ["string"],
                "ip_addresses": ["string"],
                "uris": ["string"],
            },
        },
        "x509_config": {
            "additional_extensions": [{
                "object_id": {
                    "object_id_path": [0],
                },
                "value": "string",
                "critical": False,
            }],
            "aia_ocsp_servers": ["string"],
            "ca_options": {
                "is_ca": False,
                "max_issuer_path_length": 0,
            },
            "key_usage": {
                "base_key_usage": {
                    "cert_sign": False,
                    "content_commitment": False,
                    "crl_sign": False,
                    "data_encipherment": False,
                    "decipher_only": False,
                    "digital_signature": False,
                    "encipher_only": False,
                    "key_agreement": False,
                    "key_encipherment": False,
                },
                "extended_key_usage": {
                    "client_auth": False,
                    "code_signing": False,
                    "email_protection": False,
                    "ocsp_signing": False,
                    "server_auth": False,
                    "time_stamping": False,
                },
                "unknown_extended_key_usages": [{
                    "object_id_path": [0],
                }],
            },
            "name_constraints": {
                "critical": False,
                "excluded_dns_names": ["string"],
                "excluded_email_addresses": ["string"],
                "excluded_ip_ranges": ["string"],
                "excluded_uris": ["string"],
                "permitted_dns_names": ["string"],
                "permitted_email_addresses": ["string"],
                "permitted_ip_ranges": ["string"],
                "permitted_uris": ["string"],
            },
            "policy_ids": [{
                "object_id_path": [0],
            }],
        },
        "public_key": {
            "format": google_native.privateca.v1.PublicKeyFormat.KEY_FORMAT_UNSPECIFIED,
            "key": "string",
        },
    },
    issuing_certificate_authority_id="string",
    labels={
        "string": "string",
    },
    location="string",
    pem_csr="string",
    project="string",
    request_id="string",
    subject_mode=google_native.privateca.v1.CertificateSubjectMode.SUBJECT_REQUEST_MODE_UNSPECIFIED)

const examplecertificateResourceResourceFromPrivatecav1 = new google_native.privateca.v1.Certificate("examplecertificateResourceResourceFromPrivatecav1", {
    caPoolId: "string",
    lifetime: "string",
    certificateId: "string",
    certificateTemplate: "string",
    config: {
        subjectConfig: {
            subject: {
                commonName: "string",
                countryCode: "string",
                locality: "string",
                organization: "string",
                organizationalUnit: "string",
                postalCode: "string",
                province: "string",
                streetAddress: "string",
            },
            subjectAltName: {
                customSans: [{
                    objectId: {
                        objectIdPath: [0],
                    },
                    value: "string",
                    critical: false,
                }],
                dnsNames: ["string"],
                emailAddresses: ["string"],
                ipAddresses: ["string"],
                uris: ["string"],
            },
        },
        x509Config: {
            additionalExtensions: [{
                objectId: {
                    objectIdPath: [0],
                },
                value: "string",
                critical: false,
            }],
            aiaOcspServers: ["string"],
            caOptions: {
                isCa: false,
                maxIssuerPathLength: 0,
            },
            keyUsage: {
                baseKeyUsage: {
                    certSign: false,
                    contentCommitment: false,
                    crlSign: false,
                    dataEncipherment: false,
                    decipherOnly: false,
                    digitalSignature: false,
                    encipherOnly: false,
                    keyAgreement: false,
                    keyEncipherment: false,
                },
                extendedKeyUsage: {
                    clientAuth: false,
                    codeSigning: false,
                    emailProtection: false,
                    ocspSigning: false,
                    serverAuth: false,
                    timeStamping: false,
                },
                unknownExtendedKeyUsages: [{
                    objectIdPath: [0],
                }],
            },
            nameConstraints: {
                critical: false,
                excludedDnsNames: ["string"],
                excludedEmailAddresses: ["string"],
                excludedIpRanges: ["string"],
                excludedUris: ["string"],
                permittedDnsNames: ["string"],
                permittedEmailAddresses: ["string"],
                permittedIpRanges: ["string"],
                permittedUris: ["string"],
            },
            policyIds: [{
                objectIdPath: [0],
            }],
        },
        publicKey: {
            format: google_native.privateca.v1.PublicKeyFormat.KeyFormatUnspecified,
            key: "string",
        },
    },
    issuingCertificateAuthorityId: "string",
    labels: {
        string: "string",
    },
    location: "string",
    pemCsr: "string",
    project: "string",
    requestId: "string",
    subjectMode: google_native.privateca.v1.CertificateSubjectMode.SubjectRequestModeUnspecified,
});

type: google-native:privateca/v1:Certificate
properties:
    caPoolId: string
    certificateId: string
    certificateTemplate: string
    config:
        publicKey:
            format: KEY_FORMAT_UNSPECIFIED
            key: string
        subjectConfig:
            subject:
                commonName: string
                countryCode: string
                locality: string
                organization: string
                organizationalUnit: string
                postalCode: string
                province: string
                streetAddress: string
            subjectAltName:
                customSans:
                    - critical: false
                      objectId:
                        objectIdPath:
                            - 0
                      value: string
                dnsNames:
                    - string
                emailAddresses:
                    - string
                ipAddresses:
                    - string
                uris:
                    - string
        x509Config:
            additionalExtensions:
                - critical: false
                  objectId:
                    objectIdPath:
                        - 0
                  value: string
            aiaOcspServers:
                - string
            caOptions:
                isCa: false
                maxIssuerPathLength: 0
            keyUsage:
                baseKeyUsage:
                    certSign: false
                    contentCommitment: false
                    crlSign: false
                    dataEncipherment: false
                    decipherOnly: false
                    digitalSignature: false
                    encipherOnly: false
                    keyAgreement: false
                    keyEncipherment: false
                extendedKeyUsage:
                    clientAuth: false
                    codeSigning: false
                    emailProtection: false
                    ocspSigning: false
                    serverAuth: false
                    timeStamping: false
                unknownExtendedKeyUsages:
                    - objectIdPath:
                        - 0
            nameConstraints:
                critical: false
                excludedDnsNames:
                    - string
                excludedEmailAddresses:
                    - string
                excludedIpRanges:
                    - string
                excludedUris:
                    - string
                permittedDnsNames:
                    - string
                permittedEmailAddresses:
                    - string
                permittedIpRanges:
                    - string
                permittedUris:
                    - string
            policyIds:
                - objectIdPath:
                    - 0
    issuingCertificateAuthorityId: string
    labels:
        string: string
    lifetime: string
    location: string
    pemCsr: string
    project: string
    requestId: string
    subjectMode: SUBJECT_REQUEST_MODE_UNSPECIFIED

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Certificate resource accepts the following input properties:

CaPoolId string
Lifetime string: Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
CertificateId string: Optional. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.Tier, but is optional and its value is ignored otherwise.
CertificateTemplate string: Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format projects/*/locations/*/certificateTemplates/*. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
Config Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateConfig: Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
IssuingCertificateAuthorityId string: Optional. The resource ID of the CertificateAuthority that should issue the certificate. This optional field will ignore the load-balancing scheme of the Pool and directly issue the certificate from the CA with the specified ID, contained in the same CaPool referenced by parent. Per-CA quota rules apply. If left empty, a CertificateAuthority will be chosen from the CaPool by the service. For example, to issue a Certificate from a Certificate Authority with resource name "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca", you can set the parent to "projects/my-project/locations/us-central1/caPools/my-pool" and the issuing_certificate_authority_id to "my-ca".
Labels Dictionary<string, string>: Optional. Labels with user-defined metadata.
Location string
PemCsr string: Immutable. A pem-encoded X.509 certificate signing request (CSR).
Project string
RequestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
SubjectMode Pulumi.GoogleNative.Privateca.V1.CertificateSubjectMode: Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the DEFAULT subject mode will be used.

CaPoolId string
Lifetime string: Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
CertificateId string: Optional. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.Tier, but is optional and its value is ignored otherwise.
CertificateTemplate string: Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format projects/*/locations/*/certificateTemplates/*. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
Config CertificateConfigArgs: Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
IssuingCertificateAuthorityId string: Optional. The resource ID of the CertificateAuthority that should issue the certificate. This optional field will ignore the load-balancing scheme of the Pool and directly issue the certificate from the CA with the specified ID, contained in the same CaPool referenced by parent. Per-CA quota rules apply. If left empty, a CertificateAuthority will be chosen from the CaPool by the service. For example, to issue a Certificate from a Certificate Authority with resource name "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca", you can set the parent to "projects/my-project/locations/us-central1/caPools/my-pool" and the issuing_certificate_authority_id to "my-ca".
Labels map[string]string: Optional. Labels with user-defined metadata.
Location string
PemCsr string: Immutable. A pem-encoded X.509 certificate signing request (CSR).
Project string
RequestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
SubjectMode CertificateSubjectMode: Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the DEFAULT subject mode will be used.

caPoolId String
lifetime String: Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
certificateId String: Optional. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.Tier, but is optional and its value is ignored otherwise.
certificateTemplate String: Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format projects/*/locations/*/certificateTemplates/*. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
config CertificateConfig: Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
issuingCertificateAuthorityId String: Optional. The resource ID of the CertificateAuthority that should issue the certificate. This optional field will ignore the load-balancing scheme of the Pool and directly issue the certificate from the CA with the specified ID, contained in the same CaPool referenced by parent. Per-CA quota rules apply. If left empty, a CertificateAuthority will be chosen from the CaPool by the service. For example, to issue a Certificate from a Certificate Authority with resource name "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca", you can set the parent to "projects/my-project/locations/us-central1/caPools/my-pool" and the issuing_certificate_authority_id to "my-ca".
labels Map<String,String>: Optional. Labels with user-defined metadata.
location String
pemCsr String: Immutable. A pem-encoded X.509 certificate signing request (CSR).
project String
requestId String: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
subjectMode CertificateSubjectMode: Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the DEFAULT subject mode will be used.

caPoolId string
lifetime string: Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
certificateId string: Optional. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.Tier, but is optional and its value is ignored otherwise.
certificateTemplate string: Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format projects/*/locations/*/certificateTemplates/*. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
config CertificateConfig: Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
issuingCertificateAuthorityId string: Optional. The resource ID of the CertificateAuthority that should issue the certificate. This optional field will ignore the load-balancing scheme of the Pool and directly issue the certificate from the CA with the specified ID, contained in the same CaPool referenced by parent. Per-CA quota rules apply. If left empty, a CertificateAuthority will be chosen from the CaPool by the service. For example, to issue a Certificate from a Certificate Authority with resource name "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca", you can set the parent to "projects/my-project/locations/us-central1/caPools/my-pool" and the issuing_certificate_authority_id to "my-ca".
labels {[key: string]: string}: Optional. Labels with user-defined metadata.
location string
pemCsr string: Immutable. A pem-encoded X.509 certificate signing request (CSR).
project string
requestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
subjectMode CertificateSubjectMode: Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the DEFAULT subject mode will be used.

ca_pool_id str
lifetime str: Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
certificate_id str: Optional. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.Tier, but is optional and its value is ignored otherwise.
certificate_template str: Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format projects/*/locations/*/certificateTemplates/*. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
config CertificateConfigArgs: Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
issuing_certificate_authority_id str: Optional. The resource ID of the CertificateAuthority that should issue the certificate. This optional field will ignore the load-balancing scheme of the Pool and directly issue the certificate from the CA with the specified ID, contained in the same CaPool referenced by parent. Per-CA quota rules apply. If left empty, a CertificateAuthority will be chosen from the CaPool by the service. For example, to issue a Certificate from a Certificate Authority with resource name "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca", you can set the parent to "projects/my-project/locations/us-central1/caPools/my-pool" and the issuing_certificate_authority_id to "my-ca".
labels Mapping[str, str]: Optional. Labels with user-defined metadata.
location str
pem_csr str: Immutable. A pem-encoded X.509 certificate signing request (CSR).
project str
request_id str: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
subject_mode CertificateSubjectMode: Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the DEFAULT subject mode will be used.

caPoolId String
lifetime String: Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
certificateId String: Optional. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.Tier, but is optional and its value is ignored otherwise.
certificateTemplate String: Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format projects/*/locations/*/certificateTemplates/*. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
config Property Map: Immutable. A description of the certificate and key that does not require X.509 or ASN.1.
issuingCertificateAuthorityId String: Optional. The resource ID of the CertificateAuthority that should issue the certificate. This optional field will ignore the load-balancing scheme of the Pool and directly issue the certificate from the CA with the specified ID, contained in the same CaPool referenced by parent. Per-CA quota rules apply. If left empty, a CertificateAuthority will be chosen from the CaPool by the service. For example, to issue a Certificate from a Certificate Authority with resource name "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca", you can set the parent to "projects/my-project/locations/us-central1/caPools/my-pool" and the issuing_certificate_authority_id to "my-ca".
labels Map<String>: Optional. Labels with user-defined metadata.
location String
pemCsr String: Immutable. A pem-encoded X.509 certificate signing request (CSR).
project String
requestId String: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
subjectMode "SUBJECT_REQUEST_MODE_UNSPECIFIED" | "DEFAULT" | "REFLECTED_SPIFFE": Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the DEFAULT subject mode will be used.

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

CertificateDescription Pulumi.GoogleNative.Privateca.V1.Outputs.CertificateDescriptionResponse: A structured description of the issued X.509 certificate.
CreateTime string: The time at which this Certificate was created.
Id string: The provider-assigned unique ID for this managed resource.
IssuerCertificateAuthority string: The resource name of the issuing CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
Name string: The resource name for this Certificate in the format projects/*/locations/*/caPools/*/certificates/*.
PemCertificate string: The pem-encoded, signed X.509 certificate.
PemCertificateChain List<string>: The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
RevocationDetails Pulumi.GoogleNative.Privateca.V1.Outputs.RevocationDetailsResponse: Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
UpdateTime string: The time at which this Certificate was updated.

CertificateDescription CertificateDescriptionResponse: A structured description of the issued X.509 certificate.
CreateTime string: The time at which this Certificate was created.
Id string: The provider-assigned unique ID for this managed resource.
IssuerCertificateAuthority string: The resource name of the issuing CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
Name string: The resource name for this Certificate in the format projects/*/locations/*/caPools/*/certificates/*.
PemCertificate string: The pem-encoded, signed X.509 certificate.
PemCertificateChain []string: The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
RevocationDetails RevocationDetailsResponse: Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
UpdateTime string: The time at which this Certificate was updated.

certificateDescription CertificateDescriptionResponse: A structured description of the issued X.509 certificate.
createTime String: The time at which this Certificate was created.
id String: The provider-assigned unique ID for this managed resource.
issuerCertificateAuthority String: The resource name of the issuing CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
name String: The resource name for this Certificate in the format projects/*/locations/*/caPools/*/certificates/*.
pemCertificate String: The pem-encoded, signed X.509 certificate.
pemCertificateChain List<String>: The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
revocationDetails RevocationDetailsResponse: Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
updateTime String: The time at which this Certificate was updated.

certificateDescription CertificateDescriptionResponse: A structured description of the issued X.509 certificate.
createTime string: The time at which this Certificate was created.
id string: The provider-assigned unique ID for this managed resource.
issuerCertificateAuthority string: The resource name of the issuing CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
name string: The resource name for this Certificate in the format projects/*/locations/*/caPools/*/certificates/*.
pemCertificate string: The pem-encoded, signed X.509 certificate.
pemCertificateChain string[]: The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
revocationDetails RevocationDetailsResponse: Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
updateTime string: The time at which this Certificate was updated.

certificate_description CertificateDescriptionResponse: A structured description of the issued X.509 certificate.
create_time str: The time at which this Certificate was created.
id str: The provider-assigned unique ID for this managed resource.
issuer_certificate_authority str: The resource name of the issuing CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
name str: The resource name for this Certificate in the format projects/*/locations/*/caPools/*/certificates/*.
pem_certificate str: The pem-encoded, signed X.509 certificate.
pem_certificate_chain Sequence[str]: The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
revocation_details RevocationDetailsResponse: Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
update_time str: The time at which this Certificate was updated.

certificateDescription Property Map: A structured description of the issued X.509 certificate.
createTime String: The time at which this Certificate was created.
id String: The provider-assigned unique ID for this managed resource.
issuerCertificateAuthority String: The resource name of the issuing CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
name String: The resource name for this Certificate in the format projects/*/locations/*/caPools/*/certificates/*.
pemCertificate String: The pem-encoded, signed X.509 certificate.
pemCertificateChain List<String>: The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
revocationDetails Property Map: Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
updateTime String: The time at which this Certificate was updated.

Supporting Types

CaOptions
, CaOptionsArgs

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Integer: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

is_ca bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CaOptionsResponse
, CaOptionsResponseArgs

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

IsCa bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
MaxIssuerPathLength int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Integer: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

is_ca bool: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
max_issuer_path_length int: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

isCa Boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
maxIssuerPathLength Number: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CertificateConfig
, CertificateConfigArgs

SubjectConfig Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectConfig: Specifies some of the values in a certificate that are related to the subject.
X509Config Pulumi.GoogleNative.Privateca.V1.Inputs.X509Parameters: Describes how some of the technical X.509 fields in a certificate should be populated.
PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKey: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

SubjectConfig SubjectConfig: Specifies some of the values in a certificate that are related to the subject.
X509Config X509Parameters: Describes how some of the technical X.509 fields in a certificate should be populated.
PublicKey PublicKey: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

subjectConfig SubjectConfig: Specifies some of the values in a certificate that are related to the subject.
x509Config X509Parameters: Describes how some of the technical X.509 fields in a certificate should be populated.
publicKey PublicKey: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

subjectConfig SubjectConfig: Specifies some of the values in a certificate that are related to the subject.
x509Config X509Parameters: Describes how some of the technical X.509 fields in a certificate should be populated.
publicKey PublicKey: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

subject_config SubjectConfig: Specifies some of the values in a certificate that are related to the subject.
x509_config X509Parameters: Describes how some of the technical X.509 fields in a certificate should be populated.
public_key PublicKey: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

subjectConfig Property Map: Specifies some of the values in a certificate that are related to the subject.
x509Config Property Map: Describes how some of the technical X.509 fields in a certificate should be populated.
publicKey Property Map: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.

CertificateConfigResponse
, CertificateConfigResponseArgs

PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKeyResponse: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
SubjectConfig Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectConfigResponse: Specifies some of the values in a certificate that are related to the subject.
X509Config Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse: Describes how some of the technical X.509 fields in a certificate should be populated.

PublicKey PublicKeyResponse: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
SubjectConfig SubjectConfigResponse: Specifies some of the values in a certificate that are related to the subject.
X509Config X509ParametersResponse: Describes how some of the technical X.509 fields in a certificate should be populated.

publicKey PublicKeyResponse: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subjectConfig SubjectConfigResponse: Specifies some of the values in a certificate that are related to the subject.
x509Config X509ParametersResponse: Describes how some of the technical X.509 fields in a certificate should be populated.

publicKey PublicKeyResponse: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subjectConfig SubjectConfigResponse: Specifies some of the values in a certificate that are related to the subject.
x509Config X509ParametersResponse: Describes how some of the technical X.509 fields in a certificate should be populated.

public_key PublicKeyResponse: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subject_config SubjectConfigResponse: Specifies some of the values in a certificate that are related to the subject.
x509_config X509ParametersResponse: Describes how some of the technical X.509 fields in a certificate should be populated.

publicKey Property Map: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
subjectConfig Property Map: Specifies some of the values in a certificate that are related to the subject.
x509Config Property Map: Describes how some of the technical X.509 fields in a certificate should be populated.

CertificateDescriptionResponse
, CertificateDescriptionResponseArgs

AiaIssuingCertificateUrls List<string>: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
AuthorityKeyId Pulumi.GoogleNative.Privateca.V1.Inputs.KeyIdResponse: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
CertFingerprint Pulumi.GoogleNative.Privateca.V1.Inputs.CertificateFingerprintResponse: The hash of the x.509 certificate.
CrlDistributionPoints List<string>: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
PublicKey Pulumi.GoogleNative.Privateca.V1.Inputs.PublicKeyResponse: The public key that corresponds to an issued certificate.
SubjectDescription Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectDescriptionResponse: Describes some of the values in a certificate that are related to the subject and lifetime.
SubjectKeyId Pulumi.GoogleNative.Privateca.V1.Inputs.KeyIdResponse: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
X509Description Pulumi.GoogleNative.Privateca.V1.Inputs.X509ParametersResponse: Describes some of the technical X.509 fields in a certificate.

AiaIssuingCertificateUrls []string: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
AuthorityKeyId KeyIdResponse: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
CertFingerprint CertificateFingerprintResponse: The hash of the x.509 certificate.
CrlDistributionPoints []string: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
PublicKey PublicKeyResponse: The public key that corresponds to an issued certificate.
SubjectDescription SubjectDescriptionResponse: Describes some of the values in a certificate that are related to the subject and lifetime.
SubjectKeyId KeyIdResponse: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
X509Description X509ParametersResponse: Describes some of the technical X.509 fields in a certificate.

aiaIssuingCertificateUrls List<String>: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authorityKeyId KeyIdResponse: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
certFingerprint CertificateFingerprintResponse: The hash of the x.509 certificate.
crlDistributionPoints List<String>: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
publicKey PublicKeyResponse: The public key that corresponds to an issued certificate.
subjectDescription SubjectDescriptionResponse: Describes some of the values in a certificate that are related to the subject and lifetime.
subjectKeyId KeyIdResponse: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
x509Description X509ParametersResponse: Describes some of the technical X.509 fields in a certificate.

aiaIssuingCertificateUrls string[]: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authorityKeyId KeyIdResponse: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
certFingerprint CertificateFingerprintResponse: The hash of the x.509 certificate.
crlDistributionPoints string[]: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
publicKey PublicKeyResponse: The public key that corresponds to an issued certificate.
subjectDescription SubjectDescriptionResponse: Describes some of the values in a certificate that are related to the subject and lifetime.
subjectKeyId KeyIdResponse: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
x509Description X509ParametersResponse: Describes some of the technical X.509 fields in a certificate.

aia_issuing_certificate_urls Sequence[str]: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authority_key_id KeyIdResponse: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
cert_fingerprint CertificateFingerprintResponse: The hash of the x.509 certificate.
crl_distribution_points Sequence[str]: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
public_key PublicKeyResponse: The public key that corresponds to an issued certificate.
subject_description SubjectDescriptionResponse: Describes some of the values in a certificate that are related to the subject and lifetime.
subject_key_id KeyIdResponse: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
x509_description X509ParametersResponse: Describes some of the technical X.509 fields in a certificate.

aiaIssuingCertificateUrls List<String>: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
authorityKeyId Property Map: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
certFingerprint Property Map: The hash of the x.509 certificate.
crlDistributionPoints List<String>: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
publicKey Property Map: The public key that corresponds to an issued certificate.
subjectDescription Property Map: Describes some of the values in a certificate that are related to the subject and lifetime.
subjectKeyId Property Map: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
x509Description Property Map: Describes some of the technical X.509 fields in a certificate.

CertificateFingerprintResponse
, CertificateFingerprintResponseArgs

Sha256Hash string: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

Sha256Hash string: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256Hash String: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256Hash string: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256_hash str: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256Hash String: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

CertificateSubjectMode
, CertificateSubjectModeArgs

SubjectRequestModeUnspecified: SUBJECT_REQUEST_MODE_UNSPECIFIEDNot specified.
Default: DEFAULTThe default mode used in most cases. Indicates that the certificate's Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission.
ReflectedSpiffe: REFLECTED_SPIFFEA mode reserved for special cases. Indicates that the certificate should have one SPIFFE SubjectAltNames set by the service based on the caller's identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.

CertificateSubjectModeSubjectRequestModeUnspecified: SUBJECT_REQUEST_MODE_UNSPECIFIEDNot specified.
CertificateSubjectModeDefault: DEFAULTThe default mode used in most cases. Indicates that the certificate's Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission.
CertificateSubjectModeReflectedSpiffe: REFLECTED_SPIFFEA mode reserved for special cases. Indicates that the certificate should have one SPIFFE SubjectAltNames set by the service based on the caller's identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.

SubjectRequestModeUnspecified: SUBJECT_REQUEST_MODE_UNSPECIFIEDNot specified.
Default: DEFAULTThe default mode used in most cases. Indicates that the certificate's Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission.
ReflectedSpiffe: REFLECTED_SPIFFEA mode reserved for special cases. Indicates that the certificate should have one SPIFFE SubjectAltNames set by the service based on the caller's identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.

SubjectRequestModeUnspecified: SUBJECT_REQUEST_MODE_UNSPECIFIEDNot specified.
Default: DEFAULTThe default mode used in most cases. Indicates that the certificate's Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission.
ReflectedSpiffe: REFLECTED_SPIFFEA mode reserved for special cases. Indicates that the certificate should have one SPIFFE SubjectAltNames set by the service based on the caller's identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.

SUBJECT_REQUEST_MODE_UNSPECIFIED: SUBJECT_REQUEST_MODE_UNSPECIFIEDNot specified.
DEFAULT: DEFAULTThe default mode used in most cases. Indicates that the certificate's Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission.
REFLECTED_SPIFFE: REFLECTED_SPIFFEA mode reserved for special cases. Indicates that the certificate should have one SPIFFE SubjectAltNames set by the service based on the caller's identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.

"SUBJECT_REQUEST_MODE_UNSPECIFIED": SUBJECT_REQUEST_MODE_UNSPECIFIEDNot specified.
"DEFAULT": DEFAULTThe default mode used in most cases. Indicates that the certificate's Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission.
"REFLECTED_SPIFFE": REFLECTED_SPIFFEA mode reserved for special cases. Indicates that the certificate should have one SPIFFE SubjectAltNames set by the service based on the caller's identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.

ExtendedKeyUsageOptions
, ExtendedKeyUsageOptionsArgs

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
code_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
email_protection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocsp_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
server_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
time_stamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ExtendedKeyUsageOptionsResponse
, ExtendedKeyUsageOptionsResponseArgs

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
code_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
email_protection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocsp_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
server_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
time_stamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

KeyIdResponse
, KeyIdResponseArgs

KeyId string: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

KeyId string: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

keyId String: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

keyId string: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

key_id str: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

keyId String: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

KeyUsage
, KeyUsageArgs

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptions: Describes high-level ways in which a key may be used.
ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptions: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

BaseKeyUsage KeyUsageOptions: Describes high-level ways in which a key may be used.
ExtendedKeyUsage ExtendedKeyUsageOptions: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []ObjectId: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptions: Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptions: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<ObjectId>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptions: Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptions: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages ObjectId[]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

base_key_usage KeyUsageOptions: Describes high-level ways in which a key may be used.
extended_key_usage ExtendedKeyUsageOptions: Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[ObjectId]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage Property Map: Describes high-level ways in which a key may be used.
extendedKeyUsage Property Map: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<Property Map>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

KeyUsageOptions
, KeyUsageOptionsArgs

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

certSign boolean: The key may be used to sign certificates.
contentCommitment boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign boolean: The key may be used sign certificate revocation lists.
dataEncipherment boolean: The key may be used to encipher data.
decipherOnly boolean: The key may be used to decipher only.
digitalSignature boolean: The key may be used for digital signatures.
encipherOnly boolean: The key may be used to encipher only.
keyAgreement boolean: The key may be used in a key agreement protocol.
keyEncipherment boolean: The key may be used to encipher other keys.

cert_sign bool: The key may be used to sign certificates.
content_commitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crl_sign bool: The key may be used sign certificate revocation lists.
data_encipherment bool: The key may be used to encipher data.
decipher_only bool: The key may be used to decipher only.
digital_signature bool: The key may be used for digital signatures.
encipher_only bool: The key may be used to encipher only.
key_agreement bool: The key may be used in a key agreement protocol.
key_encipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

KeyUsageOptionsResponse
, KeyUsageOptionsResponseArgs

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

certSign boolean: The key may be used to sign certificates.
contentCommitment boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign boolean: The key may be used sign certificate revocation lists.
dataEncipherment boolean: The key may be used to encipher data.
decipherOnly boolean: The key may be used to decipher only.
digitalSignature boolean: The key may be used for digital signatures.
encipherOnly boolean: The key may be used to encipher only.
keyAgreement boolean: The key may be used in a key agreement protocol.
keyEncipherment boolean: The key may be used to encipher other keys.

cert_sign bool: The key may be used to sign certificates.
content_commitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crl_sign bool: The key may be used sign certificate revocation lists.
data_encipherment bool: The key may be used to encipher data.
decipher_only bool: The key may be used to decipher only.
digital_signature bool: The key may be used for digital signatures.
encipher_only bool: The key may be used to encipher only.
key_agreement bool: The key may be used in a key agreement protocol.
key_encipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

KeyUsageResponse
, KeyUsageResponseArgs

BaseKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
ExtendedKeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

BaseKeyUsage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
ExtendedKeyUsage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
UnknownExtendedKeyUsages []ObjectIdResponse: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<ObjectIdResponse>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
extendedKeyUsage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages ObjectIdResponse[]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

base_key_usage KeyUsageOptionsResponse: Describes high-level ways in which a key may be used.
extended_key_usage ExtendedKeyUsageOptionsResponse: Detailed scenarios in which a key may be used.
unknown_extended_key_usages Sequence[ObjectIdResponse]: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

baseKeyUsage Property Map: Describes high-level ways in which a key may be used.
extendedKeyUsage Property Map: Detailed scenarios in which a key may be used.
unknownExtendedKeyUsages List<Property Map>: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.

NameConstraints
, NameConstraintsArgs

Critical bool: Indicates whether or not the name constraints are marked critical.
ExcludedDnsNames List<string>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
ExcludedEmailAddresses List<string>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
ExcludedIpRanges List<string>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
ExcludedUris List<string>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
PermittedDnsNames List<string>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
PermittedEmailAddresses List<string>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
PermittedIpRanges List<string>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
PermittedUris List<string>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

Critical bool: Indicates whether or not the name constraints are marked critical.
ExcludedDnsNames []string: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
ExcludedEmailAddresses []string: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
ExcludedIpRanges []string: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
ExcludedUris []string: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
PermittedDnsNames []string: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
PermittedEmailAddresses []string: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
PermittedIpRanges []string: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
PermittedUris []string: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical Boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames List<String>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses List<String>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges List<String>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris List<String>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames List<String>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses List<String>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges List<String>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris List<String>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames string[]: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses string[]: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges string[]: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris string[]: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames string[]: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses string[]: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges string[]: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris string[]: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical bool: Indicates whether or not the name constraints are marked critical.
excluded_dns_names Sequence[str]: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excluded_email_addresses Sequence[str]: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excluded_ip_ranges Sequence[str]: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excluded_uris Sequence[str]: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permitted_dns_names Sequence[str]: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permitted_email_addresses Sequence[str]: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permitted_ip_ranges Sequence[str]: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permitted_uris Sequence[str]: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical Boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames List<String>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses List<String>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges List<String>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris List<String>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames List<String>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses List<String>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges List<String>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris List<String>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

NameConstraintsResponse
, NameConstraintsResponseArgs

Critical bool: Indicates whether or not the name constraints are marked critical.
ExcludedDnsNames List<string>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
ExcludedEmailAddresses List<string>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
ExcludedIpRanges List<string>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
ExcludedUris List<string>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
PermittedDnsNames List<string>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
PermittedEmailAddresses List<string>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
PermittedIpRanges List<string>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
PermittedUris List<string>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

Critical bool: Indicates whether or not the name constraints are marked critical.
ExcludedDnsNames []string: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
ExcludedEmailAddresses []string: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
ExcludedIpRanges []string: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
ExcludedUris []string: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
PermittedDnsNames []string: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
PermittedEmailAddresses []string: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
PermittedIpRanges []string: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
PermittedUris []string: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical Boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames List<String>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses List<String>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges List<String>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris List<String>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames List<String>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses List<String>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges List<String>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris List<String>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames string[]: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses string[]: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges string[]: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris string[]: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames string[]: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses string[]: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges string[]: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris string[]: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical bool: Indicates whether or not the name constraints are marked critical.
excluded_dns_names Sequence[str]: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excluded_email_addresses Sequence[str]: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excluded_ip_ranges Sequence[str]: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excluded_uris Sequence[str]: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permitted_dns_names Sequence[str]: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permitted_email_addresses Sequence[str]: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permitted_ip_ranges Sequence[str]: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permitted_uris Sequence[str]: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

critical Boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames List<String>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
excludedEmailAddresses List<String>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
excludedIpRanges List<String>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris List<String>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
permittedDnsNames List<String>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
permittedEmailAddresses List<String>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
permittedIpRanges List<String>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris List<String>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)

ObjectId
, ObjectIdArgs

ObjectIdPath List<int>: The parts of an OID path. The most significant parts of the path come first.

ObjectIdPath []int: The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Integer>: The parts of an OID path. The most significant parts of the path come first.

objectIdPath number[]: The parts of an OID path. The most significant parts of the path come first.

object_id_path Sequence[int]: The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Number>: The parts of an OID path. The most significant parts of the path come first.

ObjectIdResponse
, ObjectIdResponseArgs

ObjectIdPath List<int>: The parts of an OID path. The most significant parts of the path come first.

ObjectIdPath []int: The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Integer>: The parts of an OID path. The most significant parts of the path come first.

objectIdPath number[]: The parts of an OID path. The most significant parts of the path come first.

object_id_path Sequence[int]: The parts of an OID path. The most significant parts of the path come first.

objectIdPath List<Number>: The parts of an OID path. The most significant parts of the path come first.

PublicKey
, PublicKeyArgs

Format Pulumi.GoogleNative.Privateca.V1.PublicKeyFormat: The format of the public key.
Key string: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

Format PublicKeyFormat: The format of the public key.
Key string: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

format PublicKeyFormat: The format of the public key.
key String: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

format PublicKeyFormat: The format of the public key.
key string: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

format PublicKeyFormat: The format of the public key.
key str: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

format "KEY_FORMAT_UNSPECIFIED" | "PEM": The format of the public key.
key String: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

PublicKeyFormat
, PublicKeyFormatArgs

KeyFormatUnspecified: KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
Pem: PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

PublicKeyFormatKeyFormatUnspecified: KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
PublicKeyFormatPem: PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

KeyFormatUnspecified: KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
Pem: PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

KeyFormatUnspecified: KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
Pem: PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

KEY_FORMAT_UNSPECIFIED: KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
PEM: PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

"KEY_FORMAT_UNSPECIFIED": KEY_FORMAT_UNSPECIFIEDDefault unspecified value.
"PEM": PEMThe key is PEM-encoded as defined in RFC 7468. It can be any of the following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280 SubjectPublicKeyInfo or a PEM-encoded X.509 certificate signing request (CSR). If a SubjectPublicKeyInfo is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will used solely for the purpose of extracting the public key. When generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key.

PublicKeyResponse
, PublicKeyResponseArgs

Format string: The format of the public key.
Key string: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

Format string: The format of the public key.
Key string: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

format String: The format of the public key.
key String: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

format string: The format of the public key.
key string: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

format str: The format of the public key.
key str: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

format String: The format of the public key.
key String: A public key. The padding and encoding must match with the KeyFormat value specified for the format field.

RevocationDetailsResponse
, RevocationDetailsResponseArgs

RevocationState string: Indicates why a Certificate was revoked.
RevocationTime string: The time at which this Certificate was revoked.

RevocationState string: Indicates why a Certificate was revoked.
RevocationTime string: The time at which this Certificate was revoked.

revocationState String: Indicates why a Certificate was revoked.
revocationTime String: The time at which this Certificate was revoked.

revocationState string: Indicates why a Certificate was revoked.
revocationTime string: The time at which this Certificate was revoked.

revocation_state str: Indicates why a Certificate was revoked.
revocation_time str: The time at which this Certificate was revoked.

revocationState String: Indicates why a Certificate was revoked.
revocationTime String: The time at which this Certificate was revoked.

Subject
, SubjectArgs

CommonName string: The "common name" of the subject.
CountryCode string: The country code of the subject.
Locality string: The locality or city of the subject.
Organization string: The organization of the subject.
OrganizationalUnit string: The organizational_unit of the subject.
PostalCode string: The postal code of the subject.
Province string: The province, territory, or regional state of the subject.
StreetAddress string: The street address of the subject.

CommonName string: The "common name" of the subject.
CountryCode string: The country code of the subject.
Locality string: The locality or city of the subject.
Organization string: The organization of the subject.
OrganizationalUnit string: The organizational_unit of the subject.
PostalCode string: The postal code of the subject.
Province string: The province, territory, or regional state of the subject.
StreetAddress string: The street address of the subject.

commonName String: The "common name" of the subject.
countryCode String: The country code of the subject.
locality String: The locality or city of the subject.
organization String: The organization of the subject.
organizationalUnit String: The organizational_unit of the subject.
postalCode String: The postal code of the subject.
province String: The province, territory, or regional state of the subject.
streetAddress String: The street address of the subject.

commonName string: The "common name" of the subject.
countryCode string: The country code of the subject.
locality string: The locality or city of the subject.
organization string: The organization of the subject.
organizationalUnit string: The organizational_unit of the subject.
postalCode string: The postal code of the subject.
province string: The province, territory, or regional state of the subject.
streetAddress string: The street address of the subject.

common_name str: The "common name" of the subject.
country_code str: The country code of the subject.
locality str: The locality or city of the subject.
organization str: The organization of the subject.
organizational_unit str: The organizational_unit of the subject.
postal_code str: The postal code of the subject.
province str: The province, territory, or regional state of the subject.
street_address str: The street address of the subject.

commonName String: The "common name" of the subject.
countryCode String: The country code of the subject.
locality String: The locality or city of the subject.
organization String: The organization of the subject.
organizationalUnit String: The organizational_unit of the subject.
postalCode String: The postal code of the subject.
province String: The province, territory, or regional state of the subject.
streetAddress String: The street address of the subject.

SubjectAltNames
, SubjectAltNamesArgs

CustomSans List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509Extension>: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
DnsNames List<string>: Contains only valid, fully-qualified host names.
EmailAddresses List<string>: Contains only valid RFC 2822 E-mail addresses.
IpAddresses List<string>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris List<string>: Contains only valid RFC 3986 URIs.

CustomSans []X509Extension: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
DnsNames []string: Contains only valid, fully-qualified host names.
EmailAddresses []string: Contains only valid RFC 2822 E-mail addresses.
IpAddresses []string: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris []string: Contains only valid RFC 3986 URIs.

customSans List<X509Extension>: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dnsNames List<String>: Contains only valid, fully-qualified host names.
emailAddresses List<String>: Contains only valid RFC 2822 E-mail addresses.
ipAddresses List<String>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris List<String>: Contains only valid RFC 3986 URIs.

customSans X509Extension[]: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dnsNames string[]: Contains only valid, fully-qualified host names.
emailAddresses string[]: Contains only valid RFC 2822 E-mail addresses.
ipAddresses string[]: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris string[]: Contains only valid RFC 3986 URIs.

custom_sans Sequence[X509Extension]: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dns_names Sequence[str]: Contains only valid, fully-qualified host names.
email_addresses Sequence[str]: Contains only valid RFC 2822 E-mail addresses.
ip_addresses Sequence[str]: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris Sequence[str]: Contains only valid RFC 3986 URIs.

customSans List<Property Map>: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dnsNames List<String>: Contains only valid, fully-qualified host names.
emailAddresses List<String>: Contains only valid RFC 2822 E-mail addresses.
ipAddresses List<String>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris List<String>: Contains only valid RFC 3986 URIs.

SubjectAltNamesResponse
, SubjectAltNamesResponseArgs

CustomSans List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
DnsNames List<string>: Contains only valid, fully-qualified host names.
EmailAddresses List<string>: Contains only valid RFC 2822 E-mail addresses.
IpAddresses List<string>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris List<string>: Contains only valid RFC 3986 URIs.

CustomSans []X509ExtensionResponse: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
DnsNames []string: Contains only valid, fully-qualified host names.
EmailAddresses []string: Contains only valid RFC 2822 E-mail addresses.
IpAddresses []string: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris []string: Contains only valid RFC 3986 URIs.

customSans List<X509ExtensionResponse>: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dnsNames List<String>: Contains only valid, fully-qualified host names.
emailAddresses List<String>: Contains only valid RFC 2822 E-mail addresses.
ipAddresses List<String>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris List<String>: Contains only valid RFC 3986 URIs.

customSans X509ExtensionResponse[]: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dnsNames string[]: Contains only valid, fully-qualified host names.
emailAddresses string[]: Contains only valid RFC 2822 E-mail addresses.
ipAddresses string[]: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris string[]: Contains only valid RFC 3986 URIs.

custom_sans Sequence[X509ExtensionResponse]: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dns_names Sequence[str]: Contains only valid, fully-qualified host names.
email_addresses Sequence[str]: Contains only valid RFC 2822 E-mail addresses.
ip_addresses Sequence[str]: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris Sequence[str]: Contains only valid RFC 3986 URIs.

customSans List<Property Map>: Contains additional subject alternative name values. For each custom_san, the value field must contain an ASN.1 encoded UTF8String.
dnsNames List<String>: Contains only valid, fully-qualified host names.
emailAddresses List<String>: Contains only valid RFC 2822 E-mail addresses.
ipAddresses List<String>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris List<String>: Contains only valid RFC 3986 URIs.

SubjectConfig
, SubjectConfigArgs

Subject Pulumi.GoogleNative.Privateca.V1.Inputs.Subject: Optional. Contains distinguished name fields such as the common name, location and organization.
SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNames: Optional. The subject alternative name fields.

Subject Subject: Optional. Contains distinguished name fields such as the common name, location and organization.
SubjectAltName SubjectAltNames: Optional. The subject alternative name fields.

subject Subject: Optional. Contains distinguished name fields such as the common name, location and organization.
subjectAltName SubjectAltNames: Optional. The subject alternative name fields.

subject Subject: Optional. Contains distinguished name fields such as the common name, location and organization.
subjectAltName SubjectAltNames: Optional. The subject alternative name fields.

subject Subject: Optional. Contains distinguished name fields such as the common name, location and organization.
subject_alt_name SubjectAltNames: Optional. The subject alternative name fields.

subject Property Map: Optional. Contains distinguished name fields such as the common name, location and organization.
subjectAltName Property Map: Optional. The subject alternative name fields.

SubjectConfigResponse
, SubjectConfigResponseArgs

Subject Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectResponse: Optional. Contains distinguished name fields such as the common name, location and organization.
SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNamesResponse: Optional. The subject alternative name fields.

Subject SubjectResponse: Optional. Contains distinguished name fields such as the common name, location and organization.
SubjectAltName SubjectAltNamesResponse: Optional. The subject alternative name fields.

subject SubjectResponse: Optional. Contains distinguished name fields such as the common name, location and organization.
subjectAltName SubjectAltNamesResponse: Optional. The subject alternative name fields.

subject SubjectResponse: Optional. Contains distinguished name fields such as the common name, location and organization.
subjectAltName SubjectAltNamesResponse: Optional. The subject alternative name fields.

subject SubjectResponse: Optional. Contains distinguished name fields such as the common name, location and organization.
subject_alt_name SubjectAltNamesResponse: Optional. The subject alternative name fields.

subject Property Map: Optional. Contains distinguished name fields such as the common name, location and organization.
subjectAltName Property Map: Optional. The subject alternative name fields.

SubjectDescriptionResponse
, SubjectDescriptionResponseArgs

HexSerialNumber string: The serial number encoded in lowercase hexadecimal.
Lifetime string: For convenience, the actual lifetime of an issued certificate.
NotAfterTime string: The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
NotBeforeTime string: The time at which the certificate becomes valid.
Subject Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectResponse: Contains distinguished name fields such as the common name, location and / organization.
SubjectAltName Pulumi.GoogleNative.Privateca.V1.Inputs.SubjectAltNamesResponse: The subject alternative name fields.

HexSerialNumber string: The serial number encoded in lowercase hexadecimal.
Lifetime string: For convenience, the actual lifetime of an issued certificate.
NotAfterTime string: The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
NotBeforeTime string: The time at which the certificate becomes valid.
Subject SubjectResponse: Contains distinguished name fields such as the common name, location and / organization.
SubjectAltName SubjectAltNamesResponse: The subject alternative name fields.

hexSerialNumber String: The serial number encoded in lowercase hexadecimal.
lifetime String: For convenience, the actual lifetime of an issued certificate.
notAfterTime String: The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
notBeforeTime String: The time at which the certificate becomes valid.
subject SubjectResponse: Contains distinguished name fields such as the common name, location and / organization.
subjectAltName SubjectAltNamesResponse: The subject alternative name fields.

hexSerialNumber string: The serial number encoded in lowercase hexadecimal.
lifetime string: For convenience, the actual lifetime of an issued certificate.
notAfterTime string: The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
notBeforeTime string: The time at which the certificate becomes valid.
subject SubjectResponse: Contains distinguished name fields such as the common name, location and / organization.
subjectAltName SubjectAltNamesResponse: The subject alternative name fields.

hex_serial_number str: The serial number encoded in lowercase hexadecimal.
lifetime str: For convenience, the actual lifetime of an issued certificate.
not_after_time str: The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
not_before_time str: The time at which the certificate becomes valid.
subject SubjectResponse: Contains distinguished name fields such as the common name, location and / organization.
subject_alt_name SubjectAltNamesResponse: The subject alternative name fields.

hexSerialNumber String: The serial number encoded in lowercase hexadecimal.
lifetime String: For convenience, the actual lifetime of an issued certificate.
notAfterTime String: The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.
notBeforeTime String: The time at which the certificate becomes valid.
subject Property Map: Contains distinguished name fields such as the common name, location and / organization.
subjectAltName Property Map: The subject alternative name fields.

SubjectResponse
, SubjectResponseArgs

CommonName string: The "common name" of the subject.
CountryCode string: The country code of the subject.
Locality string: The locality or city of the subject.
Organization string: The organization of the subject.
OrganizationalUnit string: The organizational_unit of the subject.
PostalCode string: The postal code of the subject.
Province string: The province, territory, or regional state of the subject.
StreetAddress string: The street address of the subject.

CommonName string: The "common name" of the subject.
CountryCode string: The country code of the subject.
Locality string: The locality or city of the subject.
Organization string: The organization of the subject.
OrganizationalUnit string: The organizational_unit of the subject.
PostalCode string: The postal code of the subject.
Province string: The province, territory, or regional state of the subject.
StreetAddress string: The street address of the subject.

commonName String: The "common name" of the subject.
countryCode String: The country code of the subject.
locality String: The locality or city of the subject.
organization String: The organization of the subject.
organizationalUnit String: The organizational_unit of the subject.
postalCode String: The postal code of the subject.
province String: The province, territory, or regional state of the subject.
streetAddress String: The street address of the subject.

commonName string: The "common name" of the subject.
countryCode string: The country code of the subject.
locality string: The locality or city of the subject.
organization string: The organization of the subject.
organizationalUnit string: The organizational_unit of the subject.
postalCode string: The postal code of the subject.
province string: The province, territory, or regional state of the subject.
streetAddress string: The street address of the subject.

common_name str: The "common name" of the subject.
country_code str: The country code of the subject.
locality str: The locality or city of the subject.
organization str: The organization of the subject.
organizational_unit str: The organizational_unit of the subject.
postal_code str: The postal code of the subject.
province str: The province, territory, or regional state of the subject.
street_address str: The street address of the subject.

commonName String: The "common name" of the subject.
countryCode String: The country code of the subject.
locality String: The locality or city of the subject.
organization String: The organization of the subject.
organizationalUnit String: The organizational_unit of the subject.
postalCode String: The postal code of the subject.
province String: The province, territory, or regional state of the subject.
streetAddress String: The street address of the subject.

X509Extension
, X509ExtensionArgs

ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId: The OID for this X.509 extension.
Value string: The value of this X.509 extension.
Critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

ObjectId ObjectId: The OID for this X.509 extension.
Value string: The value of this X.509 extension.
Critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId ObjectId: The OID for this X.509 extension.
value String: The value of this X.509 extension.
critical Boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId ObjectId: The OID for this X.509 extension.
value string: The value of this X.509 extension.
critical boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

object_id ObjectId: The OID for this X.509 extension.
value str: The value of this X.509 extension.
critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

objectId Property Map: The OID for this X.509 extension.
value String: The value of this X.509 extension.
critical Boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

X509ExtensionResponse
, X509ExtensionResponseArgs

Critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse: The OID for this X.509 extension.
Value string: The value of this X.509 extension.

Critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectId ObjectIdResponse: The OID for this X.509 extension.
Value string: The value of this X.509 extension.

critical Boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectIdResponse: The OID for this X.509 extension.
value String: The value of this X.509 extension.

critical boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId ObjectIdResponse: The OID for this X.509 extension.
value string: The value of this X.509 extension.

critical bool: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
object_id ObjectIdResponse: The OID for this X.509 extension.
value str: The value of this X.509 extension.

critical Boolean: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectId Property Map: The OID for this X.509 extension.
value String: The value of this X.509 extension.

X509Parameters
, X509ParametersArgs

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509Extension>: Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
NameConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.NameConstraints: Optional. Describes the X.509 name constraints extension.
PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectId>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []X509Extension: Optional. Describes custom X.509 extensions.
AiaOcspServers []string: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions CaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage KeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
NameConstraints NameConstraints: Optional. Describes the X.509 name constraints extension.
PolicyIds []ObjectId: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<X509Extension>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage KeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints NameConstraints: Optional. Describes the X.509 name constraints extension.
policyIds List<ObjectId>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions X509Extension[]: Optional. Describes custom X.509 extensions.
aiaOcspServers string[]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage KeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints NameConstraints: Optional. Describes the X.509 name constraints extension.
policyIds ObjectId[]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[X509Extension]: Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
ca_options CaOptions: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
key_usage KeyUsage: Optional. Indicates the intended use for keys that correspond to a certificate.
name_constraints NameConstraints: Optional. Describes the X.509 name constraints extension.
policy_ids Sequence[ObjectId]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions Property Map: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage Property Map: Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints Property Map: Optional. Describes the X.509 name constraints extension.
policyIds List<Property Map>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

X509ParametersResponse
, X509ParametersResponseArgs

AdditionalExtensions List<Pulumi.GoogleNative.Privateca.V1.Inputs.X509ExtensionResponse>: Optional. Describes custom X.509 extensions.
AiaOcspServers List<string>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions Pulumi.GoogleNative.Privateca.V1.Inputs.CaOptionsResponse: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage Pulumi.GoogleNative.Privateca.V1.Inputs.KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
NameConstraints Pulumi.GoogleNative.Privateca.V1.Inputs.NameConstraintsResponse: Optional. Describes the X.509 name constraints extension.
PolicyIds List<Pulumi.GoogleNative.Privateca.V1.Inputs.ObjectIdResponse>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []X509ExtensionResponse: Optional. Describes custom X.509 extensions.
AiaOcspServers []string: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions CaOptionsResponse: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
KeyUsage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
NameConstraints NameConstraintsResponse: Optional. Describes the X.509 name constraints extension.
PolicyIds []ObjectIdResponse: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<X509ExtensionResponse>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CaOptionsResponse: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints NameConstraintsResponse: Optional. Describes the X.509 name constraints extension.
policyIds List<ObjectIdResponse>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions X509ExtensionResponse[]: Optional. Describes custom X.509 extensions.
aiaOcspServers string[]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions CaOptionsResponse: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints NameConstraintsResponse: Optional. Describes the X.509 name constraints extension.
policyIds ObjectIdResponse[]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[X509ExtensionResponse]: Optional. Describes custom X.509 extensions.
aia_ocsp_servers Sequence[str]: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
ca_options CaOptionsResponse: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
key_usage KeyUsageResponse: Optional. Indicates the intended use for keys that correspond to a certificate.
name_constraints NameConstraintsResponse: Optional. Describes the X.509 name constraints extension.
policy_ids Sequence[ObjectIdResponse]: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>: Optional. Describes custom X.509 extensions.
aiaOcspServers List<String>: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions Property Map: Optional. Describes options in this X509Parameters that are relevant in a CA certificate.
keyUsage Property Map: Optional. Indicates the intended use for keys that correspond to a certificate.
nameConstraints Property Map: Optional. Describes the X.509 name constraints extension.
policyIds List<Property Map>: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.privateca/v1.Certificate

On this page

On this page

Create Certificate Resource

Constructor syntax

Parameters

Constructor example

Certificate Resource Properties

Inputs

Outputs

Supporting Types

CaOptions, CaOptionsArgs

CaOptionsResponse, CaOptionsResponseArgs

CertificateConfig, CertificateConfigArgs

CertificateConfigResponse, CertificateConfigResponseArgs

CertificateDescriptionResponse, CertificateDescriptionResponseArgs

CertificateFingerprintResponse, CertificateFingerprintResponseArgs

CertificateSubjectMode, CertificateSubjectModeArgs

ExtendedKeyUsageOptions, ExtendedKeyUsageOptionsArgs

ExtendedKeyUsageOptionsResponse, ExtendedKeyUsageOptionsResponseArgs

KeyIdResponse, KeyIdResponseArgs

KeyUsage, KeyUsageArgs

KeyUsageOptions, KeyUsageOptionsArgs

KeyUsageOptionsResponse, KeyUsageOptionsResponseArgs

KeyUsageResponse, KeyUsageResponseArgs

NameConstraints, NameConstraintsArgs

NameConstraintsResponse, NameConstraintsResponseArgs

ObjectId, ObjectIdArgs

ObjectIdResponse, ObjectIdResponseArgs

PublicKey, PublicKeyArgs

PublicKeyFormat, PublicKeyFormatArgs

PublicKeyResponse, PublicKeyResponseArgs

RevocationDetailsResponse, RevocationDetailsResponseArgs

Subject, SubjectArgs

SubjectAltNames, SubjectAltNamesArgs

SubjectAltNamesResponse, SubjectAltNamesResponseArgs

SubjectConfig, SubjectConfigArgs

SubjectConfigResponse, SubjectConfigResponseArgs

SubjectDescriptionResponse, SubjectDescriptionResponseArgs

SubjectResponse, SubjectResponseArgs

X509Extension, X509ExtensionArgs

X509ExtensionResponse, X509ExtensionResponseArgs

X509Parameters, X509ParametersArgs

X509ParametersResponse, X509ParametersResponseArgs

Package Details

On this page

On this page

CaOptions
, CaOptionsArgs

CaOptionsResponse
, CaOptionsResponseArgs

CertificateConfig
, CertificateConfigArgs

CertificateConfigResponse
, CertificateConfigResponseArgs

CertificateDescriptionResponse
, CertificateDescriptionResponseArgs

CertificateFingerprintResponse
, CertificateFingerprintResponseArgs

CertificateSubjectMode
, CertificateSubjectModeArgs

ExtendedKeyUsageOptions
, ExtendedKeyUsageOptionsArgs

ExtendedKeyUsageOptionsResponse
, ExtendedKeyUsageOptionsResponseArgs

KeyIdResponse
, KeyIdResponseArgs

KeyUsage
, KeyUsageArgs

KeyUsageOptions
, KeyUsageOptionsArgs

KeyUsageOptionsResponse
, KeyUsageOptionsResponseArgs

KeyUsageResponse
, KeyUsageResponseArgs

NameConstraints
, NameConstraintsArgs

NameConstraintsResponse
, NameConstraintsResponseArgs

ObjectId
, ObjectIdArgs

ObjectIdResponse
, ObjectIdResponseArgs

PublicKey
, PublicKeyArgs

PublicKeyFormat
, PublicKeyFormatArgs

PublicKeyResponse
, PublicKeyResponseArgs

RevocationDetailsResponse
, RevocationDetailsResponseArgs

Subject
, SubjectArgs

SubjectAltNames
, SubjectAltNamesArgs

SubjectAltNamesResponse
, SubjectAltNamesResponseArgs

SubjectConfig
, SubjectConfigArgs

SubjectConfigResponse
, SubjectConfigResponseArgs

SubjectDescriptionResponse
, SubjectDescriptionResponseArgs

SubjectResponse
, SubjectResponseArgs

X509Extension
, X509ExtensionArgs

X509ExtensionResponse
, X509ExtensionResponseArgs

X509Parameters
, X509ParametersArgs

X509ParametersResponse
, X509ParametersResponseArgs