Google Cloud Classic v7.29.0, Jun 26 24

Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

gcp.certificateauthority.getAuthority

Explore with Pulumi AI

Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

Example Usage

data "google_privateca_certificate_authority" "default" {
  location = "us-west1"
  pool = "pool-name"
  certificate_authority_id = "ca-id"
}

output "csr" {
  value = data.google_privateca_certificate_authority.default.pem_csr
}

Using getAuthority

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAuthority(args: GetAuthorityArgs, opts?: InvokeOptions): Promise<GetAuthorityResult>
function getAuthorityOutput(args: GetAuthorityOutputArgs, opts?: InvokeOptions): Output<GetAuthorityResult>

def get_authority(certificate_authority_id: Optional[str] = None,
                  location: Optional[str] = None,
                  pool: Optional[str] = None,
                  project: Optional[str] = None,
                  opts: Optional[InvokeOptions] = None) -> GetAuthorityResult
def get_authority_output(certificate_authority_id: Optional[pulumi.Input[str]] = None,
                  location: Optional[pulumi.Input[str]] = None,
                  pool: Optional[pulumi.Input[str]] = None,
                  project: Optional[pulumi.Input[str]] = None,
                  opts: Optional[InvokeOptions] = None) -> Output[GetAuthorityResult]

func LookupAuthority(ctx *Context, args *LookupAuthorityArgs, opts ...InvokeOption) (*LookupAuthorityResult, error)
func LookupAuthorityOutput(ctx *Context, args *LookupAuthorityOutputArgs, opts ...InvokeOption) LookupAuthorityResultOutput

> Note: This function is named LookupAuthority in the Go SDK.

public static class GetAuthority 
{
    public static Task<GetAuthorityResult> InvokeAsync(GetAuthorityArgs args, InvokeOptions? opts = null)
    public static Output<GetAuthorityResult> Invoke(GetAuthorityInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetAuthorityResult> getAuthority(GetAuthorityArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: gcp:certificateauthority/getAuthority:getAuthority
  arguments:
    # arguments dictionary

The following arguments are supported:

CertificateAuthorityId string: ID of the certificate authority.
Location string: The location the certificate authority exists in.
Pool string: The name of the pool the certificate authority belongs to.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

CertificateAuthorityId string: ID of the certificate authority.
Location string: The location the certificate authority exists in.
Pool string: The name of the pool the certificate authority belongs to.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

certificateAuthorityId String: ID of the certificate authority.
location String: The location the certificate authority exists in.
pool String: The name of the pool the certificate authority belongs to.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

certificateAuthorityId string: ID of the certificate authority.
location string: The location the certificate authority exists in.
pool string: The name of the pool the certificate authority belongs to.
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

certificate_authority_id str: ID of the certificate authority.
location str: The location the certificate authority exists in.
pool str: The name of the pool the certificate authority belongs to.
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

certificateAuthorityId String: ID of the certificate authority.
location String: The location the certificate authority exists in.
pool String: The name of the pool the certificate authority belongs to.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

getAuthority Result

The following output properties are available:

AccessUrls List<GetAuthorityAccessUrl>
Configs List<GetAuthorityConfig>
CreateTime string
DeletionProtection bool
DesiredState string
EffectiveLabels Dictionary<string, string>
GcsBucket string
Id string: The provider-assigned unique ID for this managed resource.
IgnoreActiveCertificatesOnDeletion bool
KeySpecs List<GetAuthorityKeySpec>
Labels Dictionary<string, string>
Lifetime string
Name string
PemCaCertificate string
PemCaCertificates List<string>
PemCsr string: The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
PulumiLabels Dictionary<string, string>
SkipGracePeriod bool
State string
SubordinateConfigs List<GetAuthoritySubordinateConfig>
Type string
UpdateTime string
CertificateAuthorityId string
Location string
Pool string
Project string

AccessUrls []GetAuthorityAccessUrl
Configs []GetAuthorityConfig
CreateTime string
DeletionProtection bool
DesiredState string
EffectiveLabels map[string]string
GcsBucket string
Id string: The provider-assigned unique ID for this managed resource.
IgnoreActiveCertificatesOnDeletion bool
KeySpecs []GetAuthorityKeySpec
Labels map[string]string
Lifetime string
Name string
PemCaCertificate string
PemCaCertificates []string
PemCsr string: The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
PulumiLabels map[string]string
SkipGracePeriod bool
State string
SubordinateConfigs []GetAuthoritySubordinateConfig
Type string
UpdateTime string
CertificateAuthorityId string
Location string
Pool string
Project string

accessUrls List<GetAuthorityAccessUrl>
configs List<GetAuthorityConfig>
createTime String
deletionProtection Boolean
desiredState String
effectiveLabels Map<String,String>
gcsBucket String
id String: The provider-assigned unique ID for this managed resource.
ignoreActiveCertificatesOnDeletion Boolean
keySpecs List<GetAuthorityKeySpec>
labels Map<String,String>
lifetime String
name String
pemCaCertificate String
pemCaCertificates List<String>
pemCsr String: The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
pulumiLabels Map<String,String>
skipGracePeriod Boolean
state String
subordinateConfigs List<GetAuthoritySubordinateConfig>
type String
updateTime String
certificateAuthorityId String
location String
pool String
project String

accessUrls GetAuthorityAccessUrl[]
configs GetAuthorityConfig[]
createTime string
deletionProtection boolean
desiredState string
effectiveLabels {[key: string]: string}
gcsBucket string
id string: The provider-assigned unique ID for this managed resource.
ignoreActiveCertificatesOnDeletion boolean
keySpecs GetAuthorityKeySpec[]
labels {[key: string]: string}
lifetime string
name string
pemCaCertificate string
pemCaCertificates string[]
pemCsr string: The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
pulumiLabels {[key: string]: string}
skipGracePeriod boolean
state string
subordinateConfigs GetAuthoritySubordinateConfig[]
type string
updateTime string
certificateAuthorityId string
location string
pool string
project string

access_urls Sequence[GetAuthorityAccessUrl]
configs Sequence[GetAuthorityConfig]
create_time str
deletion_protection bool
desired_state str
effective_labels Mapping[str, str]
gcs_bucket str
id str: The provider-assigned unique ID for this managed resource.
ignore_active_certificates_on_deletion bool
key_specs Sequence[GetAuthorityKeySpec]
labels Mapping[str, str]
lifetime str
name str
pem_ca_certificate str
pem_ca_certificates Sequence[str]
pem_csr str: The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
pulumi_labels Mapping[str, str]
skip_grace_period bool
state str
subordinate_configs Sequence[GetAuthoritySubordinateConfig]
type str
update_time str
certificate_authority_id str
location str
pool str
project str

accessUrls List<Property Map>
configs List<Property Map>
createTime String
deletionProtection Boolean
desiredState String
effectiveLabels Map<String>
gcsBucket String
id String: The provider-assigned unique ID for this managed resource.
ignoreActiveCertificatesOnDeletion Boolean
keySpecs List<Property Map>
labels Map<String>
lifetime String
name String
pemCaCertificate String
pemCaCertificates List<String>
pemCsr String: The PEM-encoded signed certificate signing request (CSR). This is only set on subordinate certificate authorities that are awaiting user activation.
pulumiLabels Map<String>
skipGracePeriod Boolean
state String
subordinateConfigs List<Property Map>
type String
updateTime String
certificateAuthorityId String
location String
pool String
project String

Supporting Types

GetAuthorityAccessUrl

CaCertificateAccessUrl string: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
CrlAccessUrls List<string>: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

CaCertificateAccessUrl string: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
CrlAccessUrls []string: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl String: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crlAccessUrls List<String>: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl string: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crlAccessUrls string[]: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

ca_certificate_access_url str: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crl_access_urls Sequence[str]: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

caCertificateAccessUrl String: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
crlAccessUrls List<String>: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

GetAuthorityConfig

SubjectConfigs List<GetAuthorityConfigSubjectConfig>: Specifies some of the values in a certificate that are related to the subject.
SubjectKeyIds List<GetAuthorityConfigSubjectKeyId>: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
X509Configs List<GetAuthorityConfigX509Config>: Describes how some of the technical X.509 fields in a certificate should be populated.

SubjectConfigs []GetAuthorityConfigSubjectConfig: Specifies some of the values in a certificate that are related to the subject.
SubjectKeyIds []GetAuthorityConfigSubjectKeyId: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
X509Configs []GetAuthorityConfigX509Config: Describes how some of the technical X.509 fields in a certificate should be populated.

subjectConfigs List<GetAuthorityConfigSubjectConfig>: Specifies some of the values in a certificate that are related to the subject.
subjectKeyIds List<GetAuthorityConfigSubjectKeyId>: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
x509Configs List<GetAuthorityConfigX509Config>: Describes how some of the technical X.509 fields in a certificate should be populated.

subjectConfigs GetAuthorityConfigSubjectConfig[]: Specifies some of the values in a certificate that are related to the subject.
subjectKeyIds GetAuthorityConfigSubjectKeyId[]: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
x509Configs GetAuthorityConfigX509Config[]: Describes how some of the technical X.509 fields in a certificate should be populated.

subject_configs Sequence[GetAuthorityConfigSubjectConfig]: Specifies some of the values in a certificate that are related to the subject.
subject_key_ids Sequence[GetAuthorityConfigSubjectKeyId]: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
x509_configs Sequence[GetAuthorityConfigX509Config]: Describes how some of the technical X.509 fields in a certificate should be populated.

subjectConfigs List<Property Map>: Specifies some of the values in a certificate that are related to the subject.
subjectKeyIds List<Property Map>: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
x509Configs List<Property Map>: Describes how some of the technical X.509 fields in a certificate should be populated.

GetAuthorityConfigSubjectConfig

SubjectAltNames List<GetAuthorityConfigSubjectConfigSubjectAltName>: The subject alternative name fields.
Subjects List<GetAuthorityConfigSubjectConfigSubject>: Contains distinguished name fields such as the location and organization.

SubjectAltNames []GetAuthorityConfigSubjectConfigSubjectAltName: The subject alternative name fields.
Subjects []GetAuthorityConfigSubjectConfigSubject: Contains distinguished name fields such as the location and organization.

subjectAltNames List<GetAuthorityConfigSubjectConfigSubjectAltName>: The subject alternative name fields.
subjects List<GetAuthorityConfigSubjectConfigSubject>: Contains distinguished name fields such as the location and organization.

subjectAltNames GetAuthorityConfigSubjectConfigSubjectAltName[]: The subject alternative name fields.
subjects GetAuthorityConfigSubjectConfigSubject[]: Contains distinguished name fields such as the location and organization.

subject_alt_names Sequence[GetAuthorityConfigSubjectConfigSubjectAltName]: The subject alternative name fields.
subjects Sequence[GetAuthorityConfigSubjectConfigSubject]: Contains distinguished name fields such as the location and organization.

subjectAltNames List<Property Map>: The subject alternative name fields.
subjects List<Property Map>: Contains distinguished name fields such as the location and organization.

GetAuthorityConfigSubjectConfigSubject

CommonName string: The common name of the distinguished name.
CountryCode string: The country code of the subject.
Locality string: The locality or city of the subject.
Organization string: The organization of the subject.
OrganizationalUnit string: The organizational unit of the subject.
PostalCode string: The postal code of the subject.
Province string: The province, territory, or regional state of the subject.
StreetAddress string: The street address of the subject.

CommonName string: The common name of the distinguished name.
CountryCode string: The country code of the subject.
Locality string: The locality or city of the subject.
Organization string: The organization of the subject.
OrganizationalUnit string: The organizational unit of the subject.
PostalCode string: The postal code of the subject.
Province string: The province, territory, or regional state of the subject.
StreetAddress string: The street address of the subject.

commonName String: The common name of the distinguished name.
countryCode String: The country code of the subject.
locality String: The locality or city of the subject.
organization String: The organization of the subject.
organizationalUnit String: The organizational unit of the subject.
postalCode String: The postal code of the subject.
province String: The province, territory, or regional state of the subject.
streetAddress String: The street address of the subject.

commonName string: The common name of the distinguished name.
countryCode string: The country code of the subject.
locality string: The locality or city of the subject.
organization string: The organization of the subject.
organizationalUnit string: The organizational unit of the subject.
postalCode string: The postal code of the subject.
province string: The province, territory, or regional state of the subject.
streetAddress string: The street address of the subject.

common_name str: The common name of the distinguished name.
country_code str: The country code of the subject.
locality str: The locality or city of the subject.
organization str: The organization of the subject.
organizational_unit str: The organizational unit of the subject.
postal_code str: The postal code of the subject.
province str: The province, territory, or regional state of the subject.
street_address str: The street address of the subject.

commonName String: The common name of the distinguished name.
countryCode String: The country code of the subject.
locality String: The locality or city of the subject.
organization String: The organization of the subject.
organizationalUnit String: The organizational unit of the subject.
postalCode String: The postal code of the subject.
province String: The province, territory, or regional state of the subject.
streetAddress String: The street address of the subject.

GetAuthorityConfigSubjectConfigSubjectAltName

DnsNames List<string>: Contains only valid, fully-qualified host names.
EmailAddresses List<string>: Contains only valid RFC 2822 E-mail addresses.
IpAddresses List<string>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris List<string>: Contains only valid RFC 3986 URIs.

DnsNames []string: Contains only valid, fully-qualified host names.
EmailAddresses []string: Contains only valid RFC 2822 E-mail addresses.
IpAddresses []string: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
Uris []string: Contains only valid RFC 3986 URIs.

dnsNames List<String>: Contains only valid, fully-qualified host names.
emailAddresses List<String>: Contains only valid RFC 2822 E-mail addresses.
ipAddresses List<String>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris List<String>: Contains only valid RFC 3986 URIs.

dnsNames string[]: Contains only valid, fully-qualified host names.
emailAddresses string[]: Contains only valid RFC 2822 E-mail addresses.
ipAddresses string[]: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris string[]: Contains only valid RFC 3986 URIs.

dns_names Sequence[str]: Contains only valid, fully-qualified host names.
email_addresses Sequence[str]: Contains only valid RFC 2822 E-mail addresses.
ip_addresses Sequence[str]: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris Sequence[str]: Contains only valid RFC 3986 URIs.

dnsNames List<String>: Contains only valid, fully-qualified host names.
emailAddresses List<String>: Contains only valid RFC 2822 E-mail addresses.
ipAddresses List<String>: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
uris List<String>: Contains only valid RFC 3986 URIs.

GetAuthorityConfigSubjectKeyId

KeyId string: The value of the KeyId in lowercase hexidecimal.

KeyId string: The value of the KeyId in lowercase hexidecimal.

keyId String: The value of the KeyId in lowercase hexidecimal.

keyId string: The value of the KeyId in lowercase hexidecimal.

key_id str: The value of the KeyId in lowercase hexidecimal.

keyId String: The value of the KeyId in lowercase hexidecimal.

GetAuthorityConfigX509Config

AdditionalExtensions List<GetAuthorityConfigX509ConfigAdditionalExtension>: Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
AiaOcspServers List<string>: Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions List<GetAuthorityConfigX509ConfigCaOption>: Describes values that are relevant in a CA certificate.
KeyUsages List<GetAuthorityConfigX509ConfigKeyUsage>: Indicates the intended use for keys that correspond to a certificate.
NameConstraints List<GetAuthorityConfigX509ConfigNameConstraint>: Describes the X.509 name constraints extension.
PolicyIds List<GetAuthorityConfigX509ConfigPolicyId>: Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

AdditionalExtensions []GetAuthorityConfigX509ConfigAdditionalExtension: Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
AiaOcspServers []string: Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
CaOptions []GetAuthorityConfigX509ConfigCaOption: Describes values that are relevant in a CA certificate.
KeyUsages []GetAuthorityConfigX509ConfigKeyUsage: Indicates the intended use for keys that correspond to a certificate.
NameConstraints []GetAuthorityConfigX509ConfigNameConstraint: Describes the X.509 name constraints extension.
PolicyIds []GetAuthorityConfigX509ConfigPolicyId: Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<GetAuthorityConfigX509ConfigAdditionalExtension>: Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
aiaOcspServers List<String>: Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions List<GetAuthorityConfigX509ConfigCaOption>: Describes values that are relevant in a CA certificate.
keyUsages List<GetAuthorityConfigX509ConfigKeyUsage>: Indicates the intended use for keys that correspond to a certificate.
nameConstraints List<GetAuthorityConfigX509ConfigNameConstraint>: Describes the X.509 name constraints extension.
policyIds List<GetAuthorityConfigX509ConfigPolicyId>: Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions GetAuthorityConfigX509ConfigAdditionalExtension[]: Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
aiaOcspServers string[]: Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions GetAuthorityConfigX509ConfigCaOption[]: Describes values that are relevant in a CA certificate.
keyUsages GetAuthorityConfigX509ConfigKeyUsage[]: Indicates the intended use for keys that correspond to a certificate.
nameConstraints GetAuthorityConfigX509ConfigNameConstraint[]: Describes the X.509 name constraints extension.
policyIds GetAuthorityConfigX509ConfigPolicyId[]: Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additional_extensions Sequence[GetAuthorityConfigX509ConfigAdditionalExtension]: Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
aia_ocsp_servers Sequence[str]: Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
ca_options Sequence[GetAuthorityConfigX509ConfigCaOption]: Describes values that are relevant in a CA certificate.
key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsage]: Indicates the intended use for keys that correspond to a certificate.
name_constraints Sequence[GetAuthorityConfigX509ConfigNameConstraint]: Describes the X.509 name constraints extension.
policy_ids Sequence[GetAuthorityConfigX509ConfigPolicyId]: Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

additionalExtensions List<Property Map>: Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
aiaOcspServers List<String>: Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
caOptions List<Property Map>: Describes values that are relevant in a CA certificate.
keyUsages List<Property Map>: Indicates the intended use for keys that correspond to a certificate.
nameConstraints List<Property Map>: Describes the X.509 name constraints extension.
policyIds List<Property Map>: Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.

GetAuthorityConfigX509ConfigAdditionalExtension

Critical bool: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectIds List<GetAuthorityConfigX509ConfigAdditionalExtensionObjectId>: Describes values that are relevant in a CA certificate.
Value string: The value of this X.509 extension. A base64-encoded string.

Critical bool: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
ObjectIds []GetAuthorityConfigX509ConfigAdditionalExtensionObjectId: Describes values that are relevant in a CA certificate.
Value string: The value of this X.509 extension. A base64-encoded string.

critical Boolean: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectIds List<GetAuthorityConfigX509ConfigAdditionalExtensionObjectId>: Describes values that are relevant in a CA certificate.
value String: The value of this X.509 extension. A base64-encoded string.

critical boolean: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectIds GetAuthorityConfigX509ConfigAdditionalExtensionObjectId[]: Describes values that are relevant in a CA certificate.
value string: The value of this X.509 extension. A base64-encoded string.

critical bool: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
object_ids Sequence[GetAuthorityConfigX509ConfigAdditionalExtensionObjectId]: Describes values that are relevant in a CA certificate.
value str: The value of this X.509 extension. A base64-encoded string.

critical Boolean: Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
objectIds List<Property Map>: Describes values that are relevant in a CA certificate.
value String: The value of this X.509 extension. A base64-encoded string.

GetAuthorityConfigX509ConfigAdditionalExtensionObjectId

ObjectIdPaths List<int>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

ObjectIdPaths []int: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Integer>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths number[]: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

object_id_paths Sequence[int]: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Number>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

GetAuthorityConfigX509ConfigCaOption

IsCa bool: When true, the "CA" in Basic Constraints extension will be set to true.
MaxIssuerPathLength int: Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
NonCa bool: When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
ZeroMaxIssuerPathLength bool: When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

IsCa bool: When true, the "CA" in Basic Constraints extension will be set to true.
MaxIssuerPathLength int: Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
NonCa bool: When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
ZeroMaxIssuerPathLength bool: When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

isCa Boolean: When true, the "CA" in Basic Constraints extension will be set to true.
maxIssuerPathLength Integer: Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
nonCa Boolean: When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
zeroMaxIssuerPathLength Boolean: When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

isCa boolean: When true, the "CA" in Basic Constraints extension will be set to true.
maxIssuerPathLength number: Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
nonCa boolean: When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
zeroMaxIssuerPathLength boolean: When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

is_ca bool: When true, the "CA" in Basic Constraints extension will be set to true.
max_issuer_path_length int: Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
non_ca bool: When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
zero_max_issuer_path_length bool: When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

isCa Boolean: When true, the "CA" in Basic Constraints extension will be set to true.
maxIssuerPathLength Number: Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 requires setting 'zero_max_issuer_path_length = true'.
nonCa Boolean: When true, the "CA" in Basic Constraints extension will be set to false. If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.
zeroMaxIssuerPathLength Boolean: When true, the "path length constraint" in Basic Constraints extension will be set to 0. If both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset, the max path length will be omitted from the CA certificate.

GetAuthorityConfigX509ConfigKeyUsage

BaseKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage>: Describes high-level ways in which a key may be used.
ExtendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage>: Describes high-level ways in which a key may be used.
UnknownExtendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

BaseKeyUsages []GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage: Describes high-level ways in which a key may be used.
ExtendedKeyUsages []GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage: Describes high-level ways in which a key may be used.
UnknownExtendedKeyUsages []GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

baseKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage>: Describes high-level ways in which a key may be used.
extendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage>: Describes high-level ways in which a key may be used.
unknownExtendedKeyUsages List<GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

baseKeyUsages GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage[]: Describes high-level ways in which a key may be used.
extendedKeyUsages GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage[]: Describes high-level ways in which a key may be used.
unknownExtendedKeyUsages GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage[]: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

base_key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage]: Describes high-level ways in which a key may be used.
extended_key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage]: Describes high-level ways in which a key may be used.
unknown_extended_key_usages Sequence[GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage]: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

baseKeyUsages List<Property Map>: Describes high-level ways in which a key may be used.
extendedKeyUsages List<Property Map>: Describes high-level ways in which a key may be used.
unknownExtendedKeyUsages List<Property Map>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

CertSign bool: The key may be used to sign certificates.
ContentCommitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
CrlSign bool: The key may be used sign certificate revocation lists.
DataEncipherment bool: The key may be used to encipher data.
DecipherOnly bool: The key may be used to decipher only.
DigitalSignature bool: The key may be used for digital signatures.
EncipherOnly bool: The key may be used to encipher only.
KeyAgreement bool: The key may be used in a key agreement protocol.
KeyEncipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

certSign boolean: The key may be used to sign certificates.
contentCommitment boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign boolean: The key may be used sign certificate revocation lists.
dataEncipherment boolean: The key may be used to encipher data.
decipherOnly boolean: The key may be used to decipher only.
digitalSignature boolean: The key may be used for digital signatures.
encipherOnly boolean: The key may be used to encipher only.
keyAgreement boolean: The key may be used in a key agreement protocol.
keyEncipherment boolean: The key may be used to encipher other keys.

cert_sign bool: The key may be used to sign certificates.
content_commitment bool: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crl_sign bool: The key may be used sign certificate revocation lists.
data_encipherment bool: The key may be used to encipher data.
decipher_only bool: The key may be used to decipher only.
digital_signature bool: The key may be used for digital signatures.
encipher_only bool: The key may be used to encipher only.
key_agreement bool: The key may be used in a key agreement protocol.
key_encipherment bool: The key may be used to encipher other keys.

certSign Boolean: The key may be used to sign certificates.
contentCommitment Boolean: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
crlSign Boolean: The key may be used sign certificate revocation lists.
dataEncipherment Boolean: The key may be used to encipher data.
decipherOnly Boolean: The key may be used to decipher only.
digitalSignature Boolean: The key may be used for digital signatures.
encipherOnly Boolean: The key may be used to encipher only.
keyAgreement Boolean: The key may be used in a key agreement protocol.
keyEncipherment Boolean: The key may be used to encipher other keys.

GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

ClientAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
CodeSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
EmailProtection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
OcspSigning bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
ServerAuth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
TimeStamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

client_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
code_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
email_protection bool: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocsp_signing bool: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
server_auth bool: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
time_stamping bool: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

clientAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
codeSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
emailProtection Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
ocspSigning Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
serverAuth Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
timeStamping Boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage

ObjectIdPaths List<int>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

ObjectIdPaths []int: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Integer>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths number[]: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

object_id_paths Sequence[int]: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Number>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

GetAuthorityConfigX509ConfigNameConstraint

Critical bool: Indicates whether or not the name constraints are marked critical.
ExcludedDnsNames List<string>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
ExcludedEmailAddresses List<string>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
ExcludedIpRanges List<string>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
ExcludedUris List<string>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
PermittedDnsNames List<string>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
PermittedEmailAddresses List<string>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
PermittedIpRanges List<string>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
PermittedUris List<string>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

Critical bool: Indicates whether or not the name constraints are marked critical.
ExcludedDnsNames []string: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
ExcludedEmailAddresses []string: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
ExcludedIpRanges []string: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
ExcludedUris []string: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
PermittedDnsNames []string: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
PermittedEmailAddresses []string: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
PermittedIpRanges []string: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
PermittedUris []string: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

critical Boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames List<String>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
excludedEmailAddresses List<String>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
excludedIpRanges List<String>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris List<String>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
permittedDnsNames List<String>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
permittedEmailAddresses List<String>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
permittedIpRanges List<String>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris List<String>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

critical boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames string[]: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
excludedEmailAddresses string[]: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
excludedIpRanges string[]: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris string[]: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
permittedDnsNames string[]: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
permittedEmailAddresses string[]: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
permittedIpRanges string[]: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris string[]: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

critical bool: Indicates whether or not the name constraints are marked critical.
excluded_dns_names Sequence[str]: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
excluded_email_addresses Sequence[str]: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
excluded_ip_ranges Sequence[str]: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excluded_uris Sequence[str]: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
permitted_dns_names Sequence[str]: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
permitted_email_addresses Sequence[str]: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
permitted_ip_ranges Sequence[str]: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permitted_uris Sequence[str]: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

critical Boolean: Indicates whether or not the name constraints are marked critical.
excludedDnsNames List<String>: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
excludedEmailAddresses List<String>: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
excludedIpRanges List<String>: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
excludedUris List<String>: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')
permittedDnsNames List<String>: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, 'example.com', 'www.example.com', 'www.sub.example.com' would satisfy 'example.com' while 'example1.com' does not.
permittedEmailAddresses List<String>: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. '.example.com') to indicate all email addresses in that domain.
permittedIpRanges List<String>: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
permittedUris List<String>: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like '.example.com')

GetAuthorityConfigX509ConfigPolicyId

ObjectIdPaths List<int>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

ObjectIdPaths []int: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Integer>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths number[]: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

object_id_paths Sequence[int]: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

objectIdPaths List<Number>: An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

GetAuthorityKeySpec

Algorithm string: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
CloudKmsKeyVersion string: The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

Algorithm string: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
CloudKmsKeyVersion string: The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

algorithm String: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
cloudKmsKeyVersion String: The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

algorithm string: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
cloudKmsKeyVersion string: The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

algorithm str: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
cloud_kms_key_version str: The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

algorithm String: The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as HSM. Possible values: ["SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384"]
cloudKmsKeyVersion String: The resource name for an existing Cloud KMS CryptoKeyVersion in the format 'projects//locations//keyRings//cryptoKeys//cryptoKeyVersions/*'.

GetAuthoritySubordinateConfig

CertificateAuthority string: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
PemIssuerChains List<GetAuthoritySubordinateConfigPemIssuerChain>: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

CertificateAuthority string: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
PemIssuerChains []GetAuthoritySubordinateConfigPemIssuerChain: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority String: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
pemIssuerChains List<GetAuthoritySubordinateConfigPemIssuerChain>: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority string: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
pemIssuerChains GetAuthoritySubordinateConfigPemIssuerChain[]: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificate_authority str: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
pem_issuer_chains Sequence[GetAuthoritySubordinateConfigPemIssuerChain]: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

certificateAuthority String: This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format 'projects//locations//caPools//certificateAuthorities/'.
pemIssuerChains List<Property Map>: Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

GetAuthoritySubordinateConfigPemIssuerChain

PemCertificates List<string>: Expected to be in leaf-to-root order according to RFC 5246.

PemCertificates []string: Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates List<String>: Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates string[]: Expected to be in leaf-to-root order according to RFC 5246.

pem_certificates Sequence[str]: Expected to be in leaf-to-root order according to RFC 5246.

pemCertificates List<String>: Expected to be in leaf-to-root order according to RFC 5246.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

pulumi/pulumi-gcp

gcp.certificateauthority.getAuthority

On this page

On this page

Example Usage

Using getAuthority

getAuthority Result

Supporting Types

GetAuthorityAccessUrl

GetAuthorityConfig

GetAuthorityConfigSubjectConfig

GetAuthorityConfigSubjectConfigSubject

GetAuthorityConfigSubjectConfigSubjectAltName

GetAuthorityConfigSubjectKeyId

GetAuthorityConfigX509Config

GetAuthorityConfigX509ConfigAdditionalExtension

GetAuthorityConfigX509ConfigAdditionalExtensionObjectId

GetAuthorityConfigX509ConfigCaOption

GetAuthorityConfigX509ConfigKeyUsage

GetAuthorityConfigX509ConfigKeyUsageBaseKeyUsage

GetAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage

GetAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsage

GetAuthorityConfigX509ConfigNameConstraint

GetAuthorityConfigX509ConfigPolicyId

GetAuthorityKeySpec

GetAuthoritySubordinateConfig

GetAuthoritySubordinateConfigPemIssuerChain

Package Details

On this page

On this page