This product is not supported for your selected Datadog site. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

gcp_privateca_certificate_template

ancestors

Type: UNORDERED_LIST_STRING

create_time

Type: TIMESTAMP
Provider name: createTime
Description: Output only. The time at which this CertificateTemplate was created.

description

Type: STRING
Provider name: description
Description: Optional. A human-readable description of scenarios this template is intended for.

identity_constraints

Type: STRUCT
Provider name: identityConstraints
Description: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate’s identity.

  • allow_subject_alt_names_passthrough
    Type: BOOLEAN
    Provider name: allowSubjectAltNamesPassthrough
    Description: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
  • allow_subject_passthrough
    Type: BOOLEAN
    Provider name: allowSubjectPassthrough
    Description: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
  • cel_expression
    Type: STRUCT
    Provider name: celExpression
    Description: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel
    • description
      Type: STRING
      Provider name: description
      Description: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    • expression
      Type: STRING
      Provider name: expression
      Description: Textual representation of an expression in Common Expression Language syntax.
    • location
      Type: STRING
      Provider name: location
      Description: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    • title
      Type: STRING
      Provider name: title
      Description: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

labels

Type: UNORDERED_LIST_STRING

maximum_lifetime

Type: STRING
Provider name: maximumLifetime
Description: Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool resource’s IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

name

Type: STRING
Provider name: name
Description: Identifier. The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

organization_id

Type: STRING

parent

Type: STRING

passthrough_extensions

Type: STRUCT
Provider name: passthroughExtensions
Description: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don’t appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool’s IssuancePolicy defines baseline_values that don’t appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate’s predefined_values.

  • additional_extensions
    Type: UNORDERED_LIST_STRUCT
    Provider name: additionalExtensions
    Description: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.
    • object_id_path
      Type: UNORDERED_LIST_INT32
      Provider name: objectIdPath
      Description: Required. The parts of an OID path. The most significant parts of the path come first.
  • known_extensions
    Type: UNORDERED_LIST_STRING
    Provider name: knownExtensions
    Description: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

predefined_values

Type: STRUCT
Provider name: predefinedValues
Description: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool’s IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.

  • additional_extensions
    Type: UNORDERED_LIST_STRUCT
    Provider name: additionalExtensions
    Description: Optional. Describes custom X.509 extensions.
    • critical
      Type: BOOLEAN
      Provider name: critical
      Description: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    • object_id
      Type: STRUCT
      Provider name: objectId
      Description: Required. The OID for this X.509 extension.
      • object_id_path
        Type: UNORDERED_LIST_INT32
        Provider name: objectIdPath
        Description: Required. The parts of an OID path. The most significant parts of the path come first.
  • aia_ocsp_servers
    Type: UNORDERED_LIST_STRING
    Provider name: aiaOcspServers
    Description: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the “Authority Information Access” extension in the certificate.
  • ca_options
    Type: STRUCT
    Provider name: caOptions
    Description: Optional. Describes options in this X509Parameters that are relevant in a CA certificate. If not specified, a default basic constraints extension with is_ca=false will be added for leaf certificates.
    • is_ca
      Type: BOOLEAN
      Provider name: isCa
      Description: Optional. Refers to the “CA” boolean field in the X.509 extension. When this value is missing, the basic constraints extension will be omitted from the certificate.
    • max_issuer_path_length
      Type: INT32
      Provider name: maxIssuerPathLength
      Description: Optional. Refers to the path length constraint field in the X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the certificate.
  • key_usage
    Type: STRUCT
    Provider name: keyUsage
    Description: Optional. Indicates the intended use for keys that correspond to a certificate.
    • base_key_usage
      Type: STRUCT
      Provider name: baseKeyUsage
      Description: Describes high-level ways in which a key may be used.
      • cert_sign
        Type: BOOLEAN
        Provider name: certSign
        Description: The key may be used to sign certificates.
      • content_commitment
        Type: BOOLEAN
        Provider name: contentCommitment
        Description: The key may be used for cryptographic commitments. Note that this may also be referred to as “non-repudiation”.
      • crl_sign
        Type: BOOLEAN
        Provider name: crlSign
        Description: The key may be used sign certificate revocation lists.
      • data_encipherment
        Type: BOOLEAN
        Provider name: dataEncipherment
        Description: The key may be used to encipher data.
      • decipher_only
        Type: BOOLEAN
        Provider name: decipherOnly
        Description: The key may be used to decipher only.
      • digital_signature
        Type: BOOLEAN
        Provider name: digitalSignature
        Description: The key may be used for digital signatures.
      • encipher_only
        Type: BOOLEAN
        Provider name: encipherOnly
        Description: The key may be used to encipher only.
      • key_agreement
        Type: BOOLEAN
        Provider name: keyAgreement
        Description: The key may be used in a key agreement protocol.
      • key_encipherment
        Type: BOOLEAN
        Provider name: keyEncipherment
        Description: The key may be used to encipher other keys.
    • extended_key_usage
      Type: STRUCT
      Provider name: extendedKeyUsage
      Description: Detailed scenarios in which a key may be used.
      • client_auth
        Type: BOOLEAN
        Provider name: clientAuth
        Description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as “TLS WWW client authentication”, though regularly used for non-WWW TLS.
      • code_signing
        Type: BOOLEAN
        Provider name: codeSigning
        Description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as “Signing of downloadable executable code client authentication”.
      • email_protection
        Type: BOOLEAN
        Provider name: emailProtection
        Description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as “Email protection”.
      • ocsp_signing
        Type: BOOLEAN
        Provider name: ocspSigning
        Description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as “Signing OCSP responses”.
      • server_auth
        Type: BOOLEAN
        Provider name: serverAuth
        Description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as “TLS WWW server authentication”, though regularly used for non-WWW TLS.
      • time_stamping
        Type: BOOLEAN
        Provider name: timeStamping
        Description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as “Binding the hash of an object to a time”.
    • unknown_extended_key_usages
      Type: UNORDERED_LIST_STRUCT
      Provider name: unknownExtendedKeyUsages
      Description: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
      • object_id_path
        Type: UNORDERED_LIST_INT32
        Provider name: objectIdPath
        Description: Required. The parts of an OID path. The most significant parts of the path come first.
  • name_constraints
    Type: STRUCT
    Provider name: nameConstraints
    Description: Optional. Describes the X.509 name constraints extension.
    • critical
      Type: BOOLEAN
      Provider name: critical
      Description: Indicates whether or not the name constraints are marked critical.
    • excluded_dns_names
      Type: UNORDERED_LIST_STRING
      Provider name: excludedDnsNames
      Description: Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    • excluded_email_addresses
      Type: UNORDERED_LIST_STRING
      Provider name: excludedEmailAddresses
      Description: Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    • excluded_ip_ranges
      Type: UNORDERED_LIST_STRING
      Provider name: excludedIpRanges
      Description: Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    • excluded_uris
      Type: UNORDERED_LIST_STRING
      Provider name: excludedUris
      Description: Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
    • permitted_dns_names
      Type: UNORDERED_LIST_STRING
      Provider name: permittedDnsNames
      Description: Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not.
    • permitted_email_addresses
      Type: UNORDERED_LIST_STRING
      Provider name: permittedEmailAddresses
      Description: Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain.
    • permitted_ip_ranges
      Type: UNORDERED_LIST_STRING
      Provider name: permittedIpRanges
      Description: Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses.
    • permitted_uris
      Type: UNORDERED_LIST_STRING
      Provider name: permittedUris
      Description: Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)
  • policy_ids
    Type: UNORDERED_LIST_STRUCT
    Provider name: policyIds
    Description: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
    • object_id_path
      Type: UNORDERED_LIST_INT32
      Provider name: objectIdPath
      Description: Required. The parts of an OID path. The most significant parts of the path come first.

project_id

Type: STRING

project_number

Type: STRING

region_id

Type: STRING

resource_name

Type: STRING

tags

Type: UNORDERED_LIST_STRING

update_time

Type: TIMESTAMP
Provider name: updateTime
Description: Output only. The time at which this CertificateTemplate was updated.

zone_id

Type: STRING