This product is not supported for your selected Datadog site. ().

gcp_certificatemanager_certificate

ancestors

Type: UNORDERED_LIST_STRING

create_time

Type: TIMESTAMP
Provider name: createTime
Description: Output only. The creation timestamp of a Certificate.

description

Type: STRING
Provider name: description
Description: Optional. One or more paragraphs of text description of a certificate.

expire_time

Type: TIMESTAMP
Provider name: expireTime
Description: Output only. The expiry timestamp of a Certificate.

labels

Type: UNORDERED_LIST_STRING

managed

Type: STRUCT
Provider name: managed
Description: If set, contains configuration and state of a managed certificate.

  • authorization_attempt_info
    Type: UNORDERED_LIST_STRUCT
    Provider name: authorizationAttemptInfo
    Description: Output only. Detailed state of the latest authorization attempt for each domain specified for managed certificate resource.
    • details
      Type: STRING
      Provider name: details
      Description: Output only. Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use FailureReason enum.
    • domain
      Type: STRING
      Provider name: domain
      Description: Output only. Domain name of the authorization attempt.
    • failure_reason
      Type: STRING
      Provider name: failureReason
      Description: Output only. Reason for failure of the authorization attempt for the domain.
      Possible values:
      • FAILURE_REASON_UNSPECIFIED - FailureReason is unspecified.
      • CONFIG - There was a problem with the user’s DNS or load balancer configuration for this domain.
      • CAA - Certificate issuance forbidden by an explicit CAA record for the domain or a failure to check CAA records for the domain.
      • RATE_LIMITED - Reached a CA or internal rate-limit for the domain, e.g. for certificates per top-level private domain.
    • state
      Type: STRING
      Provider name: state
      Description: Output only. State of the domain for managed certificate issuance.
      Possible values:
      • STATE_UNSPECIFIED - State is unspecified.
      • AUTHORIZING - Certificate provisioning for this domain is under way. Google Cloud will attempt to authorize the domain.
      • AUTHORIZED - A managed certificate can be provisioned, no issues for this domain.
      • FAILED - Attempt to authorize the domain failed. This prevents the Managed Certificate from being issued. See failure_reason and details fields for more information.
  • dns_authorizations
    Type: UNORDERED_LIST_STRING
    Provider name: dnsAuthorizations
    Description: Optional. Immutable. Authorizations that will be used for performing domain authorization.
  • domains
    Type: UNORDERED_LIST_STRING
    Provider name: domains
    Description: Optional. Immutable. The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution.
  • issuance_config
    Type: STRING
    Provider name: issuanceConfig
    Description: Optional. Immutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.
  • provisioning_issue
    Type: STRUCT
    Provider name: provisioningIssue
    Description: Output only. Information about issues with provisioning a Managed Certificate.
    • details
      Type: STRING
      Provider name: details
      Description: Output only. Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use Reason enum.
    • reason
      Type: STRING
      Provider name: reason
      Description: Output only. Reason for provisioning failures.
      Possible values:
      • REASON_UNSPECIFIED - Reason is unspecified.
      • AUTHORIZATION_ISSUE - Certificate provisioning failed due to an issue with one or more of the domains on the certificate. For details of which domains failed, consult the authorization_attempt_info field.
      • RATE_LIMITED - Exceeded Certificate Authority quotas or internal rate limits of the system. Provisioning may take longer to complete.
  • state
    Type: STRING
    Provider name: state
    Description: Output only. State of the managed certificate resource.
    Possible values:
    • STATE_UNSPECIFIED - State is unspecified.
    • PROVISIONING - Certificate Manager attempts to provision or renew the certificate. If the process takes longer than expected, consult the provisioning_issue field.
    • FAILED - Multiple certificate provisioning attempts failed and Certificate Manager gave up. To try again, delete and create a new managed Certificate resource. For details see the provisioning_issue field.
    • ACTIVE - The certificate management is working, and a certificate has been provisioned.

name

Type: STRING
Provider name: name
Description: Identifier. A user-defined name of the certificate. Certificate names must be unique globally and match pattern projects/*/locations/*/certificates/*.

organization_id

Type: STRING

parent

Type: STRING

pem_certificate

Type: STRING
Provider name: pemCertificate
Description: Output only. The PEM-encoded certificate chain.

project_id

Type: STRING

project_number

Type: STRING

resource_name

Type: STRING

san_dnsnames

Type: UNORDERED_LIST_STRING
Provider name: sanDnsnames
Description: Output only. The list of Subject Alternative Names of dnsName type defined in the certificate (see RFC 5280 4.2.1.6). Managed certificates that haven’t been provisioned yet have this field populated with a value of the managed.domains field.

scope

Type: STRING
Provider name: scope
Description: Optional. Immutable. The scope of the certificate.
Possible values:

  • DEFAULT - Use the DEFAULT scope if you plan to use the certificate with global external Application Load Balancer, global external proxy Network Load Balancer, or any of the regional Google Cloud services.
  • EDGE_CACHE - Use the EDGE_CACHE scope if you plan to use the certificate with Media CDN. The certificates are served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations.
  • ALL_REGIONS - Use the ALL_REGIONS scope if you plan to use the certificate with cross-region internal Application Load Balancer. The certificates are served from all Google Cloud regions. See https://cloud.google.com/compute/docs/regions-zones.
  • CLIENT_AUTH - Associated with certificates used as client certificates in Backend mTLS.

self_managed

Type: STRUCT
Provider name: selfManaged
Description: If set, defines data of a self-managed certificate.

  • pem_certificate
    Type: STRING
    Provider name: pemCertificate
    Description: Optional. Input only. The PEM-encoded certificate chain. Leaf certificate comes first, followed by intermediate ones if any.
  • pem_private_key
    Type: STRING
    Provider name: pemPrivateKey
    Description: Optional. Input only. The PEM-encoded private key of the leaf certificate.

tags

Type: UNORDERED_LIST_STRING

update_time

Type: TIMESTAMP
Provider name: updateTime
Description: Output only. The last update timestamp of a Certificate.

used_by

Type: UNORDERED_LIST_STRUCT
Provider name: usedBy
Description: Output only. The list of resources that use this Certificate.

  • name
    Type: STRING
    Provider name: name
    Description: Output only. Full name of the resource https://google.aip.dev/122#full-resource-names, e.g. //certificatemanager.googleapis.com/projects/*/locations/*/certificateMaps/*/certificateMapEntries/* or //compute.googleapis.com/projects/*/locations/*/targetHttpsProxies/*.