1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. certificateauthority
  5. CertificateTemplate
Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

gcp.certificateauthority.CertificateTemplate

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

    Certificate Authority Service provides reusable and parameterized templates that you can use for common certificate issuance scenarios. A certificate template represents a relatively static and well-defined certificate issuance schema within an organization. A certificate template can essentially become a full-fledged vertical certificate issuance framework.

    To get more information about CertificateTemplate, see:

    Example Usage

    Privateca Template Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.certificateauthority.CertificateTemplate("default", {
        name: "my-template",
        location: "us-central1",
        description: "A sample certificate template",
        identityConstraints: {
            allowSubjectAltNamesPassthrough: true,
            allowSubjectPassthrough: true,
            celExpression: {
                description: "Always true",
                expression: "true",
                location: "any.file.anywhere",
                title: "Sample expression",
            },
        },
        maximumLifetime: "86400s",
        passthroughExtensions: {
            additionalExtensions: [{
                objectIdPaths: [
                    1,
                    6,
                ],
            }],
            knownExtensions: ["EXTENDED_KEY_USAGE"],
        },
        predefinedValues: {
            additionalExtensions: [{
                objectId: {
                    objectIdPaths: [
                        1,
                        6,
                    ],
                },
                value: "c3RyaW5nCg==",
                critical: true,
            }],
            aiaOcspServers: ["string"],
            caOptions: {
                isCa: false,
                maxIssuerPathLength: 6,
            },
            keyUsage: {
                baseKeyUsage: {
                    certSign: false,
                    contentCommitment: true,
                    crlSign: false,
                    dataEncipherment: true,
                    decipherOnly: true,
                    digitalSignature: true,
                    encipherOnly: true,
                    keyAgreement: true,
                    keyEncipherment: true,
                },
                extendedKeyUsage: {
                    clientAuth: true,
                    codeSigning: true,
                    emailProtection: true,
                    ocspSigning: true,
                    serverAuth: true,
                    timeStamping: true,
                },
                unknownExtendedKeyUsages: [{
                    objectIdPaths: [
                        1,
                        6,
                    ],
                }],
            },
            policyIds: [{
                objectIdPaths: [
                    1,
                    6,
                ],
            }],
        },
        labels: {
            "label-one": "value-one",
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.certificateauthority.CertificateTemplate("default",
        name="my-template",
        location="us-central1",
        description="A sample certificate template",
        identity_constraints=gcp.certificateauthority.CertificateTemplateIdentityConstraintsArgs(
            allow_subject_alt_names_passthrough=True,
            allow_subject_passthrough=True,
            cel_expression=gcp.certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs(
                description="Always true",
                expression="true",
                location="any.file.anywhere",
                title="Sample expression",
            ),
        ),
        maximum_lifetime="86400s",
        passthrough_extensions=gcp.certificateauthority.CertificateTemplatePassthroughExtensionsArgs(
            additional_extensions=[gcp.certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs(
                object_id_paths=[
                    1,
                    6,
                ],
            )],
            known_extensions=["EXTENDED_KEY_USAGE"],
        ),
        predefined_values=gcp.certificateauthority.CertificateTemplatePredefinedValuesArgs(
            additional_extensions=[gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs(
                object_id=gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs(
                    object_id_paths=[
                        1,
                        6,
                    ],
                ),
                value="c3RyaW5nCg==",
                critical=True,
            )],
            aia_ocsp_servers=["string"],
            ca_options=gcp.certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs(
                is_ca=False,
                max_issuer_path_length=6,
            ),
            key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs(
                base_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs(
                    cert_sign=False,
                    content_commitment=True,
                    crl_sign=False,
                    data_encipherment=True,
                    decipher_only=True,
                    digital_signature=True,
                    encipher_only=True,
                    key_agreement=True,
                    key_encipherment=True,
                ),
                extended_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs(
                    client_auth=True,
                    code_signing=True,
                    email_protection=True,
                    ocsp_signing=True,
                    server_auth=True,
                    time_stamping=True,
                ),
                unknown_extended_key_usages=[gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs(
                    object_id_paths=[
                        1,
                        6,
                    ],
                )],
            ),
            policy_ids=[gcp.certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs(
                object_id_paths=[
                    1,
                    6,
                ],
            )],
        ),
        labels={
            "label-one": "value-one",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := certificateauthority.NewCertificateTemplate(ctx, "default", &certificateauthority.CertificateTemplateArgs{
    			Name:        pulumi.String("my-template"),
    			Location:    pulumi.String("us-central1"),
    			Description: pulumi.String("A sample certificate template"),
    			IdentityConstraints: &certificateauthority.CertificateTemplateIdentityConstraintsArgs{
    				AllowSubjectAltNamesPassthrough: pulumi.Bool(true),
    				AllowSubjectPassthrough:         pulumi.Bool(true),
    				CelExpression: &certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs{
    					Description: pulumi.String("Always true"),
    					Expression:  pulumi.String("true"),
    					Location:    pulumi.String("any.file.anywhere"),
    					Title:       pulumi.String("Sample expression"),
    				},
    			},
    			MaximumLifetime: pulumi.String("86400s"),
    			PassthroughExtensions: &certificateauthority.CertificateTemplatePassthroughExtensionsArgs{
    				AdditionalExtensions: certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArray{
    					&certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs{
    						ObjectIdPaths: pulumi.IntArray{
    							pulumi.Int(1),
    							pulumi.Int(6),
    						},
    					},
    				},
    				KnownExtensions: pulumi.StringArray{
    					pulumi.String("EXTENDED_KEY_USAGE"),
    				},
    			},
    			PredefinedValues: &certificateauthority.CertificateTemplatePredefinedValuesArgs{
    				AdditionalExtensions: certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArray{
    					&certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs{
    						ObjectId: &certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs{
    							ObjectIdPaths: pulumi.IntArray{
    								pulumi.Int(1),
    								pulumi.Int(6),
    							},
    						},
    						Value:    pulumi.String("c3RyaW5nCg=="),
    						Critical: pulumi.Bool(true),
    					},
    				},
    				AiaOcspServers: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				CaOptions: &certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs{
    					IsCa:                pulumi.Bool(false),
    					MaxIssuerPathLength: pulumi.Int(6),
    				},
    				KeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs{
    					BaseKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs{
    						CertSign:          pulumi.Bool(false),
    						ContentCommitment: pulumi.Bool(true),
    						CrlSign:           pulumi.Bool(false),
    						DataEncipherment:  pulumi.Bool(true),
    						DecipherOnly:      pulumi.Bool(true),
    						DigitalSignature:  pulumi.Bool(true),
    						EncipherOnly:      pulumi.Bool(true),
    						KeyAgreement:      pulumi.Bool(true),
    						KeyEncipherment:   pulumi.Bool(true),
    					},
    					ExtendedKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs{
    						ClientAuth:      pulumi.Bool(true),
    						CodeSigning:     pulumi.Bool(true),
    						EmailProtection: pulumi.Bool(true),
    						OcspSigning:     pulumi.Bool(true),
    						ServerAuth:      pulumi.Bool(true),
    						TimeStamping:    pulumi.Bool(true),
    					},
    					UnknownExtendedKeyUsages: certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArray{
    						&certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs{
    							ObjectIdPaths: pulumi.IntArray{
    								pulumi.Int(1),
    								pulumi.Int(6),
    							},
    						},
    					},
    				},
    				PolicyIds: certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArray{
    					&certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs{
    						ObjectIdPaths: pulumi.IntArray{
    							pulumi.Int(1),
    							pulumi.Int(6),
    						},
    					},
    				},
    			},
    			Labels: pulumi.StringMap{
    				"label-one": pulumi.String("value-one"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.CertificateAuthority.CertificateTemplate("default", new()
        {
            Name = "my-template",
            Location = "us-central1",
            Description = "A sample certificate template",
            IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsArgs
            {
                AllowSubjectAltNamesPassthrough = true,
                AllowSubjectPassthrough = true,
                CelExpression = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs
                {
                    Description = "Always true",
                    Expression = "true",
                    Location = "any.file.anywhere",
                    Title = "Sample expression",
                },
            },
            MaximumLifetime = "86400s",
            PassthroughExtensions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsArgs
            {
                AdditionalExtensions = new[]
                {
                    new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs
                    {
                        ObjectIdPaths = new[]
                        {
                            1,
                            6,
                        },
                    },
                },
                KnownExtensions = new[]
                {
                    "EXTENDED_KEY_USAGE",
                },
            },
            PredefinedValues = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesArgs
            {
                AdditionalExtensions = new[]
                {
                    new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionArgs
                    {
                        ObjectId = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs
                        {
                            ObjectIdPaths = new[]
                            {
                                1,
                                6,
                            },
                        },
                        Value = "c3RyaW5nCg==",
                        Critical = true,
                    },
                },
                AiaOcspServers = new[]
                {
                    "string",
                },
                CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesCaOptionsArgs
                {
                    IsCa = false,
                    MaxIssuerPathLength = 6,
                },
                KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageArgs
                {
                    BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs
                    {
                        CertSign = false,
                        ContentCommitment = true,
                        CrlSign = false,
                        DataEncipherment = true,
                        DecipherOnly = true,
                        DigitalSignature = true,
                        EncipherOnly = true,
                        KeyAgreement = true,
                        KeyEncipherment = true,
                    },
                    ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs
                    {
                        ClientAuth = true,
                        CodeSigning = true,
                        EmailProtection = true,
                        OcspSigning = true,
                        ServerAuth = true,
                        TimeStamping = true,
                    },
                    UnknownExtendedKeyUsages = new[]
                    {
                        new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs
                        {
                            ObjectIdPaths = new[]
                            {
                                1,
                                6,
                            },
                        },
                    },
                },
                PolicyIds = new[]
                {
                    new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesPolicyIdArgs
                    {
                        ObjectIdPaths = new[]
                        {
                            1,
                            6,
                        },
                    },
                },
            },
            Labels = 
            {
                { "label-one", "value-one" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.certificateauthority.CertificateTemplate;
    import com.pulumi.gcp.certificateauthority.CertificateTemplateArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePassthroughExtensionsArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesCaOptionsArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs;
    import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new CertificateTemplate("default", CertificateTemplateArgs.builder()
                .name("my-template")
                .location("us-central1")
                .description("A sample certificate template")
                .identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
                    .allowSubjectAltNamesPassthrough(true)
                    .allowSubjectPassthrough(true)
                    .celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
                        .description("Always true")
                        .expression("true")
                        .location("any.file.anywhere")
                        .title("Sample expression")
                        .build())
                    .build())
                .maximumLifetime("86400s")
                .passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
                    .additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
                        .objectIdPaths(                    
                            1,
                            6)
                        .build())
                    .knownExtensions("EXTENDED_KEY_USAGE")
                    .build())
                .predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
                    .additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
                        .objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
                            .objectIdPaths(                        
                                1,
                                6)
                            .build())
                        .value("c3RyaW5nCg==")
                        .critical(true)
                        .build())
                    .aiaOcspServers("string")
                    .caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
                        .isCa(false)
                        .maxIssuerPathLength(6)
                        .build())
                    .keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
                        .baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
                            .certSign(false)
                            .contentCommitment(true)
                            .crlSign(false)
                            .dataEncipherment(true)
                            .decipherOnly(true)
                            .digitalSignature(true)
                            .encipherOnly(true)
                            .keyAgreement(true)
                            .keyEncipherment(true)
                            .build())
                        .extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
                            .clientAuth(true)
                            .codeSigning(true)
                            .emailProtection(true)
                            .ocspSigning(true)
                            .serverAuth(true)
                            .timeStamping(true)
                            .build())
                        .unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
                            .objectIdPaths(                        
                                1,
                                6)
                            .build())
                        .build())
                    .policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
                        .objectIdPaths(                    
                            1,
                            6)
                        .build())
                    .build())
                .labels(Map.of("label-one", "value-one"))
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:certificateauthority:CertificateTemplate
        properties:
          name: my-template
          location: us-central1
          description: A sample certificate template
          identityConstraints:
            allowSubjectAltNamesPassthrough: true
            allowSubjectPassthrough: true
            celExpression:
              description: Always true
              expression: 'true'
              location: any.file.anywhere
              title: Sample expression
          maximumLifetime: 86400s
          passthroughExtensions:
            additionalExtensions:
              - objectIdPaths:
                  - 1
                  - 6
            knownExtensions:
              - EXTENDED_KEY_USAGE
          predefinedValues:
            additionalExtensions:
              - objectId:
                  objectIdPaths:
                    - 1
                    - 6
                value: c3RyaW5nCg==
                critical: true
            aiaOcspServers:
              - string
            caOptions:
              isCa: false
              maxIssuerPathLength: 6
            keyUsage:
              baseKeyUsage:
                certSign: false
                contentCommitment: true
                crlSign: false
                dataEncipherment: true
                decipherOnly: true
                digitalSignature: true
                encipherOnly: true
                keyAgreement: true
                keyEncipherment: true
              extendedKeyUsage:
                clientAuth: true
                codeSigning: true
                emailProtection: true
                ocspSigning: true
                serverAuth: true
                timeStamping: true
              unknownExtendedKeyUsages:
                - objectIdPaths:
                    - 1
                    - 6
            policyIds:
              - objectIdPaths:
                  - 1
                  - 6
          labels:
            label-one: value-one
    

    Create CertificateTemplate Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new CertificateTemplate(name: string, args: CertificateTemplateArgs, opts?: CustomResourceOptions);
    @overload
    def CertificateTemplate(resource_name: str,
                            args: CertificateTemplateArgs,
                            opts: Optional[ResourceOptions] = None)
    
    @overload
    def CertificateTemplate(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            location: Optional[str] = None,
                            description: Optional[str] = None,
                            identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
                            labels: Optional[Mapping[str, str]] = None,
                            maximum_lifetime: Optional[str] = None,
                            name: Optional[str] = None,
                            passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
                            predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
                            project: Optional[str] = None)
    func NewCertificateTemplate(ctx *Context, name string, args CertificateTemplateArgs, opts ...ResourceOption) (*CertificateTemplate, error)
    public CertificateTemplate(string name, CertificateTemplateArgs args, CustomResourceOptions? opts = null)
    public CertificateTemplate(String name, CertificateTemplateArgs args)
    public CertificateTemplate(String name, CertificateTemplateArgs args, CustomResourceOptions options)
    
    type: gcp:certificateauthority:CertificateTemplate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateTemplateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var certificateTemplateResource = new Gcp.CertificateAuthority.CertificateTemplate("certificateTemplateResource", new()
    {
        Location = "string",
        Description = "string",
        IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsArgs
        {
            AllowSubjectAltNamesPassthrough = false,
            AllowSubjectPassthrough = false,
            CelExpression = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs
            {
                Description = "string",
                Expression = "string",
                Location = "string",
                Title = "string",
            },
        },
        Labels = 
        {
            { "string", "string" },
        },
        MaximumLifetime = "string",
        Name = "string",
        PassthroughExtensions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsArgs
        {
            AdditionalExtensions = new[]
            {
                new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs
                {
                    ObjectIdPaths = new[]
                    {
                        0,
                    },
                },
            },
            KnownExtensions = new[]
            {
                "string",
            },
        },
        PredefinedValues = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesArgs
        {
            AdditionalExtensions = new[]
            {
                new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionArgs
                {
                    ObjectId = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs
                    {
                        ObjectIdPaths = new[]
                        {
                            0,
                        },
                    },
                    Value = "string",
                    Critical = false,
                },
            },
            AiaOcspServers = new[]
            {
                "string",
            },
            CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesCaOptionsArgs
            {
                IsCa = false,
                MaxIssuerPathLength = 0,
            },
            KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageArgs
            {
                BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs
                {
                    CertSign = false,
                    ContentCommitment = false,
                    CrlSign = false,
                    DataEncipherment = false,
                    DecipherOnly = false,
                    DigitalSignature = false,
                    EncipherOnly = false,
                    KeyAgreement = false,
                    KeyEncipherment = false,
                },
                ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs
                {
                    ClientAuth = false,
                    CodeSigning = false,
                    EmailProtection = false,
                    OcspSigning = false,
                    ServerAuth = false,
                    TimeStamping = false,
                },
                UnknownExtendedKeyUsages = new[]
                {
                    new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs
                    {
                        ObjectIdPaths = new[]
                        {
                            0,
                        },
                    },
                },
            },
            PolicyIds = new[]
            {
                new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesPolicyIdArgs
                {
                    ObjectIdPaths = new[]
                    {
                        0,
                    },
                },
            },
        },
        Project = "string",
    });
    
    example, err := certificateauthority.NewCertificateTemplate(ctx, "certificateTemplateResource", &certificateauthority.CertificateTemplateArgs{
    	Location:    pulumi.String("string"),
    	Description: pulumi.String("string"),
    	IdentityConstraints: &certificateauthority.CertificateTemplateIdentityConstraintsArgs{
    		AllowSubjectAltNamesPassthrough: pulumi.Bool(false),
    		AllowSubjectPassthrough:         pulumi.Bool(false),
    		CelExpression: &certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs{
    			Description: pulumi.String("string"),
    			Expression:  pulumi.String("string"),
    			Location:    pulumi.String("string"),
    			Title:       pulumi.String("string"),
    		},
    	},
    	Labels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	MaximumLifetime: pulumi.String("string"),
    	Name:            pulumi.String("string"),
    	PassthroughExtensions: &certificateauthority.CertificateTemplatePassthroughExtensionsArgs{
    		AdditionalExtensions: certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArray{
    			&certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs{
    				ObjectIdPaths: pulumi.IntArray{
    					pulumi.Int(0),
    				},
    			},
    		},
    		KnownExtensions: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	PredefinedValues: &certificateauthority.CertificateTemplatePredefinedValuesArgs{
    		AdditionalExtensions: certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArray{
    			&certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs{
    				ObjectId: &certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs{
    					ObjectIdPaths: pulumi.IntArray{
    						pulumi.Int(0),
    					},
    				},
    				Value:    pulumi.String("string"),
    				Critical: pulumi.Bool(false),
    			},
    		},
    		AiaOcspServers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		CaOptions: &certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs{
    			IsCa:                pulumi.Bool(false),
    			MaxIssuerPathLength: pulumi.Int(0),
    		},
    		KeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs{
    			BaseKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs{
    				CertSign:          pulumi.Bool(false),
    				ContentCommitment: pulumi.Bool(false),
    				CrlSign:           pulumi.Bool(false),
    				DataEncipherment:  pulumi.Bool(false),
    				DecipherOnly:      pulumi.Bool(false),
    				DigitalSignature:  pulumi.Bool(false),
    				EncipherOnly:      pulumi.Bool(false),
    				KeyAgreement:      pulumi.Bool(false),
    				KeyEncipherment:   pulumi.Bool(false),
    			},
    			ExtendedKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs{
    				ClientAuth:      pulumi.Bool(false),
    				CodeSigning:     pulumi.Bool(false),
    				EmailProtection: pulumi.Bool(false),
    				OcspSigning:     pulumi.Bool(false),
    				ServerAuth:      pulumi.Bool(false),
    				TimeStamping:    pulumi.Bool(false),
    			},
    			UnknownExtendedKeyUsages: certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArray{
    				&certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs{
    					ObjectIdPaths: pulumi.IntArray{
    						pulumi.Int(0),
    					},
    				},
    			},
    		},
    		PolicyIds: certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArray{
    			&certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs{
    				ObjectIdPaths: pulumi.IntArray{
    					pulumi.Int(0),
    				},
    			},
    		},
    	},
    	Project: pulumi.String("string"),
    })
    
    var certificateTemplateResource = new CertificateTemplate("certificateTemplateResource", CertificateTemplateArgs.builder()
        .location("string")
        .description("string")
        .identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
            .allowSubjectAltNamesPassthrough(false)
            .allowSubjectPassthrough(false)
            .celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
                .description("string")
                .expression("string")
                .location("string")
                .title("string")
                .build())
            .build())
        .labels(Map.of("string", "string"))
        .maximumLifetime("string")
        .name("string")
        .passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
            .additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
                .objectIdPaths(0)
                .build())
            .knownExtensions("string")
            .build())
        .predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
            .additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
                .objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
                    .objectIdPaths(0)
                    .build())
                .value("string")
                .critical(false)
                .build())
            .aiaOcspServers("string")
            .caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
                .isCa(false)
                .maxIssuerPathLength(0)
                .build())
            .keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
                .baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
                    .certSign(false)
                    .contentCommitment(false)
                    .crlSign(false)
                    .dataEncipherment(false)
                    .decipherOnly(false)
                    .digitalSignature(false)
                    .encipherOnly(false)
                    .keyAgreement(false)
                    .keyEncipherment(false)
                    .build())
                .extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
                    .clientAuth(false)
                    .codeSigning(false)
                    .emailProtection(false)
                    .ocspSigning(false)
                    .serverAuth(false)
                    .timeStamping(false)
                    .build())
                .unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
                    .objectIdPaths(0)
                    .build())
                .build())
            .policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
                .objectIdPaths(0)
                .build())
            .build())
        .project("string")
        .build());
    
    certificate_template_resource = gcp.certificateauthority.CertificateTemplate("certificateTemplateResource",
        location="string",
        description="string",
        identity_constraints=gcp.certificateauthority.CertificateTemplateIdentityConstraintsArgs(
            allow_subject_alt_names_passthrough=False,
            allow_subject_passthrough=False,
            cel_expression=gcp.certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs(
                description="string",
                expression="string",
                location="string",
                title="string",
            ),
        ),
        labels={
            "string": "string",
        },
        maximum_lifetime="string",
        name="string",
        passthrough_extensions=gcp.certificateauthority.CertificateTemplatePassthroughExtensionsArgs(
            additional_extensions=[gcp.certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs(
                object_id_paths=[0],
            )],
            known_extensions=["string"],
        ),
        predefined_values=gcp.certificateauthority.CertificateTemplatePredefinedValuesArgs(
            additional_extensions=[gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs(
                object_id=gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs(
                    object_id_paths=[0],
                ),
                value="string",
                critical=False,
            )],
            aia_ocsp_servers=["string"],
            ca_options=gcp.certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs(
                is_ca=False,
                max_issuer_path_length=0,
            ),
            key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs(
                base_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs(
                    cert_sign=False,
                    content_commitment=False,
                    crl_sign=False,
                    data_encipherment=False,
                    decipher_only=False,
                    digital_signature=False,
                    encipher_only=False,
                    key_agreement=False,
                    key_encipherment=False,
                ),
                extended_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs(
                    client_auth=False,
                    code_signing=False,
                    email_protection=False,
                    ocsp_signing=False,
                    server_auth=False,
                    time_stamping=False,
                ),
                unknown_extended_key_usages=[gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs(
                    object_id_paths=[0],
                )],
            ),
            policy_ids=[gcp.certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs(
                object_id_paths=[0],
            )],
        ),
        project="string")
    
    const certificateTemplateResource = new gcp.certificateauthority.CertificateTemplate("certificateTemplateResource", {
        location: "string",
        description: "string",
        identityConstraints: {
            allowSubjectAltNamesPassthrough: false,
            allowSubjectPassthrough: false,
            celExpression: {
                description: "string",
                expression: "string",
                location: "string",
                title: "string",
            },
        },
        labels: {
            string: "string",
        },
        maximumLifetime: "string",
        name: "string",
        passthroughExtensions: {
            additionalExtensions: [{
                objectIdPaths: [0],
            }],
            knownExtensions: ["string"],
        },
        predefinedValues: {
            additionalExtensions: [{
                objectId: {
                    objectIdPaths: [0],
                },
                value: "string",
                critical: false,
            }],
            aiaOcspServers: ["string"],
            caOptions: {
                isCa: false,
                maxIssuerPathLength: 0,
            },
            keyUsage: {
                baseKeyUsage: {
                    certSign: false,
                    contentCommitment: false,
                    crlSign: false,
                    dataEncipherment: false,
                    decipherOnly: false,
                    digitalSignature: false,
                    encipherOnly: false,
                    keyAgreement: false,
                    keyEncipherment: false,
                },
                extendedKeyUsage: {
                    clientAuth: false,
                    codeSigning: false,
                    emailProtection: false,
                    ocspSigning: false,
                    serverAuth: false,
                    timeStamping: false,
                },
                unknownExtendedKeyUsages: [{
                    objectIdPaths: [0],
                }],
            },
            policyIds: [{
                objectIdPaths: [0],
            }],
        },
        project: "string",
    });
    
    type: gcp:certificateauthority:CertificateTemplate
    properties:
        description: string
        identityConstraints:
            allowSubjectAltNamesPassthrough: false
            allowSubjectPassthrough: false
            celExpression:
                description: string
                expression: string
                location: string
                title: string
        labels:
            string: string
        location: string
        maximumLifetime: string
        name: string
        passthroughExtensions:
            additionalExtensions:
                - objectIdPaths:
                    - 0
            knownExtensions:
                - string
        predefinedValues:
            additionalExtensions:
                - critical: false
                  objectId:
                    objectIdPaths:
                        - 0
                  value: string
            aiaOcspServers:
                - string
            caOptions:
                isCa: false
                maxIssuerPathLength: 0
            keyUsage:
                baseKeyUsage:
                    certSign: false
                    contentCommitment: false
                    crlSign: false
                    dataEncipherment: false
                    decipherOnly: false
                    digitalSignature: false
                    encipherOnly: false
                    keyAgreement: false
                    keyEncipherment: false
                extendedKeyUsage:
                    clientAuth: false
                    codeSigning: false
                    emailProtection: false
                    ocspSigning: false
                    serverAuth: false
                    timeStamping: false
                unknownExtendedKeyUsages:
                    - objectIdPaths:
                        - 0
            policyIds:
                - objectIdPaths:
                    - 0
        project: string
    

    CertificateTemplate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The CertificateTemplate resource accepts the following input properties:

    Location string
    The location for the resource


    Description string
    Optional. A human-readable description of scenarios this template is intended for.
    IdentityConstraints CertificateTemplateIdentityConstraints
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    Labels Dictionary<string, string>
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    MaximumLifetime string
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    Name string
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    PassthroughExtensions CertificateTemplatePassthroughExtensions
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    PredefinedValues CertificateTemplatePredefinedValues
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Location string
    The location for the resource


    Description string
    Optional. A human-readable description of scenarios this template is intended for.
    IdentityConstraints CertificateTemplateIdentityConstraintsArgs
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    Labels map[string]string
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    MaximumLifetime string
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    Name string
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    PredefinedValues CertificateTemplatePredefinedValuesArgs
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    location String
    The location for the resource


    description String
    Optional. A human-readable description of scenarios this template is intended for.
    identityConstraints CertificateTemplateIdentityConstraints
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    labels Map<String,String>
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    maximumLifetime String
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    name String
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    passthroughExtensions CertificateTemplatePassthroughExtensions
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    predefinedValues CertificateTemplatePredefinedValues
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    location string
    The location for the resource


    description string
    Optional. A human-readable description of scenarios this template is intended for.
    identityConstraints CertificateTemplateIdentityConstraints
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    labels {[key: string]: string}
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    maximumLifetime string
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    name string
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    passthroughExtensions CertificateTemplatePassthroughExtensions
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    predefinedValues CertificateTemplatePredefinedValues
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    location str
    The location for the resource


    description str
    Optional. A human-readable description of scenarios this template is intended for.
    identity_constraints CertificateTemplateIdentityConstraintsArgs
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    labels Mapping[str, str]
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    maximum_lifetime str
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    name str
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    passthrough_extensions CertificateTemplatePassthroughExtensionsArgs
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    predefined_values CertificateTemplatePredefinedValuesArgs
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    location String
    The location for the resource


    description String
    Optional. A human-readable description of scenarios this template is intended for.
    identityConstraints Property Map
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    labels Map<String>
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    maximumLifetime String
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    name String
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    passthroughExtensions Property Map
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    predefinedValues Property Map
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CertificateTemplate resource produces the following output properties:

    CreateTime string
    Output only. The time at which this CertificateTemplate was created.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    UpdateTime string
    Output only. The time at which this CertificateTemplate was updated.
    CreateTime string
    Output only. The time at which this CertificateTemplate was created.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    UpdateTime string
    Output only. The time at which this CertificateTemplate was updated.
    createTime String
    Output only. The time at which this CertificateTemplate was created.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime String
    Output only. The time at which this CertificateTemplate was updated.
    createTime string
    Output only. The time at which this CertificateTemplate was created.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id string
    The provider-assigned unique ID for this managed resource.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime string
    Output only. The time at which this CertificateTemplate was updated.
    create_time str
    Output only. The time at which this CertificateTemplate was created.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id str
    The provider-assigned unique ID for this managed resource.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    update_time str
    Output only. The time at which this CertificateTemplate was updated.
    createTime String
    Output only. The time at which this CertificateTemplate was created.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime String
    Output only. The time at which this CertificateTemplate was updated.

    Look up Existing CertificateTemplate Resource

    Get an existing CertificateTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CertificateTemplateState, opts?: CustomResourceOptions): CertificateTemplate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            create_time: Optional[str] = None,
            description: Optional[str] = None,
            effective_labels: Optional[Mapping[str, str]] = None,
            identity_constraints: Optional[CertificateTemplateIdentityConstraintsArgs] = None,
            labels: Optional[Mapping[str, str]] = None,
            location: Optional[str] = None,
            maximum_lifetime: Optional[str] = None,
            name: Optional[str] = None,
            passthrough_extensions: Optional[CertificateTemplatePassthroughExtensionsArgs] = None,
            predefined_values: Optional[CertificateTemplatePredefinedValuesArgs] = None,
            project: Optional[str] = None,
            pulumi_labels: Optional[Mapping[str, str]] = None,
            update_time: Optional[str] = None) -> CertificateTemplate
    func GetCertificateTemplate(ctx *Context, name string, id IDInput, state *CertificateTemplateState, opts ...ResourceOption) (*CertificateTemplate, error)
    public static CertificateTemplate Get(string name, Input<string> id, CertificateTemplateState? state, CustomResourceOptions? opts = null)
    public static CertificateTemplate get(String name, Output<String> id, CertificateTemplateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CreateTime string
    Output only. The time at which this CertificateTemplate was created.
    Description string
    Optional. A human-readable description of scenarios this template is intended for.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    IdentityConstraints CertificateTemplateIdentityConstraints
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    Labels Dictionary<string, string>
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The location for the resource


    MaximumLifetime string
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    Name string
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    PassthroughExtensions CertificateTemplatePassthroughExtensions
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    PredefinedValues CertificateTemplatePredefinedValues
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    UpdateTime string
    Output only. The time at which this CertificateTemplate was updated.
    CreateTime string
    Output only. The time at which this CertificateTemplate was created.
    Description string
    Optional. A human-readable description of scenarios this template is intended for.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    IdentityConstraints CertificateTemplateIdentityConstraintsArgs
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    Labels map[string]string
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    Location string
    The location for the resource


    MaximumLifetime string
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    Name string
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    PassthroughExtensions CertificateTemplatePassthroughExtensionsArgs
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    PredefinedValues CertificateTemplatePredefinedValuesArgs
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    UpdateTime string
    Output only. The time at which this CertificateTemplate was updated.
    createTime String
    Output only. The time at which this CertificateTemplate was created.
    description String
    Optional. A human-readable description of scenarios this template is intended for.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    identityConstraints CertificateTemplateIdentityConstraints
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    labels Map<String,String>
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The location for the resource


    maximumLifetime String
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    name String
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    passthroughExtensions CertificateTemplatePassthroughExtensions
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    predefinedValues CertificateTemplatePredefinedValues
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime String
    Output only. The time at which this CertificateTemplate was updated.
    createTime string
    Output only. The time at which this CertificateTemplate was created.
    description string
    Optional. A human-readable description of scenarios this template is intended for.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    identityConstraints CertificateTemplateIdentityConstraints
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    labels {[key: string]: string}
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location string
    The location for the resource


    maximumLifetime string
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    name string
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    passthroughExtensions CertificateTemplatePassthroughExtensions
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    predefinedValues CertificateTemplatePredefinedValues
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime string
    Output only. The time at which this CertificateTemplate was updated.
    create_time str
    Output only. The time at which this CertificateTemplate was created.
    description str
    Optional. A human-readable description of scenarios this template is intended for.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    identity_constraints CertificateTemplateIdentityConstraintsArgs
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    labels Mapping[str, str]
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location str
    The location for the resource


    maximum_lifetime str
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    name str
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    passthrough_extensions CertificateTemplatePassthroughExtensionsArgs
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    predefined_values CertificateTemplatePredefinedValuesArgs
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    update_time str
    Output only. The time at which this CertificateTemplate was updated.
    createTime String
    Output only. The time at which this CertificateTemplate was created.
    description String
    Optional. A human-readable description of scenarios this template is intended for.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    identityConstraints Property Map
    Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. Structure is documented below.
    labels Map<String>
    Optional. Labels with user-defined metadata. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
    location String
    The location for the resource


    maximumLifetime String
    Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
    name String
    The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.
    passthroughExtensions Property Map
    Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. Structure is documented below.
    predefinedValues Property Map
    Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. Structure is documented below.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime String
    Output only. The time at which this CertificateTemplate was updated.

    Supporting Types

    CertificateTemplateIdentityConstraints, CertificateTemplateIdentityConstraintsArgs

    AllowSubjectAltNamesPassthrough bool
    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    AllowSubjectPassthrough bool
    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    CelExpression CertificateTemplateIdentityConstraintsCelExpression
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
    AllowSubjectAltNamesPassthrough bool
    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    AllowSubjectPassthrough bool
    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    CelExpression CertificateTemplateIdentityConstraintsCelExpression
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
    allowSubjectAltNamesPassthrough Boolean
    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allowSubjectPassthrough Boolean
    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    celExpression CertificateTemplateIdentityConstraintsCelExpression
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
    allowSubjectAltNamesPassthrough boolean
    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allowSubjectPassthrough boolean
    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    celExpression CertificateTemplateIdentityConstraintsCelExpression
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
    allow_subject_alt_names_passthrough bool
    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allow_subject_passthrough bool
    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    cel_expression CertificateTemplateIdentityConstraintsCelExpression
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.
    allowSubjectAltNamesPassthrough Boolean
    Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.
    allowSubjectPassthrough Boolean
    Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.
    celExpression Property Map
    Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel Structure is documented below.

    CertificateTemplateIdentityConstraintsCelExpression, CertificateTemplateIdentityConstraintsCelExpressionArgs

    Description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    Title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    Description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    Title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description String
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    location String
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title String
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression string
    Textual representation of an expression in Common Expression Language syntax.
    location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description str
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression str
    Textual representation of an expression in Common Expression Language syntax.
    location str
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title str
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description String
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    location String
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title String
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    CertificateTemplatePassthroughExtensions, CertificateTemplatePassthroughExtensionsArgs

    AdditionalExtensions List<CertificateTemplatePassthroughExtensionsAdditionalExtension>
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
    KnownExtensions List<string>
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    AdditionalExtensions []CertificateTemplatePassthroughExtensionsAdditionalExtension
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
    KnownExtensions []string
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additionalExtensions List<CertificateTemplatePassthroughExtensionsAdditionalExtension>
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
    knownExtensions List<String>
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additionalExtensions CertificateTemplatePassthroughExtensionsAdditionalExtension[]
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
    knownExtensions string[]
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additional_extensions Sequence[CertificateTemplatePassthroughExtensionsAdditionalExtension]
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
    known_extensions Sequence[str]
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
    additionalExtensions List<Property Map>
    Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. Structure is documented below.
    knownExtensions List<String>
    Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.

    CertificateTemplatePassthroughExtensionsAdditionalExtension, CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs

    ObjectIdPaths List<int>
    Required. The parts of an OID path. The most significant parts of the path come first.
    ObjectIdPaths []int
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths List<Integer>
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths number[]
    Required. The parts of an OID path. The most significant parts of the path come first.
    object_id_paths Sequence[int]
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths List<Number>
    Required. The parts of an OID path. The most significant parts of the path come first.

    CertificateTemplatePredefinedValues, CertificateTemplatePredefinedValuesArgs

    AdditionalExtensions List<CertificateTemplatePredefinedValuesAdditionalExtension>
    Optional. Describes custom X.509 extensions. Structure is documented below.
    AiaOcspServers List<string>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions CertificateTemplatePredefinedValuesCaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
    KeyUsage CertificateTemplatePredefinedValuesKeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
    PolicyIds List<CertificateTemplatePredefinedValuesPolicyId>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
    AdditionalExtensions []CertificateTemplatePredefinedValuesAdditionalExtension
    Optional. Describes custom X.509 extensions. Structure is documented below.
    AiaOcspServers []string
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    CaOptions CertificateTemplatePredefinedValuesCaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
    KeyUsage CertificateTemplatePredefinedValuesKeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
    PolicyIds []CertificateTemplatePredefinedValuesPolicyId
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
    additionalExtensions List<CertificateTemplatePredefinedValuesAdditionalExtension>
    Optional. Describes custom X.509 extensions. Structure is documented below.
    aiaOcspServers List<String>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions CertificateTemplatePredefinedValuesCaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
    keyUsage CertificateTemplatePredefinedValuesKeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
    policyIds List<CertificateTemplatePredefinedValuesPolicyId>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
    additionalExtensions CertificateTemplatePredefinedValuesAdditionalExtension[]
    Optional. Describes custom X.509 extensions. Structure is documented below.
    aiaOcspServers string[]
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions CertificateTemplatePredefinedValuesCaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
    keyUsage CertificateTemplatePredefinedValuesKeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
    policyIds CertificateTemplatePredefinedValuesPolicyId[]
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
    additional_extensions Sequence[CertificateTemplatePredefinedValuesAdditionalExtension]
    Optional. Describes custom X.509 extensions. Structure is documented below.
    aia_ocsp_servers Sequence[str]
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    ca_options CertificateTemplatePredefinedValuesCaOptions
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
    key_usage CertificateTemplatePredefinedValuesKeyUsage
    Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
    policy_ids Sequence[CertificateTemplatePredefinedValuesPolicyId]
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
    additionalExtensions List<Property Map>
    Optional. Describes custom X.509 extensions. Structure is documented below.
    aiaOcspServers List<String>
    Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
    caOptions Property Map
    Optional. Describes options in this X509Parameters that are relevant in a CA certificate. Structure is documented below.
    keyUsage Property Map
    Optional. Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
    policyIds List<Property Map>
    Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.

    CertificateTemplatePredefinedValuesAdditionalExtension, CertificateTemplatePredefinedValuesAdditionalExtensionArgs

    ObjectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId
    Required. The OID for this X.509 extension. Structure is documented below.
    Value string
    Required. The value of this X.509 extension.
    Critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    ObjectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId
    Required. The OID for this X.509 extension. Structure is documented below.
    Value string
    Required. The value of this X.509 extension.
    Critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId
    Required. The OID for this X.509 extension. Structure is documented below.
    value String
    Required. The value of this X.509 extension.
    critical Boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId CertificateTemplatePredefinedValuesAdditionalExtensionObjectId
    Required. The OID for this X.509 extension. Structure is documented below.
    value string
    Required. The value of this X.509 extension.
    critical boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    object_id CertificateTemplatePredefinedValuesAdditionalExtensionObjectId
    Required. The OID for this X.509 extension. Structure is documented below.
    value str
    Required. The value of this X.509 extension.
    critical bool
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
    objectId Property Map
    Required. The OID for this X.509 extension. Structure is documented below.
    value String
    Required. The value of this X.509 extension.
    critical Boolean
    Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).

    CertificateTemplatePredefinedValuesAdditionalExtensionObjectId, CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs

    ObjectIdPaths List<int>
    Required. The parts of an OID path. The most significant parts of the path come first.
    ObjectIdPaths []int
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths List<Integer>
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths number[]
    Required. The parts of an OID path. The most significant parts of the path come first.
    object_id_paths Sequence[int]
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths List<Number>
    Required. The parts of an OID path. The most significant parts of the path come first.

    CertificateTemplatePredefinedValuesCaOptions, CertificateTemplatePredefinedValuesCaOptionsArgs

    IsCa bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    MaxIssuerPathLength int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    IsCa bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    MaxIssuerPathLength int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa Boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength Integer
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength number
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    is_ca bool
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    max_issuer_path_length int
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
    isCa Boolean
    Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
    maxIssuerPathLength Number
    Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

    CertificateTemplatePredefinedValuesKeyUsage, CertificateTemplatePredefinedValuesKeyUsageArgs

    BaseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage
    Describes high-level ways in which a key may be used. Structure is documented below.
    ExtendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage
    Detailed scenarios in which a key may be used. Structure is documented below.
    UnknownExtendedKeyUsages List<CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
    BaseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage
    Describes high-level ways in which a key may be used. Structure is documented below.
    ExtendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage
    Detailed scenarios in which a key may be used. Structure is documented below.
    UnknownExtendedKeyUsages []CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
    baseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage
    Describes high-level ways in which a key may be used. Structure is documented below.
    extendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage
    Detailed scenarios in which a key may be used. Structure is documented below.
    unknownExtendedKeyUsages List<CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
    baseKeyUsage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage
    Describes high-level ways in which a key may be used. Structure is documented below.
    extendedKeyUsage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage
    Detailed scenarios in which a key may be used. Structure is documented below.
    unknownExtendedKeyUsages CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage[]
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
    base_key_usage CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage
    Describes high-level ways in which a key may be used. Structure is documented below.
    extended_key_usage CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage
    Detailed scenarios in which a key may be used. Structure is documented below.
    unknown_extended_key_usages Sequence[CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage]
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.
    baseKeyUsage Property Map
    Describes high-level ways in which a key may be used. Structure is documented below.
    extendedKeyUsage Property Map
    Detailed scenarios in which a key may be used. Structure is documented below.
    unknownExtendedKeyUsages List<Property Map>
    Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. Structure is documented below.

    CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsage, CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs

    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    CertSign bool
    The key may be used to sign certificates.
    ContentCommitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    CrlSign bool
    The key may be used sign certificate revocation lists.
    DataEncipherment bool
    The key may be used to encipher data.
    DecipherOnly bool
    The key may be used to decipher only.
    DigitalSignature bool
    The key may be used for digital signatures.
    EncipherOnly bool
    The key may be used to encipher only.
    KeyAgreement bool
    The key may be used in a key agreement protocol.
    KeyEncipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.
    certSign boolean
    The key may be used to sign certificates.
    contentCommitment boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment boolean
    The key may be used to encipher data.
    decipherOnly boolean
    The key may be used to decipher only.
    digitalSignature boolean
    The key may be used for digital signatures.
    encipherOnly boolean
    The key may be used to encipher only.
    keyAgreement boolean
    The key may be used in a key agreement protocol.
    keyEncipherment boolean
    The key may be used to encipher other keys.
    cert_sign bool
    The key may be used to sign certificates.
    content_commitment bool
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crl_sign bool
    The key may be used sign certificate revocation lists.
    data_encipherment bool
    The key may be used to encipher data.
    decipher_only bool
    The key may be used to decipher only.
    digital_signature bool
    The key may be used for digital signatures.
    encipher_only bool
    The key may be used to encipher only.
    key_agreement bool
    The key may be used in a key agreement protocol.
    key_encipherment bool
    The key may be used to encipher other keys.
    certSign Boolean
    The key may be used to sign certificates.
    contentCommitment Boolean
    The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
    crlSign Boolean
    The key may be used sign certificate revocation lists.
    dataEncipherment Boolean
    The key may be used to encipher data.
    decipherOnly Boolean
    The key may be used to decipher only.
    digitalSignature Boolean
    The key may be used for digital signatures.
    encipherOnly Boolean
    The key may be used to encipher only.
    keyAgreement Boolean
    The key may be used in a key agreement protocol.
    keyEncipherment Boolean
    The key may be used to encipher other keys.

    CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs

    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    ClientAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    CodeSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    EmailProtection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    OcspSigning bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    ServerAuth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    TimeStamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    client_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    code_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    email_protection bool
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocsp_signing bool
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    server_auth bool
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    time_stamping bool
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
    clientAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
    codeSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
    emailProtection Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
    ocspSigning Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
    serverAuth Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
    timeStamping Boolean
    Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

    CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsage, CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs

    ObjectIdPaths List<int>
    Required. The parts of an OID path. The most significant parts of the path come first.
    ObjectIdPaths []int
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths List<Integer>
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths number[]
    Required. The parts of an OID path. The most significant parts of the path come first.
    object_id_paths Sequence[int]
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths List<Number>
    Required. The parts of an OID path. The most significant parts of the path come first.

    CertificateTemplatePredefinedValuesPolicyId, CertificateTemplatePredefinedValuesPolicyIdArgs

    ObjectIdPaths List<int>
    Required. The parts of an OID path. The most significant parts of the path come first.
    ObjectIdPaths []int
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths List<Integer>
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths number[]
    Required. The parts of an OID path. The most significant parts of the path come first.
    object_id_paths Sequence[int]
    Required. The parts of an OID path. The most significant parts of the path come first.
    objectIdPaths List<Number>
    Required. The parts of an OID path. The most significant parts of the path come first.

    Import

    CertificateTemplate can be imported using any of these accepted formats:

    • projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}

    • {{project}}/{{location}}/{{name}}

    • {{location}}/{{name}}

    When using the pulumi import command, CertificateTemplate can be imported using one of the formats above. For example:

    $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}
    
    $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{project}}/{{location}}/{{name}}
    
    $ pulumi import gcp:certificateauthority/certificateTemplate:CertificateTemplate default {{location}}/{{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi