pulumi-google-native-kotlin/com.pulumi.googlenative.privateca.v1.kotlin.inputs/IssuancePolicyArgs

IssuancePolicyArgs

data class IssuancePolicyArgs(val allowedIssuanceModes: Output<IssuanceModesArgs>? = null, val allowedKeyTypes: Output<List<AllowedKeyTypeArgs>>? = null, val baselineValues: Output<X509ParametersArgs>? = null, val identityConstraints: Output<CertificateIdentityConstraintsArgs>? = null, val maximumLifetime: Output<String>? = null, val passthroughExtensions: Output<CertificateExtensionConstraintsArgs>? = null) : ConvertibleToJava<IssuancePolicyArgs>

Defines controls over all certificate issuance within a CaPool.

Constructors

Link copied to clipboard
fun IssuancePolicyArgs(allowedIssuanceModes: Output<IssuanceModesArgs>? = null, allowedKeyTypes: Output<List<AllowedKeyTypeArgs>>? = null, baselineValues: Output<X509ParametersArgs>? = null, identityConstraints: Output<CertificateIdentityConstraintsArgs>? = null, maximumLifetime: Output<String>? = null, passthroughExtensions: Output<CertificateExtensionConstraintsArgs>? = null)

Functions

Link copied to clipboard
open override fun toJava(): IssuancePolicyArgs

Properties

Link copied to clipboard
val allowedIssuanceModes: Output<IssuanceModesArgs>? = null

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

Link copied to clipboard
val allowedKeyTypes: Output<List<AllowedKeyTypeArgs>>? = null

Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

Link copied to clipboard
val baselineValues: Output<X509ParametersArgs>? = null

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

Link copied to clipboard
val identityConstraints: Output<CertificateIdentityConstraintsArgs>? = null

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

Link copied to clipboard
val maximumLifetime: Output<String>? = null

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

Link copied to clipboard
val passthroughExtensions: Output<CertificateExtensionConstraintsArgs>? = null

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.