Resource: TrustConfig
Defines a trust config.
JSON representation |
---|
{ "name": string, "createTime": string, "updateTime": string, "labels": { string: string, ... }, "description": string, "etag": string, "trustStores": [ { object ( |
Fields | |
---|---|
name |
Identifier. A user-defined name of the trust config. TrustConfig names must be unique globally and match pattern |
createTime |
Output only. The creation timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
Output only. The last update timestamp of a TrustConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
labels |
Optional. Set of labels associated with a TrustConfig. An object containing a list of |
description |
Optional. One or more paragraphs of text description of a TrustConfig. |
etag |
This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
trustStores[] |
Optional. Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Only one TrustStore specified is currently allowed. |
allowlistedCertificates[] |
Optional. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. |
TrustStore
Defines a trust store.
JSON representation |
---|
{ "trustAnchors": [ { object ( |
Fields | |
---|---|
trustAnchors[] |
Optional. List of Trust Anchors to be used while performing validation against a given TrustStore. |
intermediateCas[] |
Optional. Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if TrustConfig is used for the workload certificate feature. |
TrustAnchor
Defines a trust anchor.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field kind . Kind of the trust anchor. Required. kind can be only one of the following: |
|
pemCertificate |
PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. |
IntermediateCA
Defines an intermediate CA.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field kind . Kind of the intermediate CA. Required. kind can be only one of the following: |
|
pemCertificate |
PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. |
AllowlistedCertificate
Defines an allowlisted certificate.
JSON representation |
---|
{ "pemCertificate": string } |
Fields | |
---|---|
pemCertificate |
Required. PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate. |
Methods |
|
---|---|
|
Creates a new TrustConfig in a given project and location. |
|
Deletes a single TrustConfig. |
|
Gets details of a single TrustConfig. |
|
Lists TrustConfigs in a given project and location. |
|
Updates a TrustConfig. |