Describes the way in which a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and/or
[SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be resolved.
The default mode used in most cases. Indicates that the certificate's
[Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are specified in the certificate
request. This mode requires the caller to have the
privateca.certificates.create permission.
ReflectedSpiffe
A mode reserved for special cases. Indicates that the certificate should
have one or more SPIFFE [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set by the service based
on the caller's identity. This mode will ignore any explicitly specified
[Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
This mode requires the caller to have the
privateca.certificates.createForSelf permission.