CertificateAuthority(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A CertificateAuthority represents an individual Certificate Authority. A CertificateAuthority can be used to create Certificates.
Attributes | |
---|---|
Name | Description |
name |
str
Output only. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/* .
|
type_ |
Required. Immutable. The Type of this CertificateAuthority. |
tier |
Required. Immutable. The Tier of this CertificateAuthority. |
config |
Required. Immutable. The config used to create a self-signed X.509 certificate or CSR. |
lifetime |
Required. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. |
key_spec |
Required. Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR. |
certificate_policy |
Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority. |
issuing_options |
Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority. |
subordinate_config |
Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate. |
state |
Output only. The State for this CertificateAuthority. |
pem_ca_certificates |
Sequence[str]
Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate. |
ca_certificate_descriptions |
Sequence[
Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root. |
gcs_bucket |
str
Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs:// ) or suffixes (such as .googleapis.com ). For
example, to use a bucket named my-bucket , you would
simply specify my-bucket . If not specified, a managed
bucket will be created.
|
access_urls |
Output only. URLs for accessing content published by this CA, such as the CA certificate and CRLs. |
create_time |
Output only. The time at which this CertificateAuthority was created. |
update_time |
Output only. The time at which this CertificateAuthority was updated. |
delete_time |
Output only. The time at which this CertificateAuthority will be deleted, if scheduled for deletion. |
labels |
Sequence[
Optional. Labels with user-defined metadata. |
Classes
AccessUrls
AccessUrls(mapping=None, *, ignore_unknown_fields=False, **kwargs)
URLs where a CertificateAuthority will publish content.
CertificateAuthorityPolicy
CertificateAuthorityPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)
The issuing policy for a CertificateAuthority. Certificates will not be successfully issued from this CertificateAuthority if they violate the policy.
IssuingOptions
IssuingOptions(mapping=None, *, ignore_unknown_fields=False, **kwargs)
Options that affect all certificates issued by a CertificateAuthority.
KeyVersionSpec
KeyVersionSpec(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A Cloud KMS key configuration that a CertificateAuthority will use.
LabelsEntry
LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)
The abstract base class for a message.
Parameters | |
---|---|
Name | Description |
kwargs |
dict
Keys and values corresponding to the fields of the message. |
mapping |
Union[dict,
A dictionary or message to be used to determine the values for this message. |
ignore_unknown_fields |
Optional(bool)
If True, do not raise errors for unknown fields. Only applied if |
SignHashAlgorithm
SignHashAlgorithm(value)
The algorithm of a Cloud KMS CryptoKeyVersion of a
CryptoKey with the
CryptoKeyPurpose
value ASYMMETRIC_SIGN
. These values correspond to the
CryptoKeyVersionAlgorithm.
values.
State
State(value)
The state of a CertificateAuthority, indicating if it can be used.
Tier
Tier(value)
The tier of a CertificateAuthority, indicating its supported functionality and/or billing SKU.
Type
Type(value)
The type of a CertificateAuthority, indicating its issuing chain.