Class CertificateAuthority (0.4.0)

CertificateAuthority(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A CertificateAuthority represents an individual Certificate Authority. A CertificateAuthority can be used to create Certificates.

Attributes

NameDescription
name str
Output only. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
type_ google.cloud.security.privateca_v1beta1.types.CertificateAuthority.Type
Required. Immutable. The Type of this CertificateAuthority.
tier google.cloud.security.privateca_v1beta1.types.CertificateAuthority.Tier
Required. Immutable. The Tier of this CertificateAuthority.
config google.cloud.security.privateca_v1beta1.types.CertificateConfig
Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
lifetime google.protobuf.duration_pb2.Duration
Required. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
key_spec google.cloud.security.privateca_v1beta1.types.CertificateAuthority.KeyVersionSpec
Required. Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
certificate_policy google.cloud.security.privateca_v1beta1.types.CertificateAuthority.CertificateAuthorityPolicy
Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.
issuing_options google.cloud.security.privateca_v1beta1.types.CertificateAuthority.IssuingOptions
Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.
subordinate_config google.cloud.security.privateca_v1beta1.types.SubordinateConfig
Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
state google.cloud.security.privateca_v1beta1.types.CertificateAuthority.State
Output only. The State for this CertificateAuthority.
pem_ca_certificates Sequence[str]
Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
ca_certificate_descriptions Sequence[google.cloud.security.privateca_v1beta1.types.CertificateDescription]
Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
gcs_bucket str
Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
access_urls google.cloud.security.privateca_v1beta1.types.CertificateAuthority.AccessUrls
Output only. URLs for accessing content published by this CA, such as the CA certificate and CRLs.
create_time google.protobuf.timestamp_pb2.Timestamp
Output only. The time at which this CertificateAuthority was created.
update_time google.protobuf.timestamp_pb2.Timestamp
Output only. The time at which this CertificateAuthority was updated.
delete_time google.protobuf.timestamp_pb2.Timestamp
Output only. The time at which this CertificateAuthority will be deleted, if scheduled for deletion.
labels Sequence[google.cloud.security.privateca_v1beta1.types.CertificateAuthority.LabelsEntry]
Optional. Labels with user-defined metadata.

Classes

AccessUrls

AccessUrls(mapping=None, *, ignore_unknown_fields=False, **kwargs)

URLs where a CertificateAuthority will publish content.

CertificateAuthorityPolicy

CertificateAuthorityPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The issuing policy for a CertificateAuthority. Certificates will not be successfully issued from this CertificateAuthority if they violate the policy.

IssuingOptions

IssuingOptions(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Options that affect all certificates issued by a CertificateAuthority.

KeyVersionSpec

KeyVersionSpec(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A Cloud KMS key configuration that a CertificateAuthority will use.

LabelsEntry

LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The abstract base class for a message.

Parameters
NameDescription
kwargs dict

Keys and values corresponding to the fields of the message.

mapping Union[dict, .Message]

A dictionary or message to be used to determine the values for this message.

ignore_unknown_fields Optional(bool)

If True, do not raise errors for unknown fields. Only applied if mapping is a mapping type or there are keyword parameters.

SignHashAlgorithm

SignHashAlgorithm(value)

The algorithm of a Cloud KMS CryptoKeyVersion of a CryptoKey with the CryptoKeyPurpose value ASYMMETRIC_SIGN. These values correspond to the CryptoKeyVersionAlgorithm values. For RSA signing algorithms, the PSS algorithms should be preferred, use PKCS1 algorithms if required for compatibility. For further recommandations, see https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.

State

State(value)

The state of a CertificateAuthority, indicating if it can be used.

Tier

Tier(value)

The tier of a CertificateAuthority, indicating its supported functionality and/or billing SKU.

Type

Type(value)

The type of a CertificateAuthority, indicating its issuing chain.