IssuancePolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)Defines controls over all certificate issuance within a CaPool.
Attributes | |
|---|---|
| Name | Description |
allowed_key_types |
Sequence[google.cloud.security.privateca_v1.types.CaPool.IssuancePolicy.AllowedKeyType]
Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used. |
maximum_lifetime |
google.protobuf.duration_pb2.Duration
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it. |
allowed_issuance_modes |
google.cloud.security.privateca_v1.types.CaPool.IssuancePolicy.IssuanceModes
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates. |
baseline_values |
google.cloud.security.privateca_v1.types.X509Parameters
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail. |
identity_constraints |
google.cloud.security.privateca_v1.types.CertificateIdentityConstraints
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity. |
passthrough_extensions |
google.cloud.security.privateca_v1.types.CertificateExtensionConstraints
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values. |
Classes
AllowedKeyType
AllowedKeyType(mapping=None, *, ignore_unknown_fields=False, **kwargs)Describes a "type" of key that may be used in a Certificate issued from a CaPool. Note that a single AllowedKeyType may refer to either a fully-qualified key algorithm, such as RSA 4096, or a family of key algorithms, such as any RSA key.
IssuanceModes
IssuanceModes(mapping=None, *, ignore_unknown_fields=False, **kwargs)IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool.