REST Resource: projects.locations.trustConfigs

Resource: TrustConfig

Defines a trust config.

JSON representation 
{
  "name": string,
  "createTime": string,
  "updateTime": string,
  "labels": {
    string: string,
    ...
  },
  "description": string,
  "etag": string,
  "trustStores": [
    {
      object (TrustStore)
    }
  ],
  "allowlistedCertificates": [
    {
      object (AllowlistedCertificate)
    }
  ]
}
Fields
name

string

A user-defined name of the trust config. TrustConfig names must be unique globally and match pattern projects/*/locations/*/trustConfigs/*.
createTime

string (Timestamp format)

Output only. The creation timestamp of a TrustConfig.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
updateTime

string (Timestamp format)

Output only. The last update timestamp of a TrustConfig.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
labels

map (key: string, value: string)

Set of labels associated with a TrustConfig.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
description

string

One or more paragraphs of text description of a TrustConfig.
etag

string

This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
trustStores[]

object (TrustStore)

Set of trust stores to perform validation against.

This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation.

Only one TrustStore specified is currently allowed.
allowlistedCertificates[]

object (AllowlistedCertificate)

Optional. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.

TrustStore

Defines a trust store.

JSON representation 
{
  "trustAnchors": [
    {
      object (TrustAnchor)
    }
  ],
  "intermediateCas": [
    {
      object (IntermediateCA)
    }
  ]
}
Fields
trustAnchors[]

object (TrustAnchor)

List of Trust Anchors to be used while performing validation against a given TrustStore.
intermediateCas[]

object (IntermediateCA)

Set of intermediate CA certificates used for the path building phase of chain validation.

The field is currently not supported if TrustConfig is used for the workload certificate feature.

TrustAnchor

Defines a trust anchor.

JSON representation 
{

  // Union field kind can be only one of the following:
  "pemCertificate": string
  // End of list of possible types for union field kind.
}
Fields

Union field kind.

kind can be only one of the following:
pemCertificate

string

PEM root certificate of the PKI used for validation.

Each certificate provided in PEM format may occupy up to 5kB.

IntermediateCA

Defines an intermediate CA.

JSON representation 
{

  // Union field kind can be only one of the following:
  "pemCertificate": string
  // End of list of possible types for union field kind.
}
Fields

Union field kind.

kind can be only one of the following:
pemCertificate

string

PEM intermediate certificate used for building up paths for validation.

Each certificate provided in PEM format may occupy up to 5kB.

AllowlistedCertificate

Defines an allowlisted certificate.

JSON representation 
{
  "pemCertificate": string
}
Fields
pemCertificate

string

Required. PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.

Methods

create

 Creates a new TrustConfig in a given project and location.

delete

 Deletes a single TrustConfig.

get

 Gets details of a single TrustConfig.

list

 Lists TrustConfigs in a given project and location.

patch

 Updates a TrustConfig.