Class CertificateAuthorityPolicy (1.2.4)

CertificateAuthorityPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The issuing policy for a CertificateAuthority. Certificates will not be successfully issued from this CertificateAuthority if they violate the policy.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Attributes

NameDescription
allowed_config_list google.cloud.security.privateca_v1beta1.types.CertificateAuthority.CertificateAuthorityPolicy.AllowedConfigList
Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list. This field is a member of oneof_ config_policy.
overwrite_config_values google.cloud.security.privateca_v1beta1.types.ReusableConfigWrapper
Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values. This field is a member of oneof_ config_policy.
allowed_locations_and_organizations Sequence[google.cloud.security.privateca_v1beta1.types.Subject]
Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
allowed_common_names Sequence[str]
Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
allowed_sans google.cloud.security.privateca_v1beta1.types.CertificateAuthority.CertificateAuthorityPolicy.AllowedSubjectAltNames
Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
maximum_lifetime google.protobuf.duration_pb2.Duration
Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
allowed_issuance_modes google.cloud.security.privateca_v1beta1.types.CertificateAuthority.CertificateAuthorityPolicy.IssuanceModes
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

Classes

AllowedConfigList

AllowedConfigList(mapping=None, *, ignore_unknown_fields=False, **kwargs)

AllowedSubjectAltNames

AllowedSubjectAltNames(mapping=None, *, ignore_unknown_fields=False, **kwargs)

AllowedSubjectAltNames specifies the allowed values for SubjectAltNames by the CertificateAuthority when issuing Certificates.

IssuanceModes

IssuanceModes(mapping=None, *, ignore_unknown_fields=False, **kwargs)

IssuanceModes specifies the allowed ways in which Certificates may be requested from this CertificateAuthority.