Class CertificateAuthorityPolicy

The issuing policy for a CertificateAuthority. Certificates will not be successfully issued from this CertificateAuthority if they violate the policy.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Attributes
NameDescription
google.cloud.security.privateca_v1beta1.types.CertificateAuthority.CertificateAuthorityPolicy.AllowedConfigListallowed_config_list
Optional. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper in the list. This field is a member of `oneof`_ ``config_policy``.
google.cloud.security.privateca_v1beta1.types.ReusableConfigWrapperoverwrite_config_values
Optional. All Certificates issued by the CertificateAuthority will use the provided configuration values, overwriting any requested configuration values. This field is a member of `oneof`_ ``config_policy``.
Sequence[google.cloud.security.privateca_v1beta1.types.Subject]allowed_locations_and_organizations
Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
Sequence[str]allowed_common_names
Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
google.cloud.security.privateca_v1beta1.types.CertificateAuthority.CertificateAuthorityPolicy.AllowedSubjectAltNamesallowed_sans
Optional. If a AllowedSubjectAltNames is specified here, then all Certificates issued by the CertificateAuthority must match AllowedSubjectAltNames. If no value or an empty value is specified, any value will be allowed for the SubjectAltNames field.
google.protobuf.duration_pb2.Durationmaximum_lifetime
Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
google.cloud.security.privateca_v1beta1.types.CertificateAuthority.CertificateAuthorityPolicy.IssuanceModesallowed_issuance_modes
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

Inheritance

builtins.object > proto.message.Message > CertificateAuthorityPolicy

Classes

AllowedConfigList

AllowedConfigList(mapping=None, *, ignore_unknown_fields=False, **kwargs)

AllowedSubjectAltNames

AllowedSubjectAltNames(mapping=None, *, ignore_unknown_fields=False, **kwargs)

AllowedSubjectAltNames specifies the allowed values for SubjectAltNames by the CertificateAuthority when issuing Certificates.

IssuanceModes

IssuanceModes(mapping=None, *, ignore_unknown_fields=False, **kwargs)

IssuanceModes specifies the allowed ways in which Certificates may be requested from this CertificateAuthority.