Ceritificate Authority Service V1 API - Class Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy (v0.2.1)

Reference documentation and code samples for the Ceritificate Authority Service V1 API class Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy.

Defines controls over all certificate issuance within a CaPool.

Inherits

Object

Extended By

Google::Protobuf::MessageExts::ClassMethods

Includes

Google::Protobuf::MessageExts

Methods

#allowed_issuance_modes

def allowed_issuance_modes() -> ::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::IssuanceModes

Returns

(::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::IssuanceModes) — Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

#allowed_issuance_modes=

def allowed_issuance_modes=(value) -> ::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::IssuanceModes

Parameter

value (::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::IssuanceModes) — Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

Returns

(::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::IssuanceModes) — Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

#allowed_key_types

def allowed_key_types() -> ::Array<::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType>

Returns

(::Array<::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType>) — Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

#allowed_key_types=

def allowed_key_types=(value) -> ::Array<::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType>

Parameter

value (::Array<::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType>) — Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

Returns

(::Array<::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType>) — Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

#baseline_values

def baseline_values() -> ::Google::Cloud::Security::PrivateCA::V1::X509Parameters

Returns

(::Google::Cloud::Security::PrivateCA::V1::X509Parameters) — Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

#baseline_values=

def baseline_values=(value) -> ::Google::Cloud::Security::PrivateCA::V1::X509Parameters

Parameter

value (::Google::Cloud::Security::PrivateCA::V1::X509Parameters) — Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

Returns

(::Google::Cloud::Security::PrivateCA::V1::X509Parameters) — Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

#identity_constraints

def identity_constraints() -> ::Google::Cloud::Security::PrivateCA::V1::CertificateIdentityConstraints

Returns

(::Google::Cloud::Security::PrivateCA::V1::CertificateIdentityConstraints) — Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

#identity_constraints=

def identity_constraints=(value) -> ::Google::Cloud::Security::PrivateCA::V1::CertificateIdentityConstraints

Parameter

value (::Google::Cloud::Security::PrivateCA::V1::CertificateIdentityConstraints) — Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

Returns

(::Google::Cloud::Security::PrivateCA::V1::CertificateIdentityConstraints) — Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

#maximum_lifetime

def maximum_lifetime() -> ::Google::Protobuf::Duration

Returns

(::Google::Protobuf::Duration) — Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

#maximum_lifetime=

def maximum_lifetime=(value) -> ::Google::Protobuf::Duration

Parameter

value (::Google::Protobuf::Duration) — Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

Returns

(::Google::Protobuf::Duration) — Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

#passthrough_extensions

def passthrough_extensions() -> ::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints

Returns

(::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints) — Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

#passthrough_extensions=

def passthrough_extensions=(value) -> ::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints

Parameter

value (::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints) — Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

Returns

(::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints) — Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.