privateca.v1beta1.caPool
"CAPool is the Schema for the CAPools API. A CaPool represents a group of CertificateAuthorities that form a trust anchor."
Index
fn new(name)obj metadatafn withAnnotations(annotations)fn withAnnotationsMixin(annotations)fn withClusterName(clusterName)fn withCreationTimestamp(creationTimestamp)fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)fn withDeletionTimestamp(deletionTimestamp)fn withFinalizers(finalizers)fn withFinalizersMixin(finalizers)fn withGenerateName(generateName)fn withGeneration(generation)fn withLabels(labels)fn withLabelsMixin(labels)fn withName(name)fn withNamespace(namespace)fn withOwnerReferences(ownerReferences)fn withOwnerReferencesMixin(ownerReferences)fn withResourceVersion(resourceVersion)fn withSelfLink(selfLink)fn withUid(uid)
obj specfn withDeletionPolicy(deletionPolicy)fn withManagementPolicies(managementPolicies)fn withManagementPoliciesMixin(managementPolicies)obj spec.forProviderfn withIssuancePolicy(issuancePolicy)fn withIssuancePolicyMixin(issuancePolicy)fn withLabels(labels)fn withLabelsMixin(labels)fn withLocation(location)fn withProject(project)fn withPublishingOptions(publishingOptions)fn withPublishingOptionsMixin(publishingOptions)fn withTier(tier)obj spec.forProvider.issuancePolicyfn withAllowedIssuanceModes(allowedIssuanceModes)fn withAllowedIssuanceModesMixin(allowedIssuanceModes)fn withAllowedKeyTypes(allowedKeyTypes)fn withAllowedKeyTypesMixin(allowedKeyTypes)fn withBaselineValues(baselineValues)fn withBaselineValuesMixin(baselineValues)fn withIdentityConstraints(identityConstraints)fn withIdentityConstraintsMixin(identityConstraints)fn withMaximumLifetime(maximumLifetime)obj spec.forProvider.issuancePolicy.allowedIssuanceModesobj spec.forProvider.issuancePolicy.allowedKeyTypesobj spec.forProvider.issuancePolicy.baselineValuesfn withAdditionalExtensions(additionalExtensions)fn withAdditionalExtensionsMixin(additionalExtensions)fn withAiaOcspServers(aiaOcspServers)fn withAiaOcspServersMixin(aiaOcspServers)fn withCaOptions(caOptions)fn withCaOptionsMixin(caOptions)fn withKeyUsage(keyUsage)fn withKeyUsageMixin(keyUsage)fn withNameConstraints(nameConstraints)fn withNameConstraintsMixin(nameConstraints)fn withPolicyIds(policyIds)fn withPolicyIdsMixin(policyIds)obj spec.forProvider.issuancePolicy.baselineValues.additionalExtensionsobj spec.forProvider.issuancePolicy.baselineValues.caOptionsobj spec.forProvider.issuancePolicy.baselineValues.keyUsagefn withBaseKeyUsage(baseKeyUsage)fn withBaseKeyUsageMixin(baseKeyUsage)fn withExtendedKeyUsage(extendedKeyUsage)fn withExtendedKeyUsageMixin(extendedKeyUsage)fn withUnknownExtendedKeyUsages(unknownExtendedKeyUsages)fn withUnknownExtendedKeyUsagesMixin(unknownExtendedKeyUsages)obj spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsagefn withCertSign(certSign)fn withContentCommitment(contentCommitment)fn withCrlSign(crlSign)fn withDataEncipherment(dataEncipherment)fn withDecipherOnly(decipherOnly)fn withDigitalSignature(digitalSignature)fn withEncipherOnly(encipherOnly)fn withKeyAgreement(keyAgreement)fn withKeyEncipherment(keyEncipherment)
obj spec.forProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsageobj spec.forProvider.issuancePolicy.baselineValues.keyUsage.unknownExtendedKeyUsages
obj spec.forProvider.issuancePolicy.baselineValues.nameConstraintsfn withCritical(critical)fn withExcludedDnsNames(excludedDnsNames)fn withExcludedDnsNamesMixin(excludedDnsNames)fn withExcludedEmailAddresses(excludedEmailAddresses)fn withExcludedEmailAddressesMixin(excludedEmailAddresses)fn withExcludedIpRanges(excludedIpRanges)fn withExcludedIpRangesMixin(excludedIpRanges)fn withExcludedUris(excludedUris)fn withExcludedUrisMixin(excludedUris)fn withPermittedDnsNames(permittedDnsNames)fn withPermittedDnsNamesMixin(permittedDnsNames)fn withPermittedEmailAddresses(permittedEmailAddresses)fn withPermittedEmailAddressesMixin(permittedEmailAddresses)fn withPermittedIpRanges(permittedIpRanges)fn withPermittedIpRangesMixin(permittedIpRanges)fn withPermittedUris(permittedUris)fn withPermittedUrisMixin(permittedUris)
obj spec.forProvider.issuancePolicy.baselineValues.policyIds
obj spec.forProvider.issuancePolicy.identityConstraints
obj spec.forProvider.publishingOptions
obj spec.initProviderfn withIssuancePolicy(issuancePolicy)fn withIssuancePolicyMixin(issuancePolicy)fn withLabels(labels)fn withLabelsMixin(labels)fn withProject(project)fn withPublishingOptions(publishingOptions)fn withPublishingOptionsMixin(publishingOptions)fn withTier(tier)obj spec.initProvider.issuancePolicyfn withAllowedIssuanceModes(allowedIssuanceModes)fn withAllowedIssuanceModesMixin(allowedIssuanceModes)fn withAllowedKeyTypes(allowedKeyTypes)fn withAllowedKeyTypesMixin(allowedKeyTypes)fn withBaselineValues(baselineValues)fn withBaselineValuesMixin(baselineValues)fn withIdentityConstraints(identityConstraints)fn withIdentityConstraintsMixin(identityConstraints)fn withMaximumLifetime(maximumLifetime)obj spec.initProvider.issuancePolicy.allowedIssuanceModesobj spec.initProvider.issuancePolicy.allowedKeyTypesobj spec.initProvider.issuancePolicy.baselineValuesfn withAdditionalExtensions(additionalExtensions)fn withAdditionalExtensionsMixin(additionalExtensions)fn withAiaOcspServers(aiaOcspServers)fn withAiaOcspServersMixin(aiaOcspServers)fn withCaOptions(caOptions)fn withCaOptionsMixin(caOptions)fn withKeyUsage(keyUsage)fn withKeyUsageMixin(keyUsage)fn withNameConstraints(nameConstraints)fn withNameConstraintsMixin(nameConstraints)fn withPolicyIds(policyIds)fn withPolicyIdsMixin(policyIds)obj spec.initProvider.issuancePolicy.baselineValues.additionalExtensionsobj spec.initProvider.issuancePolicy.baselineValues.caOptionsobj spec.initProvider.issuancePolicy.baselineValues.keyUsagefn withBaseKeyUsage(baseKeyUsage)fn withBaseKeyUsageMixin(baseKeyUsage)fn withExtendedKeyUsage(extendedKeyUsage)fn withExtendedKeyUsageMixin(extendedKeyUsage)fn withUnknownExtendedKeyUsages(unknownExtendedKeyUsages)fn withUnknownExtendedKeyUsagesMixin(unknownExtendedKeyUsages)obj spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsagefn withCertSign(certSign)fn withContentCommitment(contentCommitment)fn withCrlSign(crlSign)fn withDataEncipherment(dataEncipherment)fn withDecipherOnly(decipherOnly)fn withDigitalSignature(digitalSignature)fn withEncipherOnly(encipherOnly)fn withKeyAgreement(keyAgreement)fn withKeyEncipherment(keyEncipherment)
obj spec.initProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsageobj spec.initProvider.issuancePolicy.baselineValues.keyUsage.unknownExtendedKeyUsages
obj spec.initProvider.issuancePolicy.baselineValues.nameConstraintsfn withCritical(critical)fn withExcludedDnsNames(excludedDnsNames)fn withExcludedDnsNamesMixin(excludedDnsNames)fn withExcludedEmailAddresses(excludedEmailAddresses)fn withExcludedEmailAddressesMixin(excludedEmailAddresses)fn withExcludedIpRanges(excludedIpRanges)fn withExcludedIpRangesMixin(excludedIpRanges)fn withExcludedUris(excludedUris)fn withExcludedUrisMixin(excludedUris)fn withPermittedDnsNames(permittedDnsNames)fn withPermittedDnsNamesMixin(permittedDnsNames)fn withPermittedEmailAddresses(permittedEmailAddresses)fn withPermittedEmailAddressesMixin(permittedEmailAddresses)fn withPermittedIpRanges(permittedIpRanges)fn withPermittedIpRangesMixin(permittedIpRanges)fn withPermittedUris(permittedUris)fn withPermittedUrisMixin(permittedUris)
obj spec.initProvider.issuancePolicy.baselineValues.policyIds
obj spec.initProvider.issuancePolicy.identityConstraints
obj spec.initProvider.publishingOptions
obj spec.providerConfigRefobj spec.providerRefobj spec.publishConnectionDetailsToobj spec.writeConnectionSecretToRef
Fields
fn new
new(name)
new returns an instance of CAPool
obj metadata
"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."
fn metadata.withAnnotations
withAnnotations(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
fn metadata.withAnnotationsMixin
withAnnotationsMixin(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
Note: This function appends passed data to existing values
fn metadata.withClusterName
withClusterName(clusterName)
"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."
fn metadata.withCreationTimestamp
withCreationTimestamp(creationTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withDeletionGracePeriodSeconds
withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)
"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."
fn metadata.withDeletionTimestamp
withDeletionTimestamp(deletionTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withFinalizers
withFinalizers(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
fn metadata.withFinalizersMixin
withFinalizersMixin(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
Note: This function appends passed data to existing values
fn metadata.withGenerateName
withGenerateName(generateName)
"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"
fn metadata.withGeneration
withGeneration(generation)
"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."
fn metadata.withLabels
withLabels(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
fn metadata.withLabelsMixin
withLabelsMixin(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
Note: This function appends passed data to existing values
fn metadata.withName
withName(name)
"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
fn metadata.withNamespace
withNamespace(namespace)
"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"
fn metadata.withOwnerReferences
withOwnerReferences(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
fn metadata.withOwnerReferencesMixin
withOwnerReferencesMixin(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
Note: This function appends passed data to existing values
fn metadata.withResourceVersion
withResourceVersion(resourceVersion)
"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"
fn metadata.withSelfLink
withSelfLink(selfLink)
"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."
fn metadata.withUid
withUid(uid)
"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
obj spec
"CAPoolSpec defines the desired state of CAPool"
fn spec.withDeletionPolicy
withDeletionPolicy(deletionPolicy)
"DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either \"Delete\" or \"Orphan\" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223"
fn spec.withManagementPolicies
withManagementPolicies(managementPolicies)
"THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md"
fn spec.withManagementPoliciesMixin
withManagementPoliciesMixin(managementPolicies)
"THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md"
Note: This function appends passed data to existing values
obj spec.forProvider
fn spec.forProvider.withIssuancePolicy
withIssuancePolicy(issuancePolicy)
"The IssuancePolicy to control how Certificates will be issued from this CaPool. Structure is documented below."
fn spec.forProvider.withIssuancePolicyMixin
withIssuancePolicyMixin(issuancePolicy)
"The IssuancePolicy to control how Certificates will be issued from this CaPool. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.withLabels
withLabels(labels)
"Labels with user-defined metadata. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }."
fn spec.forProvider.withLabelsMixin
withLabelsMixin(labels)
"Labels with user-defined metadata. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }."
Note: This function appends passed data to existing values
fn spec.forProvider.withLocation
withLocation(location)
"Location of the CaPool. A full list of valid locations can be found by running gcloud privateca locations list."
fn spec.forProvider.withProject
withProject(project)
"The ID of the project in which the resource belongs. If it is not provided, the provider project is used."
fn spec.forProvider.withPublishingOptions
withPublishingOptions(publishingOptions)
"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. Structure is documented below."
fn spec.forProvider.withPublishingOptionsMixin
withPublishingOptionsMixin(publishingOptions)
"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.withTier
withTier(tier)
"The Tier of this CaPool. Possible values are: ENTERPRISE, DEVOPS."
obj spec.forProvider.issuancePolicy
"The IssuancePolicy to control how Certificates will be issued from this CaPool. Structure is documented below."
fn spec.forProvider.issuancePolicy.withAllowedIssuanceModes
withAllowedIssuanceModes(allowedIssuanceModes)
"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool. Structure is documented below."
fn spec.forProvider.issuancePolicy.withAllowedIssuanceModesMixin
withAllowedIssuanceModesMixin(allowedIssuanceModes)
"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.withAllowedKeyTypes
withAllowedKeyTypes(allowedKeyTypes)
"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used. Structure is documented below."
fn spec.forProvider.issuancePolicy.withAllowedKeyTypesMixin
withAllowedKeyTypesMixin(allowedKeyTypes)
"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.withBaselineValues
withBaselineValues(baselineValues)
"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate issuance request will fail. Structure is documented below."
fn spec.forProvider.issuancePolicy.withBaselineValuesMixin
withBaselineValuesMixin(baselineValues)
"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate issuance request will fail. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.withIdentityConstraints
withIdentityConstraints(identityConstraints)
"Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity. Structure is documented below."
fn spec.forProvider.issuancePolicy.withIdentityConstraintsMixin
withIdentityConstraintsMixin(identityConstraints)
"Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.withMaximumLifetime
withMaximumLifetime(maximumLifetime)
"The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it."
obj spec.forProvider.issuancePolicy.allowedIssuanceModes
"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool. Structure is documented below."
fn spec.forProvider.issuancePolicy.allowedIssuanceModes.withAllowConfigBasedIssuance
withAllowConfigBasedIssuance(allowConfigBasedIssuance)
"When true, allows callers to create Certificates by specifying a CertificateConfig."
fn spec.forProvider.issuancePolicy.allowedIssuanceModes.withAllowCsrBasedIssuance
withAllowCsrBasedIssuance(allowCsrBasedIssuance)
"When true, allows callers to create Certificates by specifying a CSR."
obj spec.forProvider.issuancePolicy.allowedKeyTypes
"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used. Structure is documented below."
fn spec.forProvider.issuancePolicy.allowedKeyTypes.withEllipticCurve
withEllipticCurve(ellipticCurve)
"Represents an allowed Elliptic Curve key type. Structure is documented below."
fn spec.forProvider.issuancePolicy.allowedKeyTypes.withEllipticCurveMixin
withEllipticCurveMixin(ellipticCurve)
"Represents an allowed Elliptic Curve key type. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.allowedKeyTypes.withRsa
withRsa(rsa)
"Describes an RSA key that may be used in a Certificate issued from a CaPool. Structure is documented below."
fn spec.forProvider.issuancePolicy.allowedKeyTypes.withRsaMixin
withRsaMixin(rsa)
"Describes an RSA key that may be used in a Certificate issued from a CaPool. Structure is documented below."
Note: This function appends passed data to existing values
obj spec.forProvider.issuancePolicy.allowedKeyTypes.ellipticCurve
"Represents an allowed Elliptic Curve key type. Structure is documented below."
fn spec.forProvider.issuancePolicy.allowedKeyTypes.ellipticCurve.withSignatureAlgorithm
withSignatureAlgorithm(signatureAlgorithm)
"The algorithm used. Possible values are: ECDSA_P256, ECDSA_P384, EDDSA_25519."
obj spec.forProvider.issuancePolicy.allowedKeyTypes.rsa
"Describes an RSA key that may be used in a Certificate issued from a CaPool. Structure is documented below."
fn spec.forProvider.issuancePolicy.allowedKeyTypes.rsa.withMaxModulusSize
withMaxModulusSize(maxModulusSize)
"The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes."
fn spec.forProvider.issuancePolicy.allowedKeyTypes.rsa.withMinModulusSize
withMinModulusSize(minModulusSize)
"The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply."
obj spec.forProvider.issuancePolicy.baselineValues
"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate issuance request will fail. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.withAdditionalExtensions
withAdditionalExtensions(additionalExtensions)
"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.withAdditionalExtensionsMixin
withAdditionalExtensionsMixin(additionalExtensions)
"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.withAiaOcspServers
withAiaOcspServers(aiaOcspServers)
"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate."
fn spec.forProvider.issuancePolicy.baselineValues.withAiaOcspServersMixin
withAiaOcspServersMixin(aiaOcspServers)
"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.withCaOptions
withCaOptions(caOptions)
"Describes values that are relevant in a CA certificate. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.withCaOptionsMixin
withCaOptionsMixin(caOptions)
"Describes values that are relevant in a CA certificate. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.withKeyUsage
withKeyUsage(keyUsage)
"Indicates the intended use for keys that correspond to a certificate. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.withKeyUsageMixin
withKeyUsageMixin(keyUsage)
"Indicates the intended use for keys that correspond to a certificate. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.withNameConstraints
withNameConstraints(nameConstraints)
"Describes the X.509 name constraints extension. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.withNameConstraintsMixin
withNameConstraintsMixin(nameConstraints)
"Describes the X.509 name constraints extension. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.withPolicyIds
withPolicyIds(policyIds)
"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.withPolicyIdsMixin
withPolicyIdsMixin(policyIds)
"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below."
Note: This function appends passed data to existing values
obj spec.forProvider.issuancePolicy.baselineValues.additionalExtensions
"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.additionalExtensions.withCritical
withCritical(critical)
"Indicates whether or not the name constraints are marked critical."
fn spec.forProvider.issuancePolicy.baselineValues.additionalExtensions.withObjectId
withObjectId(objectId)
"Describes values that are relevant in a CA certificate. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.additionalExtensions.withObjectIdMixin
withObjectIdMixin(objectId)
"Describes values that are relevant in a CA certificate. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.additionalExtensions.withValue
withValue(value)
"The value of this X.509 extension. A base64-encoded string."
obj spec.forProvider.issuancePolicy.baselineValues.additionalExtensions.objectId
"Describes values that are relevant in a CA certificate. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.additionalExtensions.objectId.withObjectIdPath
withObjectIdPath(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
fn spec.forProvider.issuancePolicy.baselineValues.additionalExtensions.objectId.withObjectIdPathMixin
withObjectIdPathMixin(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
Note: This function appends passed data to existing values
obj spec.forProvider.issuancePolicy.baselineValues.caOptions
"Describes values that are relevant in a CA certificate. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.caOptions.withIsCa
withIsCa(isCa)
"When true, the \"CA\" in Basic Constraints extension will be set to true."
fn spec.forProvider.issuancePolicy.baselineValues.caOptions.withMaxIssuerPathLength
withMaxIssuerPathLength(maxIssuerPathLength)
"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail."
fn spec.forProvider.issuancePolicy.baselineValues.caOptions.withNonCa
withNonCa(nonCa)
"When true, the \"CA\" in Basic Constraints extension will be set to false. If both is_ca and non_ca are unset, the extension will be omitted from the CA certificate."
fn spec.forProvider.issuancePolicy.baselineValues.caOptions.withZeroMaxIssuerPathLength
withZeroMaxIssuerPathLength(zeroMaxIssuerPathLength)
"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length are unset, the max path length will be omitted from the CA certificate."
obj spec.forProvider.issuancePolicy.baselineValues.keyUsage
"Indicates the intended use for keys that correspond to a certificate. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.withBaseKeyUsage
withBaseKeyUsage(baseKeyUsage)
"Describes high-level ways in which a key may be used. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.withBaseKeyUsageMixin
withBaseKeyUsageMixin(baseKeyUsage)
"Describes high-level ways in which a key may be used. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.withExtendedKeyUsage
withExtendedKeyUsage(extendedKeyUsage)
"Describes high-level ways in which a key may be used. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.withExtendedKeyUsageMixin
withExtendedKeyUsageMixin(extendedKeyUsage)
"Describes high-level ways in which a key may be used. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.withUnknownExtendedKeyUsages
withUnknownExtendedKeyUsages(unknownExtendedKeyUsages)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.withUnknownExtendedKeyUsagesMixin
withUnknownExtendedKeyUsagesMixin(unknownExtendedKeyUsages)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below."
Note: This function appends passed data to existing values
obj spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage
"Describes high-level ways in which a key may be used. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withCertSign
withCertSign(certSign)
"The key may be used to sign certificates."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withContentCommitment
withContentCommitment(contentCommitment)
"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\"."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withCrlSign
withCrlSign(crlSign)
"The key may be used sign certificate revocation lists."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withDataEncipherment
withDataEncipherment(dataEncipherment)
"The key may be used to encipher data."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withDecipherOnly
withDecipherOnly(decipherOnly)
"The key may be used to decipher only."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withDigitalSignature
withDigitalSignature(digitalSignature)
"The key may be used for digital signatures."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withEncipherOnly
withEncipherOnly(encipherOnly)
"The key may be used to encipher only."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withKeyAgreement
withKeyAgreement(keyAgreement)
"The key may be used in a key agreement protocol."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withKeyEncipherment
withKeyEncipherment(keyEncipherment)
"The key may be used to encipher other keys."
obj spec.forProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage
"Describes high-level ways in which a key may be used. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withClientAuth
withClientAuth(clientAuth)
"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withCodeSigning
withCodeSigning(codeSigning)
"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\"."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withEmailProtection
withEmailProtection(emailProtection)
"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\"."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withOcspSigning
withOcspSigning(ocspSigning)
"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\"."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withServerAuth
withServerAuth(serverAuth)
"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withTimeStamping
withTimeStamping(timeStamping)
"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\"."
obj spec.forProvider.issuancePolicy.baselineValues.keyUsage.unknownExtendedKeyUsages
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.unknownExtendedKeyUsages.withObjectIdPath
withObjectIdPath(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
fn spec.forProvider.issuancePolicy.baselineValues.keyUsage.unknownExtendedKeyUsages.withObjectIdPathMixin
withObjectIdPathMixin(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
Note: This function appends passed data to existing values
obj spec.forProvider.issuancePolicy.baselineValues.nameConstraints
"Describes the X.509 name constraints extension. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withCritical
withCritical(critical)
"Indicates whether or not the name constraints are marked critical."
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedDnsNames
withExcludedDnsNames(excludedDnsNames)
"Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not."
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedDnsNamesMixin
withExcludedDnsNamesMixin(excludedDnsNames)
"Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedEmailAddresses
withExcludedEmailAddresses(excludedEmailAddresses)
"Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain."
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedEmailAddressesMixin
withExcludedEmailAddressesMixin(excludedEmailAddresses)
"Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedIpRanges
withExcludedIpRanges(excludedIpRanges)
"Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses."
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedIpRangesMixin
withExcludedIpRangesMixin(excludedIpRanges)
"Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedUris
withExcludedUris(excludedUris)
"Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)"
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedUrisMixin
withExcludedUrisMixin(excludedUris)
"Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)"
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedDnsNames
withPermittedDnsNames(permittedDnsNames)
"Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not."
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedDnsNamesMixin
withPermittedDnsNamesMixin(permittedDnsNames)
"Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedEmailAddresses
withPermittedEmailAddresses(permittedEmailAddresses)
"Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain."
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedEmailAddressesMixin
withPermittedEmailAddressesMixin(permittedEmailAddresses)
"Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedIpRanges
withPermittedIpRanges(permittedIpRanges)
"Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses."
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedIpRangesMixin
withPermittedIpRangesMixin(permittedIpRanges)
"Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses."
Note: This function appends passed data to existing values
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedUris
withPermittedUris(permittedUris)
"Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)"
fn spec.forProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedUrisMixin
withPermittedUrisMixin(permittedUris)
"Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)"
Note: This function appends passed data to existing values
obj spec.forProvider.issuancePolicy.baselineValues.policyIds
"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below."
fn spec.forProvider.issuancePolicy.baselineValues.policyIds.withObjectIdPath
withObjectIdPath(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
fn spec.forProvider.issuancePolicy.baselineValues.policyIds.withObjectIdPathMixin
withObjectIdPathMixin(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
Note: This function appends passed data to existing values
obj spec.forProvider.issuancePolicy.identityConstraints
"Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity. Structure is documented below."
fn spec.forProvider.issuancePolicy.identityConstraints.withAllowSubjectAltNamesPassthrough
withAllowSubjectAltNamesPassthrough(allowSubjectAltNamesPassthrough)
"If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded."
fn spec.forProvider.issuancePolicy.identityConstraints.withAllowSubjectPassthrough
withAllowSubjectPassthrough(allowSubjectPassthrough)
"If this is set, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded."
fn spec.forProvider.issuancePolicy.identityConstraints.withCelExpression
withCelExpression(celExpression)
"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/cel-guide Structure is documented below."
fn spec.forProvider.issuancePolicy.identityConstraints.withCelExpressionMixin
withCelExpressionMixin(celExpression)
"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/cel-guide Structure is documented below."
Note: This function appends passed data to existing values
obj spec.forProvider.issuancePolicy.identityConstraints.celExpression
"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/cel-guide Structure is documented below."
fn spec.forProvider.issuancePolicy.identityConstraints.celExpression.withDescription
withDescription(description)
"Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI."
fn spec.forProvider.issuancePolicy.identityConstraints.celExpression.withExpression
withExpression(expression)
"Textual representation of an expression in Common Expression Language syntax."
fn spec.forProvider.issuancePolicy.identityConstraints.celExpression.withLocation
withLocation(location)
"Location of the CaPool. A full list of valid locations can be found by running gcloud privateca locations list."
fn spec.forProvider.issuancePolicy.identityConstraints.celExpression.withTitle
withTitle(title)
"Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression."
obj spec.forProvider.publishingOptions
"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. Structure is documented below."
fn spec.forProvider.publishingOptions.withPublishCaCert
withPublishCaCert(publishCaCert)
"When true, publishes each CertificateAuthority's CA certificate and includes its URL in the \"Authority Information Access\" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates."
fn spec.forProvider.publishingOptions.withPublishCrl
withPublishCrl(publishCrl)
"When true, publishes each CertificateAuthority's CRL and includes its URL in the \"CRL Distribution Points\" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked."
obj spec.initProvider
"THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler."
fn spec.initProvider.withIssuancePolicy
withIssuancePolicy(issuancePolicy)
"The IssuancePolicy to control how Certificates will be issued from this CaPool. Structure is documented below."
fn spec.initProvider.withIssuancePolicyMixin
withIssuancePolicyMixin(issuancePolicy)
"The IssuancePolicy to control how Certificates will be issued from this CaPool. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.withLabels
withLabels(labels)
"Labels with user-defined metadata. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }."
fn spec.initProvider.withLabelsMixin
withLabelsMixin(labels)
"Labels with user-defined metadata. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }."
Note: This function appends passed data to existing values
fn spec.initProvider.withProject
withProject(project)
"The ID of the project in which the resource belongs. If it is not provided, the provider project is used."
fn spec.initProvider.withPublishingOptions
withPublishingOptions(publishingOptions)
"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. Structure is documented below."
fn spec.initProvider.withPublishingOptionsMixin
withPublishingOptionsMixin(publishingOptions)
"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.withTier
withTier(tier)
"The Tier of this CaPool. Possible values are: ENTERPRISE, DEVOPS."
obj spec.initProvider.issuancePolicy
"The IssuancePolicy to control how Certificates will be issued from this CaPool. Structure is documented below."
fn spec.initProvider.issuancePolicy.withAllowedIssuanceModes
withAllowedIssuanceModes(allowedIssuanceModes)
"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool. Structure is documented below."
fn spec.initProvider.issuancePolicy.withAllowedIssuanceModesMixin
withAllowedIssuanceModesMixin(allowedIssuanceModes)
"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.withAllowedKeyTypes
withAllowedKeyTypes(allowedKeyTypes)
"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used. Structure is documented below."
fn spec.initProvider.issuancePolicy.withAllowedKeyTypesMixin
withAllowedKeyTypesMixin(allowedKeyTypes)
"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.withBaselineValues
withBaselineValues(baselineValues)
"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate issuance request will fail. Structure is documented below."
fn spec.initProvider.issuancePolicy.withBaselineValuesMixin
withBaselineValuesMixin(baselineValues)
"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate issuance request will fail. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.withIdentityConstraints
withIdentityConstraints(identityConstraints)
"Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity. Structure is documented below."
fn spec.initProvider.issuancePolicy.withIdentityConstraintsMixin
withIdentityConstraintsMixin(identityConstraints)
"Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.withMaximumLifetime
withMaximumLifetime(maximumLifetime)
"The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it."
obj spec.initProvider.issuancePolicy.allowedIssuanceModes
"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool. Structure is documented below."
fn spec.initProvider.issuancePolicy.allowedIssuanceModes.withAllowConfigBasedIssuance
withAllowConfigBasedIssuance(allowConfigBasedIssuance)
"When true, allows callers to create Certificates by specifying a CertificateConfig."
fn spec.initProvider.issuancePolicy.allowedIssuanceModes.withAllowCsrBasedIssuance
withAllowCsrBasedIssuance(allowCsrBasedIssuance)
"When true, allows callers to create Certificates by specifying a CSR."
obj spec.initProvider.issuancePolicy.allowedKeyTypes
"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used. Structure is documented below."
fn spec.initProvider.issuancePolicy.allowedKeyTypes.withEllipticCurve
withEllipticCurve(ellipticCurve)
"Represents an allowed Elliptic Curve key type. Structure is documented below."
fn spec.initProvider.issuancePolicy.allowedKeyTypes.withEllipticCurveMixin
withEllipticCurveMixin(ellipticCurve)
"Represents an allowed Elliptic Curve key type. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.allowedKeyTypes.withRsa
withRsa(rsa)
"Describes an RSA key that may be used in a Certificate issued from a CaPool. Structure is documented below."
fn spec.initProvider.issuancePolicy.allowedKeyTypes.withRsaMixin
withRsaMixin(rsa)
"Describes an RSA key that may be used in a Certificate issued from a CaPool. Structure is documented below."
Note: This function appends passed data to existing values
obj spec.initProvider.issuancePolicy.allowedKeyTypes.ellipticCurve
"Represents an allowed Elliptic Curve key type. Structure is documented below."
fn spec.initProvider.issuancePolicy.allowedKeyTypes.ellipticCurve.withSignatureAlgorithm
withSignatureAlgorithm(signatureAlgorithm)
"The algorithm used. Possible values are: ECDSA_P256, ECDSA_P384, EDDSA_25519."
obj spec.initProvider.issuancePolicy.allowedKeyTypes.rsa
"Describes an RSA key that may be used in a Certificate issued from a CaPool. Structure is documented below."
fn spec.initProvider.issuancePolicy.allowedKeyTypes.rsa.withMaxModulusSize
withMaxModulusSize(maxModulusSize)
"The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes."
fn spec.initProvider.issuancePolicy.allowedKeyTypes.rsa.withMinModulusSize
withMinModulusSize(minModulusSize)
"The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply."
obj spec.initProvider.issuancePolicy.baselineValues
"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate issuance request will fail. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.withAdditionalExtensions
withAdditionalExtensions(additionalExtensions)
"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.withAdditionalExtensionsMixin
withAdditionalExtensionsMixin(additionalExtensions)
"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.withAiaOcspServers
withAiaOcspServers(aiaOcspServers)
"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate."
fn spec.initProvider.issuancePolicy.baselineValues.withAiaOcspServersMixin
withAiaOcspServersMixin(aiaOcspServers)
"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.withCaOptions
withCaOptions(caOptions)
"Describes values that are relevant in a CA certificate. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.withCaOptionsMixin
withCaOptionsMixin(caOptions)
"Describes values that are relevant in a CA certificate. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.withKeyUsage
withKeyUsage(keyUsage)
"Indicates the intended use for keys that correspond to a certificate. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.withKeyUsageMixin
withKeyUsageMixin(keyUsage)
"Indicates the intended use for keys that correspond to a certificate. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.withNameConstraints
withNameConstraints(nameConstraints)
"Describes the X.509 name constraints extension. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.withNameConstraintsMixin
withNameConstraintsMixin(nameConstraints)
"Describes the X.509 name constraints extension. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.withPolicyIds
withPolicyIds(policyIds)
"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.withPolicyIdsMixin
withPolicyIdsMixin(policyIds)
"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below."
Note: This function appends passed data to existing values
obj spec.initProvider.issuancePolicy.baselineValues.additionalExtensions
"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.additionalExtensions.withCritical
withCritical(critical)
"Indicates whether or not the name constraints are marked critical."
fn spec.initProvider.issuancePolicy.baselineValues.additionalExtensions.withObjectId
withObjectId(objectId)
"Describes values that are relevant in a CA certificate. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.additionalExtensions.withObjectIdMixin
withObjectIdMixin(objectId)
"Describes values that are relevant in a CA certificate. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.additionalExtensions.withValue
withValue(value)
"The value of this X.509 extension. A base64-encoded string."
obj spec.initProvider.issuancePolicy.baselineValues.additionalExtensions.objectId
"Describes values that are relevant in a CA certificate. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.additionalExtensions.objectId.withObjectIdPath
withObjectIdPath(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
fn spec.initProvider.issuancePolicy.baselineValues.additionalExtensions.objectId.withObjectIdPathMixin
withObjectIdPathMixin(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
Note: This function appends passed data to existing values
obj spec.initProvider.issuancePolicy.baselineValues.caOptions
"Describes values that are relevant in a CA certificate. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.caOptions.withIsCa
withIsCa(isCa)
"When true, the \"CA\" in Basic Constraints extension will be set to true."
fn spec.initProvider.issuancePolicy.baselineValues.caOptions.withMaxIssuerPathLength
withMaxIssuerPathLength(maxIssuerPathLength)
"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail."
fn spec.initProvider.issuancePolicy.baselineValues.caOptions.withNonCa
withNonCa(nonCa)
"When true, the \"CA\" in Basic Constraints extension will be set to false. If both is_ca and non_ca are unset, the extension will be omitted from the CA certificate."
fn spec.initProvider.issuancePolicy.baselineValues.caOptions.withZeroMaxIssuerPathLength
withZeroMaxIssuerPathLength(zeroMaxIssuerPathLength)
"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length are unset, the max path length will be omitted from the CA certificate."
obj spec.initProvider.issuancePolicy.baselineValues.keyUsage
"Indicates the intended use for keys that correspond to a certificate. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.withBaseKeyUsage
withBaseKeyUsage(baseKeyUsage)
"Describes high-level ways in which a key may be used. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.withBaseKeyUsageMixin
withBaseKeyUsageMixin(baseKeyUsage)
"Describes high-level ways in which a key may be used. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.withExtendedKeyUsage
withExtendedKeyUsage(extendedKeyUsage)
"Describes high-level ways in which a key may be used. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.withExtendedKeyUsageMixin
withExtendedKeyUsageMixin(extendedKeyUsage)
"Describes high-level ways in which a key may be used. Structure is documented below."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.withUnknownExtendedKeyUsages
withUnknownExtendedKeyUsages(unknownExtendedKeyUsages)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.withUnknownExtendedKeyUsagesMixin
withUnknownExtendedKeyUsagesMixin(unknownExtendedKeyUsages)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below."
Note: This function appends passed data to existing values
obj spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage
"Describes high-level ways in which a key may be used. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withCertSign
withCertSign(certSign)
"The key may be used to sign certificates."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withContentCommitment
withContentCommitment(contentCommitment)
"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\"."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withCrlSign
withCrlSign(crlSign)
"The key may be used sign certificate revocation lists."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withDataEncipherment
withDataEncipherment(dataEncipherment)
"The key may be used to encipher data."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withDecipherOnly
withDecipherOnly(decipherOnly)
"The key may be used to decipher only."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withDigitalSignature
withDigitalSignature(digitalSignature)
"The key may be used for digital signatures."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withEncipherOnly
withEncipherOnly(encipherOnly)
"The key may be used to encipher only."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withKeyAgreement
withKeyAgreement(keyAgreement)
"The key may be used in a key agreement protocol."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.withKeyEncipherment
withKeyEncipherment(keyEncipherment)
"The key may be used to encipher other keys."
obj spec.initProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage
"Describes high-level ways in which a key may be used. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withClientAuth
withClientAuth(clientAuth)
"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withCodeSigning
withCodeSigning(codeSigning)
"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\"."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withEmailProtection
withEmailProtection(emailProtection)
"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\"."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withOcspSigning
withOcspSigning(ocspSigning)
"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\"."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withServerAuth
withServerAuth(serverAuth)
"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.withTimeStamping
withTimeStamping(timeStamping)
"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\"."
obj spec.initProvider.issuancePolicy.baselineValues.keyUsage.unknownExtendedKeyUsages
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.unknownExtendedKeyUsages.withObjectIdPath
withObjectIdPath(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
fn spec.initProvider.issuancePolicy.baselineValues.keyUsage.unknownExtendedKeyUsages.withObjectIdPathMixin
withObjectIdPathMixin(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
Note: This function appends passed data to existing values
obj spec.initProvider.issuancePolicy.baselineValues.nameConstraints
"Describes the X.509 name constraints extension. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withCritical
withCritical(critical)
"Indicates whether or not the name constraints are marked critical."
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedDnsNames
withExcludedDnsNames(excludedDnsNames)
"Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not."
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedDnsNamesMixin
withExcludedDnsNamesMixin(excludedDnsNames)
"Contains excluded DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedEmailAddresses
withExcludedEmailAddresses(excludedEmailAddresses)
"Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain."
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedEmailAddressesMixin
withExcludedEmailAddressesMixin(excludedEmailAddresses)
"Contains the excluded email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedIpRanges
withExcludedIpRanges(excludedIpRanges)
"Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses."
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedIpRangesMixin
withExcludedIpRangesMixin(excludedIpRanges)
"Contains the excluded IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedUris
withExcludedUris(excludedUris)
"Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)"
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withExcludedUrisMixin
withExcludedUrisMixin(excludedUris)
"Contains the excluded URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)"
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedDnsNames
withPermittedDnsNames(permittedDnsNames)
"Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not."
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedDnsNamesMixin
withPermittedDnsNamesMixin(permittedDnsNames)
"Contains permitted DNS names. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, example.com, www.example.com, www.sub.example.com would satisfy example.com while example1.com does not."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedEmailAddresses
withPermittedEmailAddresses(permittedEmailAddresses)
"Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain."
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedEmailAddressesMixin
withPermittedEmailAddressesMixin(permittedEmailAddresses)
"Contains the permitted email addresses. The value can be a particular email address, a hostname to indicate all email addresses on that host or a domain with a leading period (e.g. .example.com) to indicate all email addresses in that domain."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedIpRanges
withPermittedIpRanges(permittedIpRanges)
"Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses."
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedIpRangesMixin
withPermittedIpRangesMixin(permittedIpRanges)
"Contains the permitted IP ranges. For IPv4 addresses, the ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 addresses."
Note: This function appends passed data to existing values
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedUris
withPermittedUris(permittedUris)
"Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)"
fn spec.initProvider.issuancePolicy.baselineValues.nameConstraints.withPermittedUrisMixin
withPermittedUrisMixin(permittedUris)
"Contains the permitted URIs that apply to the host part of the name. The value can be a hostname or a domain with a leading period (like .example.com)"
Note: This function appends passed data to existing values
obj spec.initProvider.issuancePolicy.baselineValues.policyIds
"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below."
fn spec.initProvider.issuancePolicy.baselineValues.policyIds.withObjectIdPath
withObjectIdPath(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
fn spec.initProvider.issuancePolicy.baselineValues.policyIds.withObjectIdPathMixin
withObjectIdPathMixin(objectIdPath)
"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages."
Note: This function appends passed data to existing values
obj spec.initProvider.issuancePolicy.identityConstraints
"Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity. Structure is documented below."
fn spec.initProvider.issuancePolicy.identityConstraints.withAllowSubjectAltNamesPassthrough
withAllowSubjectAltNamesPassthrough(allowSubjectAltNamesPassthrough)
"If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded."
fn spec.initProvider.issuancePolicy.identityConstraints.withAllowSubjectPassthrough
withAllowSubjectPassthrough(allowSubjectPassthrough)
"If this is set, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded."
fn spec.initProvider.issuancePolicy.identityConstraints.withCelExpression
withCelExpression(celExpression)
"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/cel-guide Structure is documented below."
fn spec.initProvider.issuancePolicy.identityConstraints.withCelExpressionMixin
withCelExpressionMixin(celExpression)
"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/cel-guide Structure is documented below."
Note: This function appends passed data to existing values
obj spec.initProvider.issuancePolicy.identityConstraints.celExpression
"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/cel-guide Structure is documented below."
fn spec.initProvider.issuancePolicy.identityConstraints.celExpression.withDescription
withDescription(description)
"Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI."
fn spec.initProvider.issuancePolicy.identityConstraints.celExpression.withExpression
withExpression(expression)
"Textual representation of an expression in Common Expression Language syntax."
fn spec.initProvider.issuancePolicy.identityConstraints.celExpression.withTitle
withTitle(title)
"Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression."
obj spec.initProvider.publishingOptions
"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. Structure is documented below."
fn spec.initProvider.publishingOptions.withPublishCaCert
withPublishCaCert(publishCaCert)
"When true, publishes each CertificateAuthority's CA certificate and includes its URL in the \"Authority Information Access\" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates."
fn spec.initProvider.publishingOptions.withPublishCrl
withPublishCrl(publishCrl)
"When true, publishes each CertificateAuthority's CRL and includes its URL in the \"CRL Distribution Points\" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked."
obj spec.providerConfigRef
"ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured."
fn spec.providerConfigRef.withName
withName(name)
"Name of the referenced object."
obj spec.providerConfigRef.policy
"Policies for referencing."
fn spec.providerConfigRef.policy.withResolution
withResolution(resolution)
"Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved."
fn spec.providerConfigRef.policy.withResolve
withResolve(resolve)
"Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile."
obj spec.providerRef
"ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. providerConfigRef"
fn spec.providerRef.withName
withName(name)
"Name of the referenced object."
obj spec.providerRef.policy
"Policies for referencing."
fn spec.providerRef.policy.withResolution
withResolution(resolution)
"Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved."
fn spec.providerRef.policy.withResolve
withResolve(resolve)
"Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile."
obj spec.publishConnectionDetailsTo
"PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource."
fn spec.publishConnectionDetailsTo.withName
withName(name)
"Name is the name of the connection secret."
obj spec.publishConnectionDetailsTo.configRef
"SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret."
fn spec.publishConnectionDetailsTo.configRef.withName
withName(name)
"Name of the referenced object."
obj spec.publishConnectionDetailsTo.configRef.policy
"Policies for referencing."
fn spec.publishConnectionDetailsTo.configRef.policy.withResolution
withResolution(resolution)
"Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved."
fn spec.publishConnectionDetailsTo.configRef.policy.withResolve
withResolve(resolve)
"Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile."
obj spec.publishConnectionDetailsTo.metadata
"Metadata is the metadata for connection secret."
fn spec.publishConnectionDetailsTo.metadata.withAnnotations
withAnnotations(annotations)
"Annotations are the annotations to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.annotations\". - It is up to Secret Store implementation for others store types."
fn spec.publishConnectionDetailsTo.metadata.withAnnotationsMixin
withAnnotationsMixin(annotations)
"Annotations are the annotations to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.annotations\". - It is up to Secret Store implementation for others store types."
Note: This function appends passed data to existing values
fn spec.publishConnectionDetailsTo.metadata.withLabels
withLabels(labels)
"Labels are the labels/tags to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.labels\". - It is up to Secret Store implementation for others store types."
fn spec.publishConnectionDetailsTo.metadata.withLabelsMixin
withLabelsMixin(labels)
"Labels are the labels/tags to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.labels\". - It is up to Secret Store implementation for others store types."
Note: This function appends passed data to existing values
fn spec.publishConnectionDetailsTo.metadata.withType
withType(type)
"Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores."
obj spec.writeConnectionSecretToRef
"WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other."
fn spec.writeConnectionSecretToRef.withName
withName(name)
"Name of the secret."
fn spec.writeConnectionSecretToRef.withNamespace
withNamespace(namespace)
"Namespace of the secret."