View Source GoogleApi.PrivateCA.V1.Model.IssuancePolicy (google_api_private_ca v0.15.1)

Defines controls over all certificate issuance within a CaPool.

Attributes

  • allowedIssuanceModes (type: GoogleApi.PrivateCA.V1.Model.IssuanceModes.t, default: nil) - Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
  • allowedKeyTypes (type: list(GoogleApi.PrivateCA.V1.Model.AllowedKeyType.t), default: nil) - Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
  • baselineValues (type: GoogleApi.PrivateCA.V1.Model.X509Parameters.t, default: nil) - Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
  • identityConstraints (type: GoogleApi.PrivateCA.V1.Model.CertificateIdentityConstraints.t, default: nil) - Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
  • maximumLifetime (type: String.t, default: nil) - Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate resource's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
  • passthroughExtensions (type: GoogleApi.PrivateCA.V1.Model.CertificateExtensionConstraints.t, default: nil) - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

Summary

Functions

Unwrap a decoded JSON object into its complex fields.

Types

@type t() :: %GoogleApi.PrivateCA.V1.Model.IssuancePolicy{
  allowedIssuanceModes: GoogleApi.PrivateCA.V1.Model.IssuanceModes.t() | nil,
  allowedKeyTypes: [GoogleApi.PrivateCA.V1.Model.AllowedKeyType.t()] | nil,
  baselineValues: GoogleApi.PrivateCA.V1.Model.X509Parameters.t() | nil,
  identityConstraints:
    GoogleApi.PrivateCA.V1.Model.CertificateIdentityConstraints.t() | nil,
  maximumLifetime: String.t() | nil,
  passthroughExtensions:
    GoogleApi.PrivateCA.V1.Model.CertificateExtensionConstraints.t() | nil
}

Functions

@spec decode(struct(), keyword()) :: struct()

Unwrap a decoded JSON object into its complex fields.