certificate_authorities
Creates, updates, deletes, gets or lists a certificate_authorities resource.
Overview
| Name | certificate_authorities |
| Type | Resource |
| Id | google.privateca.certificate_authorities |
Fields
| Name | Datatype | Description |
|---|---|---|
pemCsr | string | Output only. The PEM-encoded signed certificate signing request (CSR). |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
fetch | SELECT | caPoolsId, certificateAuthoritiesId, locationsId, projectsId | Fetch a certificate signing request (CSR) from a CertificateAuthority that is in state AWAITING_USER_ACTIVATION and is of type SUBORDINATE. The CSR must then be signed by the desired parent Certificate Authority, which could be another CertificateAuthority resource, or could be an on-prem certificate authority. See also ActivateCertificateAuthority. |
get | SELECT | caPoolsId, certificateAuthoritiesId, locationsId, projectsId | Returns a CertificateAuthority. |
list | SELECT | caPoolsId, locationsId, projectsId | Lists CertificateAuthorities. |
create | INSERT | caPoolsId, locationsId, projectsId | Create a new CertificateAuthority in a given Project and Location. |
delete | DELETE | caPoolsId, certificateAuthoritiesId, locationsId, projectsId | Delete a CertificateAuthority. |
patch | UPDATE | caPoolsId, certificateAuthoritiesId, locationsId, projectsId | Update a CertificateAuthority. |
activate | EXEC | caPoolsId, certificateAuthoritiesId, locationsId, projectsId | Activate a CertificateAuthority that is in state AWAITING_USER_ACTIVATION and is of type SUBORDINATE. After the parent Certificate Authority signs a certificate signing request from FetchCertificateAuthorityCsr, this method can complete the activation process. |
disable | EXEC | caPoolsId, certificateAuthoritiesId, locationsId, projectsId | Disable a CertificateAuthority. |
enable | EXEC | caPoolsId, certificateAuthoritiesId, locationsId, projectsId | Enable a CertificateAuthority. |
undelete | EXEC | caPoolsId, certificateAuthoritiesId, locationsId, projectsId | Undelete a CertificateAuthority that has been deleted. |
SELECT examples
Lists CertificateAuthorities.
SELECT
pemCsr
FROM google.privateca.certificate_authorities
WHERE caPoolsId = '{{ caPoolsId }}'
AND locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}';
INSERT example
Use the following StackQL query and manifest file to create a new certificate_authorities resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO google.privateca.certificate_authorities (
caPoolsId,
locationsId,
projectsId,
type,
config,
lifetime,
keySpec,
subordinateConfig,
gcsBucket,
labels
)
SELECT
'{{ caPoolsId }}',
'{{ locationsId }}',
'{{ projectsId }}',
'{{ type }}',
'{{ config }}',
'{{ lifetime }}',
'{{ keySpec }}',
'{{ subordinateConfig }}',
'{{ gcsBucket }}',
'{{ labels }}'
;
- name: your_resource_model_name
props:
- name: name
value: string
- name: type
value: string
- name: config
value:
- name: subjectConfig
value:
- name: subject
value:
- name: commonName
value: string
- name: countryCode
value: string
- name: organization
value: string
- name: organizationalUnit
value: string
- name: locality
value: string
- name: province
value: string
- name: streetAddress
value: string
- name: postalCode
value: string
- name: subjectAltName
value:
- name: dnsNames
value:
- string
- name: uris
value:
- string
- name: emailAddresses
value:
- string
- name: ipAddresses
value:
- string
- name: customSans
value:
- - name: objectId
value:
- name: objectIdPath
value:
- integer
- name: critical
value: boolean
- name: value
value: string
- name: x509Config
value:
- name: keyUsage
value:
- name: baseKeyUsage
value:
- name: digitalSignature
value: boolean
- name: contentCommitment
value: boolean
- name: keyEncipherment
value: boolean
- name: dataEncipherment
value: boolean
- name: keyAgreement
value: boolean
- name: certSign
value: boolean
- name: crlSign
value: boolean
- name: encipherOnly
value: boolean
- name: decipherOnly
value: boolean
- name: extendedKeyUsage
value:
- name: serverAuth
value: boolean
- name: clientAuth
value: boolean
- name: codeSigning
value: boolean
- name: emailProtection
value: boolean
- name: timeStamping
value: boolean
- name: ocspSigning
value: boolean
- name: unknownExtendedKeyUsages
value:
- - name: objectIdPath
value:
- integer
- name: caOptions
value:
- name: isCa
value: boolean
- name: maxIssuerPathLength
value: integer
- name: policyIds
value:
- - name: objectIdPath
value:
- integer
- name: aiaOcspServers
value:
- string
- name: nameConstraints
value:
- name: critical
value: boolean
- name: permittedDnsNames
value:
- string
- name: excludedDnsNames
value:
- string
- name: permittedIpRanges
value:
- string
- name: excludedIpRanges
value:
- string
- name: permittedEmailAddresses
value:
- string
- name: excludedEmailAddresses
value:
- string
- name: permittedUris
value:
- string
- name: excludedUris
value:
- string
- name: additionalExtensions
value:
- - name: critical
value: boolean
- name: value
value: string
- name: publicKey
value:
- name: key
value: string
- name: format
value: string
- name: subjectKeyId
value:
- name: keyId
value: string
- name: lifetime
value: string
- name: keySpec
value:
- name: cloudKmsKeyVersion
value: string
- name: algorithm
value: string
- name: subordinateConfig
value:
- name: certificateAuthority
value: string
- name: pemIssuerChain
value:
- name: pemCertificates
value:
- string
- name: tier
value: string
- name: state
value: string
- name: pemCaCertificates
value:
- string
- name: caCertificateDescriptions
value:
- - name: subjectDescription
value:
- name: hexSerialNumber
value: string
- name: lifetime
value: string
- name: notBeforeTime
value: string
- name: notAfterTime
value: string
- name: subjectKeyId
value:
- name: keyId
value: string
- name: crlDistributionPoints
value:
- string
- name: aiaIssuingCertificateUrls
value:
- string
- name: certFingerprint
value:
- name: sha256Hash
value: string
- name: tbsCertificateDigest
value: string
- name: gcsBucket
value: string
- name: accessUrls
value:
- name: caCertificateAccessUrl
value: string
- name: crlAccessUrls
value:
- string
- name: createTime
value: string
- name: updateTime
value: string
- name: deleteTime
value: string
- name: expireTime
value: string
- name: labels
value: object
- name: satisfiesPzs
value: boolean
- name: satisfiesPzi
value: boolean
UPDATE example
Updates a certificate_authorities resource.
/*+ update */
UPDATE google.privateca.certificate_authorities
SET
type = '{{ type }}',
config = '{{ config }}',
lifetime = '{{ lifetime }}',
keySpec = '{{ keySpec }}',
subordinateConfig = '{{ subordinateConfig }}',
gcsBucket = '{{ gcsBucket }}',
labels = '{{ labels }}'
WHERE
caPoolsId = '{{ caPoolsId }}'
AND certificateAuthoritiesId = '{{ certificateAuthoritiesId }}'
AND locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}';
DELETE example
Deletes the specified certificate_authorities resource.
/*+ delete */
DELETE FROM google.privateca.certificate_authorities
WHERE caPoolsId = '{{ caPoolsId }}'
AND certificateAuthoritiesId = '{{ certificateAuthoritiesId }}'
AND locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}';