...
1# Copyright 2021 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: privateca.cnrm.cloud.google.com/v1beta1
16kind: PrivateCACAPool
17metadata:
18 labels:
19 label-two: "value-two"
20 name: privatecacapool-sample
21spec:
22 projectRef:
23 external: projects/${PROJECT_ID?}
24 location: "us-central1"
25 tier: ENTERPRISE
26 issuancePolicy:
27 allowedKeyTypes:
28 - rsa:
29 minModulusSize: 64
30 maxModulusSize: 128
31 - ellipticCurve:
32 signatureAlgorithm: ECDSA_P384
33 maximumLifetime: 43200s
34 allowedIssuanceModes:
35 allowCsrBasedIssuance: true
36 allowConfigBasedIssuance: false
37 baselineValues:
38 keyUsage:
39 baseKeyUsage:
40 digitalSignature: false
41 contentCommitment: false
42 keyEncipherment: false
43 dataEncipherment: false
44 keyAgreement: false
45 certSign: false
46 crlSign: false
47 encipherOnly: false
48 decipherOnly: false
49 extendedKeyUsage:
50 serverAuth: false
51 clientAuth: false
52 codeSigning: false
53 emailProtection: false
54 timeStamping: false
55 ocspSigning: false
56 unknownExtendedKeyUsages:
57 - objectIdPath:
58 - 1
59 - 7
60 caOptions:
61 isCa: false
62 maxIssuerPathLength: 7
63 policyIds:
64 - objectIdPath:
65 - 1
66 - 7
67 aiaOcspServers:
68 - string
69 additionalExtensions:
70 - objectId:
71 objectIdPath:
72 - 1
73 - 7
74 critical: false
75 value: c3RyaW5nCg==
76 identityConstraints:
77 celExpression:
78 title: Sample expression
79 description: Always false
80 expression: 'false'
81 location: devops.ca_pool.json
82 allowSubjectPassthrough: false
83 allowSubjectAltNamesPassthrough: false
84 passthroughExtensions:
85 knownExtensions:
86 - BASE_KEY_USAGE
87 additionalExtensions:
88 - objectIdPath:
89 - 1
90 - 7
View as plain text