# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: privateca.cnrm.cloud.google.com/v1beta1 kind: PrivateCACertificateTemplate metadata: labels: label-two: "value-two" name: privatecacertificatetemplate-sample spec: projectRef: # Replace ${PROJECT_ID?} with your project ID external: "projects/${PROJECT_ID?}" location: "us-central1" predefinedValues: keyUsage: baseKeyUsage: digitalSignature: true contentCommitment: true keyEncipherment: true dataEncipherment: true keyAgreement: true certSign: false crlSign: false encipherOnly: true decipherOnly: true extendedKeyUsage: serverAuth: true clientAuth: true codeSigning: true emailProtection: true timeStamping: true ocspSigning: true unknownExtendedKeyUsages: - objectIdPath: - 1 - 6 caOptions: isCa: false maxIssuerPathLength: 6 policyIds: - objectIdPath: - 1 - 6 aiaOcspServers: - string additionalExtensions: - objectId: objectIdPath: - 1 - 6 critical: true value: c3RyaW5nCg== identityConstraints: celExpression: title: Sample expression description: Always true expression: 'true' location: any.file.anywhere allowSubjectPassthrough: true allowSubjectAltNamesPassthrough: true passthroughExtensions: knownExtensions: - EXTENDED_KEY_USAGE additionalExtensions: - objectIdPath: - 1 - 6 description: An basic sample certificate template