Struct gapi_grpc::google::cloud::security::privateca::v1::ca_pool::IssuancePolicy

pub struct IssuancePolicy {
    pub allowed_key_types: Vec<AllowedKeyType>,
    pub maximum_lifetime: Option<Duration>,
    pub allowed_issuance_modes: Option<IssuanceModes>,
    pub baseline_values: Option<X509Parameters>,
    pub identity_constraints: Option<CertificateIdentityConstraints>,
    pub passthrough_extensions: Option<CertificateExtensionConstraints>,
}

Defines controls over all certificate issuance within a [CaPool][google.cloud.security.privateca.v1.CaPool].

Fields

allowed_key_types: Vec<AllowedKeyType>

Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request’s public key must match one of the key types listed here. Otherwise, any key may be used.

maximum_lifetime: Option<Duration>

Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a [Certificate][google.cloud.security.privateca.v1.Certificate]’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

allowed_issuance_modes: Option<IssuanceModes>

Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].

baseline_values: Option<X509Parameters>

Optional. A set of X.509 values that will be applied to all certificates issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] that defines conflicting [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same properties, the certificate issuance request will fail.

identity_constraints: Option<CertificateIdentityConstraints>

Optional. Describes constraints on identities that may appear in [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a certificate’s identity.

passthrough_extensions: Option<CertificateExtensionConstraints>

Optional. Describes the set of X.509 extensions that may appear in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request sets extensions that don’t appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions], those extensions will be dropped. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don’t appear here, the certificate issuance request will fail. If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]’s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].

Trait Implementations

impl Clone for IssuancePolicy

fn clone(&self) -> IssuancePolicy

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for IssuancePolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for IssuancePolicy

fn default() -> IssuancePolicy

Returns the “default value” for a type.

impl Message for IssuancePolicy

fn encode_raw<B>(&self, buf: &mut B) where
    B: BufMut, 

fn merge_field<B>(
    &mut self,
    tag: u32,
    wire_type: WireType,
    buf: &mut B,
    ctx: DecodeContext
) -> Result<(), DecodeError> where
    B: Buf, 

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.

fn clear(&mut self)

Clears the message, resetting all fields to their default.

pub fn encode<B>(&self, buf: &mut B) -> Result<(), EncodeError> where
    B: BufMut, 

Encodes the message to a buffer.

pub fn encode_length_delimited<B>(&self, buf: &mut B) -> Result<(), EncodeError> where
    B: BufMut, 

Encodes the message with a length-delimiter to a buffer.

pub fn decode<B>(buf: B) -> Result<Self, DecodeError> where
    Self: Default,
    B: Buf, 

Decodes an instance of the message from a buffer.

pub fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
    Self: Default,
    B: Buf, 

Decodes a length-delimited instance of the message from the buffer.

pub fn merge<B>(&mut self, buf: B) -> Result<(), DecodeError> where
    B: Buf, 

Decodes an instance of the message from a buffer, and merges it into self.

pub fn merge_length_delimited<B>(&mut self, buf: B) -> Result<(), DecodeError> where
    B: Buf, 

Decodes a length-delimited instance of the message from buffer, and merges it into self.

impl PartialEq<IssuancePolicy> for IssuancePolicy

fn eq(&self, other: &IssuancePolicy) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &IssuancePolicy) -> bool

This method tests for !=.

impl StructuralPartialEq for IssuancePolicy