All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.certificateauthority.kotlin.AuthorityArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.certificateauthority.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.certificateauthority.AuthorityArgs.builder
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthorityConfigArgs
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthorityConfigArgsBuilder
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthorityKeySpecArgs
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthorityKeySpecArgsBuilder
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthoritySubordinateConfigArgs
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthoritySubordinateConfigArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName

/**
 * A CertificateAuthority represents an individual Certificate Authority. A
 * CertificateAuthority can be used to create Certificates.
 * To get more information about CertificateAuthority, see:
 * * [API documentation](https://cloud.google.com/certificate-authority-service/docs/reference/rest)
 * * How-to Guides
 *     * [Official Documentation](https://cloud.google.com/certificate-authority-service)
 * > **Warning:** On newer versions of the provider, you must explicitly set `deletion_protection=false`
 * (and run `pulumi up` to write the field to state) in order to destroy a CertificateAuthority.
 * It is recommended to not set this field (or set it to true) until you're ready to destroy.
 * ## Example Usage
 * ### Privateca Certificate Authority Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const _default = new gcp.certificateauthority.Authority("default", {
 *     pool: "ca-pool",
 *     certificateAuthorityId: "my-certificate-authority",
 *     location: "us-central1",
 *     deletionProtection: true,
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "HashiCorp",
 *                 commonName: "my-certificate-authority",
 *             },
 *             subjectAltName: {
 *                 dnsNames: ["hashicorp.com"],
 *             },
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *                 maxIssuerPathLength: 10,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     digitalSignature: true,
 *                     contentCommitment: true,
 *                     keyEncipherment: false,
 *                     dataEncipherment: true,
 *                     keyAgreement: true,
 *                     certSign: true,
 *                     crlSign: true,
 *                     decipherOnly: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: true,
 *                     clientAuth: false,
 *                     emailProtection: true,
 *                     codeSigning: true,
 *                     timeStamping: true,
 *                 },
 *             },
 *         },
 *     },
 *     lifetime: "86400s",
 *     keySpec: {
 *         algorithm: "RSA_PKCS1_4096_SHA256",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * default = gcp.certificateauthority.Authority("default",
 *     pool="ca-pool",
 *     certificate_authority_id="my-certificate-authority",
 *     location="us-central1",
 *     deletion_protection=True,
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="HashiCorp",
 *                 common_name="my-certificate-authority",
 *             ),
 *             subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
 *                 dns_names=["hashicorp.com"],
 *             ),
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *                 max_issuer_path_length=10,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     digital_signature=True,
 *                     content_commitment=True,
 *                     key_encipherment=False,
 *                     data_encipherment=True,
 *                     key_agreement=True,
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                     decipher_only=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=True,
 *                     client_auth=False,
 *                     email_protection=True,
 *                     code_signing=True,
 *                     time_stamping=True,
 *                 ),
 *             ),
 *         ),
 *     ),
 *     lifetime="86400s",
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         algorithm="RSA_PKCS1_4096_SHA256",
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var @default = new Gcp.CertificateAuthority.Authority("default", new()
 *     {
 *         Pool = "ca-pool",
 *         CertificateAuthorityId = "my-certificate-authority",
 *         Location = "us-central1",
 *         DeletionProtection = true,
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "HashiCorp",
 *                     CommonName = "my-certificate-authority",
 *                 },
 *                 SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
 *                 {
 *                     DnsNames = new[]
 *                     {
 *                         "hashicorp.com",
 *                     },
 *                 },
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                     MaxIssuerPathLength = 10,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         DigitalSignature = true,
 *                         ContentCommitment = true,
 *                         KeyEncipherment = false,
 *                         DataEncipherment = true,
 *                         KeyAgreement = true,
 *                         CertSign = true,
 *                         CrlSign = true,
 *                         DecipherOnly = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = true,
 *                         ClientAuth = false,
 *                         EmailProtection = true,
 *                         CodeSigning = true,
 *                         TimeStamping = true,
 *                     },
 *                 },
 *             },
 *         },
 *         Lifetime = "86400s",
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             Algorithm = "RSA_PKCS1_4096_SHA256",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
 * 			Pool:                   pulumi.String("ca-pool"),
 * 			CertificateAuthorityId: pulumi.String("my-certificate-authority"),
 * 			Location:               pulumi.String("us-central1"),
 * 			DeletionProtection:     pulumi.Bool(true),
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("HashiCorp"),
 * 						CommonName:   pulumi.String("my-certificate-authority"),
 * 					},
 * 					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
 * 						DnsNames: pulumi.StringArray{
 * 							pulumi.String("hashicorp.com"),
 * 						},
 * 					},
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa:                pulumi.Bool(true),
 * 						MaxIssuerPathLength: pulumi.Int(10),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							DigitalSignature:  pulumi.Bool(true),
 * 							ContentCommitment: pulumi.Bool(true),
 * 							KeyEncipherment:   pulumi.Bool(false),
 * 							DataEncipherment:  pulumi.Bool(true),
 * 							KeyAgreement:      pulumi.Bool(true),
 * 							CertSign:          pulumi.Bool(true),
 * 							CrlSign:           pulumi.Bool(true),
 * 							DecipherOnly:      pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth:      pulumi.Bool(true),
 * 							ClientAuth:      pulumi.Bool(false),
 * 							EmailProtection: pulumi.Bool(true),
 * 							CodeSigning:     pulumi.Bool(true),
 * 							TimeStamping:    pulumi.Bool(true),
 * 						},
 * 					},
 * 				},
 * 			},
 * 			Lifetime: pulumi.String("86400s"),
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.certificateauthority.Authority;
 * import com.pulumi.gcp.certificateauthority.AuthorityArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var default_ = new Authority("default", AuthorityArgs.builder()
 *             .pool("ca-pool")
 *             .certificateAuthorityId("my-certificate-authority")
 *             .location("us-central1")
 *             .deletionProtection("true")
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("HashiCorp")
 *                         .commonName("my-certificate-authority")
 *                         .build())
 *                     .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
 *                         .dnsNames("hashicorp.com")
 *                         .build())
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .maxIssuerPathLength(10)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .digitalSignature(true)
 *                             .contentCommitment(true)
 *                             .keyEncipherment(false)
 *                             .dataEncipherment(true)
 *                             .keyAgreement(true)
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .decipherOnly(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(true)
 *                             .clientAuth(false)
 *                             .emailProtection(true)
 *                             .codeSigning(true)
 *                             .timeStamping(true)
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .build())
 *             .lifetime("86400s")
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .algorithm("RSA_PKCS1_4096_SHA256")
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   default:
 *     type: gcp:certificateauthority:Authority
 *     properties:
 *       pool: ca-pool
 *       certificateAuthorityId: my-certificate-authority
 *       location: us-central1
 *       deletionProtection: 'true'
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: HashiCorp
 *             commonName: my-certificate-authority
 *           subjectAltName:
 *             dnsNames:
 *               - hashicorp.com
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *             maxIssuerPathLength: 10
 *           keyUsage:
 *             baseKeyUsage:
 *               digitalSignature: true
 *               contentCommitment: true
 *               keyEncipherment: false
 *               dataEncipherment: true
 *               keyAgreement: true
 *               certSign: true
 *               crlSign: true
 *               decipherOnly: true
 *             extendedKeyUsage:
 *               serverAuth: true
 *               clientAuth: false
 *               emailProtection: true
 *               codeSigning: true
 *               timeStamping: true
 *       lifetime: 86400s
 *       keySpec:
 *         algorithm: RSA_PKCS1_4096_SHA256
 * ```
 * 
 * ### Privateca Certificate Authority Subordinate
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const root_ca = new gcp.certificateauthority.Authority("root-ca", {
 *     pool: "ca-pool",
 *     certificateAuthorityId: "my-certificate-authority-root",
 *     location: "us-central1",
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "HashiCorp",
 *                 commonName: "my-certificate-authority",
 *             },
 *             subjectAltName: {
 *                 dnsNames: ["hashicorp.com"],
 *             },
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     certSign: true,
 *                     crlSign: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: false,
 *                 },
 *             },
 *         },
 *     },
 *     keySpec: {
 *         algorithm: "RSA_PKCS1_4096_SHA256",
 *     },
 *     deletionProtection: false,
 *     skipGracePeriod: true,
 *     ignoreActiveCertificatesOnDeletion: true,
 * });
 * const _default = new gcp.certificateauthority.Authority("default", {
 *     pool: "ca-pool",
 *     certificateAuthorityId: "my-certificate-authority-sub",
 *     location: "us-central1",
 *     deletionProtection: true,
 *     subordinateConfig: {
 *         certificateAuthority: root_ca.name,
 *     },
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "HashiCorp",
 *                 commonName: "my-subordinate-authority",
 *             },
 *             subjectAltName: {
 *                 dnsNames: ["hashicorp.com"],
 *             },
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *                 maxIssuerPathLength: 0,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     digitalSignature: true,
 *                     contentCommitment: true,
 *                     keyEncipherment: false,
 *                     dataEncipherment: true,
 *                     keyAgreement: true,
 *                     certSign: true,
 *                     crlSign: true,
 *                     decipherOnly: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: true,
 *                     clientAuth: false,
 *                     emailProtection: true,
 *                     codeSigning: true,
 *                     timeStamping: true,
 *                 },
 *             },
 *         },
 *     },
 *     lifetime: "86400s",
 *     keySpec: {
 *         algorithm: "RSA_PKCS1_4096_SHA256",
 *     },
 *     type: "SUBORDINATE",
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * root_ca = gcp.certificateauthority.Authority("root-ca",
 *     pool="ca-pool",
 *     certificate_authority_id="my-certificate-authority-root",
 *     location="us-central1",
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="HashiCorp",
 *                 common_name="my-certificate-authority",
 *             ),
 *             subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
 *                 dns_names=["hashicorp.com"],
 *             ),
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=False,
 *                 ),
 *             ),
 *         ),
 *     ),
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         algorithm="RSA_PKCS1_4096_SHA256",
 *     ),
 *     deletion_protection=False,
 *     skip_grace_period=True,
 *     ignore_active_certificates_on_deletion=True)
 * default = gcp.certificateauthority.Authority("default",
 *     pool="ca-pool",
 *     certificate_authority_id="my-certificate-authority-sub",
 *     location="us-central1",
 *     deletion_protection=True,
 *     subordinate_config=gcp.certificateauthority.AuthoritySubordinateConfigArgs(
 *         certificate_authority=root_ca.name,
 *     ),
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="HashiCorp",
 *                 common_name="my-subordinate-authority",
 *             ),
 *             subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
 *                 dns_names=["hashicorp.com"],
 *             ),
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *                 max_issuer_path_length=0,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     digital_signature=True,
 *                     content_commitment=True,
 *                     key_encipherment=False,
 *                     data_encipherment=True,
 *                     key_agreement=True,
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                     decipher_only=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=True,
 *                     client_auth=False,
 *                     email_protection=True,
 *                     code_signing=True,
 *                     time_stamping=True,
 *                 ),
 *             ),
 *         ),
 *     ),
 *     lifetime="86400s",
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         algorithm="RSA_PKCS1_4096_SHA256",
 *     ),
 *     type="SUBORDINATE")
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var root_ca = new Gcp.CertificateAuthority.Authority("root-ca", new()
 *     {
 *         Pool = "ca-pool",
 *         CertificateAuthorityId = "my-certificate-authority-root",
 *         Location = "us-central1",
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "HashiCorp",
 *                     CommonName = "my-certificate-authority",
 *                 },
 *                 SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
 *                 {
 *                     DnsNames = new[]
 *                     {
 *                         "hashicorp.com",
 *                     },
 *                 },
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         CertSign = true,
 *                         CrlSign = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = false,
 *                     },
 *                 },
 *             },
 *         },
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             Algorithm = "RSA_PKCS1_4096_SHA256",
 *         },
 *         DeletionProtection = false,
 *         SkipGracePeriod = true,
 *         IgnoreActiveCertificatesOnDeletion = true,
 *     });
 *     var @default = new Gcp.CertificateAuthority.Authority("default", new()
 *     {
 *         Pool = "ca-pool",
 *         CertificateAuthorityId = "my-certificate-authority-sub",
 *         Location = "us-central1",
 *         DeletionProtection = true,
 *         SubordinateConfig = new Gcp.CertificateAuthority.Inputs.AuthoritySubordinateConfigArgs
 *         {
 *             CertificateAuthority = root_ca.Name,
 *         },
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "HashiCorp",
 *                     CommonName = "my-subordinate-authority",
 *                 },
 *                 SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
 *                 {
 *                     DnsNames = new[]
 *                     {
 *                         "hashicorp.com",
 *                     },
 *                 },
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                     MaxIssuerPathLength = 0,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         DigitalSignature = true,
 *                         ContentCommitment = true,
 *                         KeyEncipherment = false,
 *                         DataEncipherment = true,
 *                         KeyAgreement = true,
 *                         CertSign = true,
 *                         CrlSign = true,
 *                         DecipherOnly = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = true,
 *                         ClientAuth = false,
 *                         EmailProtection = true,
 *                         CodeSigning = true,
 *                         TimeStamping = true,
 *                     },
 *                 },
 *             },
 *         },
 *         Lifetime = "86400s",
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             Algorithm = "RSA_PKCS1_4096_SHA256",
 *         },
 *         Type = "SUBORDINATE",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := certificateauthority.NewAuthority(ctx, "root-ca", &certificateauthority.AuthorityArgs{
 * 			Pool:                   pulumi.String("ca-pool"),
 * 			CertificateAuthorityId: pulumi.String("my-certificate-authority-root"),
 * 			Location:               pulumi.String("us-central1"),
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("HashiCorp"),
 * 						CommonName:   pulumi.String("my-certificate-authority"),
 * 					},
 * 					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
 * 						DnsNames: pulumi.StringArray{
 * 							pulumi.String("hashicorp.com"),
 * 						},
 * 					},
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa: pulumi.Bool(true),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							CertSign: pulumi.Bool(true),
 * 							CrlSign:  pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth: pulumi.Bool(false),
 * 						},
 * 					},
 * 				},
 * 			},
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
 * 			},
 * 			DeletionProtection:                 pulumi.Bool(false),
 * 			SkipGracePeriod:                    pulumi.Bool(true),
 * 			IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
 * 			Pool:                   pulumi.String("ca-pool"),
 * 			CertificateAuthorityId: pulumi.String("my-certificate-authority-sub"),
 * 			Location:               pulumi.String("us-central1"),
 * 			DeletionProtection:     pulumi.Bool(true),
 * 			SubordinateConfig: &certificateauthority.AuthoritySubordinateConfigArgs{
 * 				CertificateAuthority: root_ca.Name,
 * 			},
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("HashiCorp"),
 * 						CommonName:   pulumi.String("my-subordinate-authority"),
 * 					},
 * 					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
 * 						DnsNames: pulumi.StringArray{
 * 							pulumi.String("hashicorp.com"),
 * 						},
 * 					},
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa:                pulumi.Bool(true),
 * 						MaxIssuerPathLength: pulumi.Int(0),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							DigitalSignature:  pulumi.Bool(true),
 * 							ContentCommitment: pulumi.Bool(true),
 * 							KeyEncipherment:   pulumi.Bool(false),
 * 							DataEncipherment:  pulumi.Bool(true),
 * 							KeyAgreement:      pulumi.Bool(true),
 * 							CertSign:          pulumi.Bool(true),
 * 							CrlSign:           pulumi.Bool(true),
 * 							DecipherOnly:      pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth:      pulumi.Bool(true),
 * 							ClientAuth:      pulumi.Bool(false),
 * 							EmailProtection: pulumi.Bool(true),
 * 							CodeSigning:     pulumi.Bool(true),
 * 							TimeStamping:    pulumi.Bool(true),
 * 						},
 * 					},
 * 				},
 * 			},
 * 			Lifetime: pulumi.String("86400s"),
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
 * 			},
 * 			Type: pulumi.String("SUBORDINATE"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.certificateauthority.Authority;
 * import com.pulumi.gcp.certificateauthority.AuthorityArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthoritySubordinateConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var root_ca = new Authority("root-ca", AuthorityArgs.builder()
 *             .pool("ca-pool")
 *             .certificateAuthorityId("my-certificate-authority-root")
 *             .location("us-central1")
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("HashiCorp")
 *                         .commonName("my-certificate-authority")
 *                         .build())
 *                     .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
 *                         .dnsNames("hashicorp.com")
 *                         .build())
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(false)
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .build())
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .algorithm("RSA_PKCS1_4096_SHA256")
 *                 .build())
 *             .deletionProtection(false)
 *             .skipGracePeriod(true)
 *             .ignoreActiveCertificatesOnDeletion(true)
 *             .build());
 *         var default_ = new Authority("default", AuthorityArgs.builder()
 *             .pool("ca-pool")
 *             .certificateAuthorityId("my-certificate-authority-sub")
 *             .location("us-central1")
 *             .deletionProtection("true")
 *             .subordinateConfig(AuthoritySubordinateConfigArgs.builder()
 *                 .certificateAuthority(root_ca.name())
 *                 .build())
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("HashiCorp")
 *                         .commonName("my-subordinate-authority")
 *                         .build())
 *                     .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
 *                         .dnsNames("hashicorp.com")
 *                         .build())
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .maxIssuerPathLength(0)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .digitalSignature(true)
 *                             .contentCommitment(true)
 *                             .keyEncipherment(false)
 *                             .dataEncipherment(true)
 *                             .keyAgreement(true)
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .decipherOnly(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(true)
 *                             .clientAuth(false)
 *                             .emailProtection(true)
 *                             .codeSigning(true)
 *                             .timeStamping(true)
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .build())
 *             .lifetime("86400s")
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .algorithm("RSA_PKCS1_4096_SHA256")
 *                 .build())
 *             .type("SUBORDINATE")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   root-ca:
 *     type: gcp:certificateauthority:Authority
 *     properties:
 *       pool: ca-pool
 *       certificateAuthorityId: my-certificate-authority-root
 *       location: us-central1
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: HashiCorp
 *             commonName: my-certificate-authority
 *           subjectAltName:
 *             dnsNames:
 *               - hashicorp.com
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *           keyUsage:
 *             baseKeyUsage:
 *               certSign: true
 *               crlSign: true
 *             extendedKeyUsage:
 *               serverAuth: false
 *       keySpec:
 *         algorithm: RSA_PKCS1_4096_SHA256
 *       deletionProtection: false
 *       skipGracePeriod: true
 *       ignoreActiveCertificatesOnDeletion: true
 *   default:
 *     type: gcp:certificateauthority:Authority
 *     properties:
 *       pool: ca-pool
 *       certificateAuthorityId: my-certificate-authority-sub
 *       location: us-central1
 *       deletionProtection: 'true'
 *       subordinateConfig:
 *         certificateAuthority: ${["root-ca"].name}
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: HashiCorp
 *             commonName: my-subordinate-authority
 *           subjectAltName:
 *             dnsNames:
 *               - hashicorp.com
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *             maxIssuerPathLength: 0
 *           keyUsage:
 *             baseKeyUsage:
 *               digitalSignature: true
 *               contentCommitment: true
 *               keyEncipherment: false
 *               dataEncipherment: true
 *               keyAgreement: true
 *               certSign: true
 *               crlSign: true
 *               decipherOnly: true
 *             extendedKeyUsage:
 *               serverAuth: true
 *               clientAuth: false
 *               emailProtection: true
 *               codeSigning: true
 *               timeStamping: true
 *       lifetime: 86400s
 *       keySpec:
 *         algorithm: RSA_PKCS1_4096_SHA256
 *       type: SUBORDINATE
 * ```
 * 
 * ### Privateca Certificate Authority Byo Key
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const privatecaSa = new gcp.projects.ServiceIdentity("privateca_sa", {service: "privateca.googleapis.com"});
 * const privatecaSaKeyuserSignerverifier = new gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier", {
 *     cryptoKeyId: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *     role: "roles/cloudkms.signerVerifier",
 *     member: pulumi.interpolate`serviceAccount:${privatecaSa.email}`,
 * });
 * const privatecaSaKeyuserViewer = new gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer", {
 *     cryptoKeyId: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *     role: "roles/viewer",
 *     member: pulumi.interpolate`serviceAccount:${privatecaSa.email}`,
 * });
 * const _default = new gcp.certificateauthority.Authority("default", {
 *     pool: "ca-pool",
 *     certificateAuthorityId: "my-certificate-authority",
 *     location: "us-central1",
 *     deletionProtection: true,
 *     keySpec: {
 *         cloudKmsKeyVersion: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *     },
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "Example, Org.",
 *                 commonName: "Example Authority",
 *             },
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *                 maxIssuerPathLength: 10,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     certSign: true,
 *                     crlSign: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: false,
 *                 },
 *             },
 *             nameConstraints: {
 *                 critical: true,
 *                 permittedDnsNames: ["*.example.com"],
 *                 excludedDnsNames: ["*.deny.example.com"],
 *                 permittedIpRanges: ["10.0.0.0/8"],
 *                 excludedIpRanges: ["10.1.1.0/24"],
 *                 permittedEmailAddresses: [".example.com"],
 *                 excludedEmailAddresses: [".deny.example.com"],
 *                 permittedUris: [".example.com"],
 *                 excludedUris: [".deny.example.com"],
 *             },
 *         },
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * privateca_sa = gcp.projects.ServiceIdentity("privateca_sa", service="privateca.googleapis.com")
 * privateca_sa_keyuser_signerverifier = gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier",
 *     crypto_key_id="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *     role="roles/cloudkms.signerVerifier",
 *     member=privateca_sa.email.apply(lambda email: f"serviceAccount:{email}"))
 * privateca_sa_keyuser_viewer = gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer",
 *     crypto_key_id="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *     role="roles/viewer",
 *     member=privateca_sa.email.apply(lambda email: f"serviceAccount:{email}"))
 * default = gcp.certificateauthority.Authority("default",
 *     pool="ca-pool",
 *     certificate_authority_id="my-certificate-authority",
 *     location="us-central1",
 *     deletion_protection=True,
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *     ),
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="Example, Org.",
 *                 common_name="Example Authority",
 *             ),
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *                 max_issuer_path_length=10,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=False,
 *                 ),
 *             ),
 *             name_constraints=gcp.certificateauthority.AuthorityConfigX509ConfigNameConstraintsArgs(
 *                 critical=True,
 *                 permitted_dns_names=["*.example.com"],
 *                 excluded_dns_names=["*.deny.example.com"],
 *                 permitted_ip_ranges=["10.0.0.0/8"],
 *                 excluded_ip_ranges=["10.1.1.0/24"],
 *                 permitted_email_addresses=[".example.com"],
 *                 excluded_email_addresses=[".deny.example.com"],
 *                 permitted_uris=[".example.com"],
 *                 excluded_uris=[".deny.example.com"],
 *             ),
 *         ),
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var privatecaSa = new Gcp.Projects.ServiceIdentity("privateca_sa", new()
 *     {
 *         Service = "privateca.googleapis.com",
 *     });
 *     var privatecaSaKeyuserSignerverifier = new Gcp.Kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier", new()
 *     {
 *         CryptoKeyId = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *         Role = "roles/cloudkms.signerVerifier",
 *         Member = privatecaSa.Email.Apply(email => $"serviceAccount:{email}"),
 *     });
 *     var privatecaSaKeyuserViewer = new Gcp.Kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer", new()
 *     {
 *         CryptoKeyId = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *         Role = "roles/viewer",
 *         Member = privatecaSa.Email.Apply(email => $"serviceAccount:{email}"),
 *     });
 *     var @default = new Gcp.CertificateAuthority.Authority("default", new()
 *     {
 *         Pool = "ca-pool",
 *         CertificateAuthorityId = "my-certificate-authority",
 *         Location = "us-central1",
 *         DeletionProtection = true,
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             CloudKmsKeyVersion = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *         },
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "Example, Org.",
 *                     CommonName = "Example Authority",
 *                 },
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                     MaxIssuerPathLength = 10,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         CertSign = true,
 *                         CrlSign = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = false,
 *                     },
 *                 },
 *                 NameConstraints = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigNameConstraintsArgs
 *                 {
 *                     Critical = true,
 *                     PermittedDnsNames = new[]
 *                     {
 *                         "*.example.com",
 *                     },
 *                     ExcludedDnsNames = new[]
 *                     {
 *                         "*.deny.example.com",
 *                     },
 *                     PermittedIpRanges = new[]
 *                     {
 *                         "10.0.0.0/8",
 *                     },
 *                     ExcludedIpRanges = new[]
 *                     {
 *                         "10.1.1.0/24",
 *                     },
 *                     PermittedEmailAddresses = new[]
 *                     {
 *                         ".example.com",
 *                     },
 *                     ExcludedEmailAddresses = new[]
 *                     {
 *                         ".deny.example.com",
 *                     },
 *                     PermittedUris = new[]
 *                     {
 *                         ".example.com",
 *                     },
 *                     ExcludedUris = new[]
 *                     {
 *                         ".deny.example.com",
 *                     },
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		privatecaSa, err := projects.NewServiceIdentity(ctx, "privateca_sa", &projects.ServiceIdentityArgs{
 * 			Service: pulumi.String("privateca.googleapis.com"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = kms.NewCryptoKeyIAMMember(ctx, "privateca_sa_keyuser_signerverifier", &kms.CryptoKeyIAMMemberArgs{
 * 			CryptoKeyId: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"),
 * 			Role:        pulumi.String("roles/cloudkms.signerVerifier"),
 * 			Member: privatecaSa.Email.ApplyT(func(email string) (string, error) {
 * 				return fmt.Sprintf("serviceAccount:%v", email), nil
 * 			}).(pulumi.StringOutput),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = kms.NewCryptoKeyIAMMember(ctx, "privateca_sa_keyuser_viewer", &kms.CryptoKeyIAMMemberArgs{
 * 			CryptoKeyId: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"),
 * 			Role:        pulumi.String("roles/viewer"),
 * 			Member: privatecaSa.Email.ApplyT(func(email string) (string, error) {
 * 				return fmt.Sprintf("serviceAccount:%v", email), nil
 * 			}).(pulumi.StringOutput),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
 * 			Pool:                   pulumi.String("ca-pool"),
 * 			CertificateAuthorityId: pulumi.String("my-certificate-authority"),
 * 			Location:               pulumi.String("us-central1"),
 * 			DeletionProtection:     pulumi.Bool(true),
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				CloudKmsKeyVersion: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1"),
 * 			},
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("Example, Org."),
 * 						CommonName:   pulumi.String("Example Authority"),
 * 					},
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa:                pulumi.Bool(true),
 * 						MaxIssuerPathLength: pulumi.Int(10),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							CertSign: pulumi.Bool(true),
 * 							CrlSign:  pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth: pulumi.Bool(false),
 * 						},
 * 					},
 * 					NameConstraints: &certificateauthority.AuthorityConfigX509ConfigNameConstraintsArgs{
 * 						Critical: pulumi.Bool(true),
 * 						PermittedDnsNames: pulumi.StringArray{
 * 							pulumi.String("*.example.com"),
 * 						},
 * 						ExcludedDnsNames: pulumi.StringArray{
 * 							pulumi.String("*.deny.example.com"),
 * 						},
 * 						PermittedIpRanges: pulumi.StringArray{
 * 							pulumi.String("10.0.0.0/8"),
 * 						},
 * 						ExcludedIpRanges: pulumi.StringArray{
 * 							pulumi.String("10.1.1.0/24"),
 * 						},
 * 						PermittedEmailAddresses: pulumi.StringArray{
 * 							pulumi.String(".example.com"),
 * 						},
 * 						ExcludedEmailAddresses: pulumi.StringArray{
 * 							pulumi.String(".deny.example.com"),
 * 						},
 * 						PermittedUris: pulumi.StringArray{
 * 							pulumi.String(".example.com"),
 * 						},
 * 						ExcludedUris: pulumi.StringArray{
 * 							pulumi.String(".deny.example.com"),
 * 						},
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.ServiceIdentity;
 * import com.pulumi.gcp.projects.ServiceIdentityArgs;
 * import com.pulumi.gcp.kms.CryptoKeyIAMMember;
 * import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
 * import com.pulumi.gcp.certificateauthority.Authority;
 * import com.pulumi.gcp.certificateauthority.AuthorityArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigNameConstraintsArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var privatecaSa = new ServiceIdentity("privatecaSa", ServiceIdentityArgs.builder()
 *             .service("privateca.googleapis.com")
 *             .build());
 *         var privatecaSaKeyuserSignerverifier = new CryptoKeyIAMMember("privatecaSaKeyuserSignerverifier", CryptoKeyIAMMemberArgs.builder()
 *             .cryptoKeyId("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key")
 *             .role("roles/cloudkms.signerVerifier")
 *             .member(privatecaSa.email().applyValue(email -> String.format("serviceAccount:%s", email)))
 *             .build());
 *         var privatecaSaKeyuserViewer = new CryptoKeyIAMMember("privatecaSaKeyuserViewer", CryptoKeyIAMMemberArgs.builder()
 *             .cryptoKeyId("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key")
 *             .role("roles/viewer")
 *             .member(privatecaSa.email().applyValue(email -> String.format("serviceAccount:%s", email)))
 *             .build());
 *         var default_ = new Authority("default", AuthorityArgs.builder()
 *             .pool("ca-pool")
 *             .certificateAuthorityId("my-certificate-authority")
 *             .location("us-central1")
 *             .deletionProtection("true")
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .cloudKmsKeyVersion("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1")
 *                 .build())
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("Example, Org.")
 *                         .commonName("Example Authority")
 *                         .build())
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .maxIssuerPathLength(10)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(false)
 *                             .build())
 *                         .build())
 *                     .nameConstraints(AuthorityConfigX509ConfigNameConstraintsArgs.builder()
 *                         .critical(true)
 *                         .permittedDnsNames("*.example.com")
 *                         .excludedDnsNames("*.deny.example.com")
 *                         .permittedIpRanges("10.0.0.0/8")
 *                         .excludedIpRanges("10.1.1.0/24")
 *                         .permittedEmailAddresses(".example.com")
 *                         .excludedEmailAddresses(".deny.example.com")
 *                         .permittedUris(".example.com")
 *                         .excludedUris(".deny.example.com")
 *                         .build())
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   privatecaSa:
 *     type: gcp:projects:ServiceIdentity
 *     name: privateca_sa
 *     properties:
 *       service: privateca.googleapis.com
 *   privatecaSaKeyuserSignerverifier:
 *     type: gcp:kms:CryptoKeyIAMMember
 *     name: privateca_sa_keyuser_signerverifier
 *     properties:
 *       cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key
 *       role: roles/cloudkms.signerVerifier
 *       member: serviceAccount:${privatecaSa.email}
 *   privatecaSaKeyuserViewer:
 *     type: gcp:kms:CryptoKeyIAMMember
 *     name: privateca_sa_keyuser_viewer
 *     properties:
 *       cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key
 *       role: roles/viewer
 *       member: serviceAccount:${privatecaSa.email}
 *   default:
 *     type: gcp:certificateauthority:Authority
 *     properties:
 *       pool: ca-pool
 *       certificateAuthorityId: my-certificate-authority
 *       location: us-central1
 *       deletionProtection: 'true'
 *       keySpec:
 *         cloudKmsKeyVersion: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: Example, Org.
 *             commonName: Example Authority
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *             maxIssuerPathLength: 10
 *           keyUsage:
 *             baseKeyUsage:
 *               certSign: true
 *               crlSign: true
 *             extendedKeyUsage:
 *               serverAuth: false
 *           nameConstraints:
 *             critical: true
 *             permittedDnsNames:
 *               - '*.example.com'
 *             excludedDnsNames:
 *               - '*.deny.example.com'
 *             permittedIpRanges:
 *               - 10.0.0.0/8
 *             excludedIpRanges:
 *               - 10.1.1.0/24
 *             permittedEmailAddresses:
 *               - .example.com
 *             excludedEmailAddresses:
 *               - .deny.example.com
 *             permittedUris:
 *               - .example.com
 *             excludedUris:
 *               - .deny.example.com
 * ```
 * 
 * ### Privateca Certificate Authority Custom Ski
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const _default = new gcp.certificateauthority.Authority("default", {
 *     pool: "ca-pool",
 *     certificateAuthorityId: "my-certificate-authority",
 *     location: "us-central1",
 *     deletionProtection: true,
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "HashiCorp",
 *                 commonName: "my-certificate-authority",
 *             },
 *             subjectAltName: {
 *                 dnsNames: ["hashicorp.com"],
 *             },
 *         },
 *         subjectKeyId: {
 *             keyId: "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *                 maxIssuerPathLength: 10,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     digitalSignature: true,
 *                     contentCommitment: true,
 *                     keyEncipherment: false,
 *                     dataEncipherment: true,
 *                     keyAgreement: true,
 *                     certSign: true,
 *                     crlSign: true,
 *                     decipherOnly: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: true,
 *                     clientAuth: false,
 *                     emailProtection: true,
 *                     codeSigning: true,
 *                     timeStamping: true,
 *                 },
 *             },
 *         },
 *     },
 *     lifetime: "86400s",
 *     keySpec: {
 *         cloudKmsKeyVersion: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * default = gcp.certificateauthority.Authority("default",
 *     pool="ca-pool",
 *     certificate_authority_id="my-certificate-authority",
 *     location="us-central1",
 *     deletion_protection=True,
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="HashiCorp",
 *                 common_name="my-certificate-authority",
 *             ),
 *             subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
 *                 dns_names=["hashicorp.com"],
 *             ),
 *         ),
 *         subject_key_id=gcp.certificateauthority.AuthorityConfigSubjectKeyIdArgs(
 *             key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *                 max_issuer_path_length=10,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     digital_signature=True,
 *                     content_commitment=True,
 *                     key_encipherment=False,
 *                     data_encipherment=True,
 *                     key_agreement=True,
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                     decipher_only=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=True,
 *                     client_auth=False,
 *                     email_protection=True,
 *                     code_signing=True,
 *                     time_stamping=True,
 *                 ),
 *             ),
 *         ),
 *     ),
 *     lifetime="86400s",
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var @default = new Gcp.CertificateAuthority.Authority("default", new()
 *     {
 *         Pool = "ca-pool",
 *         CertificateAuthorityId = "my-certificate-authority",
 *         Location = "us-central1",
 *         DeletionProtection = true,
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "HashiCorp",
 *                     CommonName = "my-certificate-authority",
 *                 },
 *                 SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
 *                 {
 *                     DnsNames = new[]
 *                     {
 *                         "hashicorp.com",
 *                     },
 *                 },
 *             },
 *             SubjectKeyId = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectKeyIdArgs
 *             {
 *                 KeyId = "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                     MaxIssuerPathLength = 10,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         DigitalSignature = true,
 *                         ContentCommitment = true,
 *                         KeyEncipherment = false,
 *                         DataEncipherment = true,
 *                         KeyAgreement = true,
 *                         CertSign = true,
 *                         CrlSign = true,
 *                         DecipherOnly = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = true,
 *                         ClientAuth = false,
 *                         EmailProtection = true,
 *                         CodeSigning = true,
 *                         TimeStamping = true,
 *                     },
 *                 },
 *             },
 *         },
 *         Lifetime = "86400s",
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             CloudKmsKeyVersion = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
 * 			Pool:                   pulumi.String("ca-pool"),
 * 			CertificateAuthorityId: pulumi.String("my-certificate-authority"),
 * 			Location:               pulumi.String("us-central1"),
 * 			DeletionProtection:     pulumi.Bool(true),
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("HashiCorp"),
 * 						CommonName:   pulumi.String("my-certificate-authority"),
 * 					},
 * 					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
 * 						DnsNames: pulumi.StringArray{
 * 							pulumi.String("hashicorp.com"),
 * 						},
 * 					},
 * 				},
 * 				SubjectKeyId: &certificateauthority.AuthorityConfigSubjectKeyIdArgs{
 * 					KeyId: pulumi.String("4cf3372289b1d411b999dbb9ebcd44744b6b2fca"),
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa:                pulumi.Bool(true),
 * 						MaxIssuerPathLength: pulumi.Int(10),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							DigitalSignature:  pulumi.Bool(true),
 * 							ContentCommitment: pulumi.Bool(true),
 * 							KeyEncipherment:   pulumi.Bool(false),
 * 							DataEncipherment:  pulumi.Bool(true),
 * 							KeyAgreement:      pulumi.Bool(true),
 * 							CertSign:          pulumi.Bool(true),
 * 							CrlSign:           pulumi.Bool(true),
 * 							DecipherOnly:      pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth:      pulumi.Bool(true),
 * 							ClientAuth:      pulumi.Bool(false),
 * 							EmailProtection: pulumi.Bool(true),
 * 							CodeSigning:     pulumi.Bool(true),
 * 							TimeStamping:    pulumi.Bool(true),
 * 						},
 * 					},
 * 				},
 * 			},
 * 			Lifetime: pulumi.String("86400s"),
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				CloudKmsKeyVersion: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.certificateauthority.Authority;
 * import com.pulumi.gcp.certificateauthority.AuthorityArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectKeyIdArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var default_ = new Authority("default", AuthorityArgs.builder()
 *             .pool("ca-pool")
 *             .certificateAuthorityId("my-certificate-authority")
 *             .location("us-central1")
 *             .deletionProtection("true")
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("HashiCorp")
 *                         .commonName("my-certificate-authority")
 *                         .build())
 *                     .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
 *                         .dnsNames("hashicorp.com")
 *                         .build())
 *                     .build())
 *                 .subjectKeyId(AuthorityConfigSubjectKeyIdArgs.builder()
 *                     .keyId("4cf3372289b1d411b999dbb9ebcd44744b6b2fca")
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .maxIssuerPathLength(10)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .digitalSignature(true)
 *                             .contentCommitment(true)
 *                             .keyEncipherment(false)
 *                             .dataEncipherment(true)
 *                             .keyAgreement(true)
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .decipherOnly(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(true)
 *                             .clientAuth(false)
 *                             .emailProtection(true)
 *                             .codeSigning(true)
 *                             .timeStamping(true)
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .build())
 *             .lifetime("86400s")
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .cloudKmsKeyVersion("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1")
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   default:
 *     type: gcp:certificateauthority:Authority
 *     properties:
 *       pool: ca-pool
 *       certificateAuthorityId: my-certificate-authority
 *       location: us-central1
 *       deletionProtection: 'true'
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: HashiCorp
 *             commonName: my-certificate-authority
 *           subjectAltName:
 *             dnsNames:
 *               - hashicorp.com
 *         subjectKeyId:
 *           keyId: 4cf3372289b1d411b999dbb9ebcd44744b6b2fca
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *             maxIssuerPathLength: 10
 *           keyUsage:
 *             baseKeyUsage:
 *               digitalSignature: true
 *               contentCommitment: true
 *               keyEncipherment: false
 *               dataEncipherment: true
 *               keyAgreement: true
 *               certSign: true
 *               crlSign: true
 *               decipherOnly: true
 *             extendedKeyUsage:
 *               serverAuth: true
 *               clientAuth: false
 *               emailProtection: true
 *               codeSigning: true
 *               timeStamping: true
 *       lifetime: 86400s
 *       keySpec:
 *         cloudKmsKeyVersion: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1
 * ```
 * 
 * ## Import
 * CertificateAuthority can be imported using any of these accepted formats:
 * * `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}`
 * * `{{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}`
 * * `{{location}}/{{pool}}/{{certificate_authority_id}}`
 * When using the `pulumi import` command, CertificateAuthority can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:certificateauthority/authority:Authority default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}
 * ```
 * ```sh
 * $ pulumi import gcp:certificateauthority/authority:Authority default {{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}
 * ```
 * ```sh
 * $ pulumi import gcp:certificateauthority/authority:Authority default {{location}}/{{pool}}/{{certificate_authority_id}}
 * ```
 * @property certificateAuthorityId The user provided Resource ID for this Certificate Authority.
 * @property config The config used to create a self-signed X.509 certificate or CSR.
 * Structure is documented below.
 * @property deletionProtection
 * @property desiredState Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
 * @property gcsBucket The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
 * CRLs. This must be a bucket name, without any prefixes (such as 'gs://') or suffixes (such as '.googleapis.com'). For
 * example, to use a bucket named my-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will
 * be created.
 * @property ignoreActiveCertificatesOnDeletion This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and
 * unexpired certs. Use with care. Defaults to 'false'.
 * @property keySpec Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority
 * is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA
 * certificate. Otherwise, it is used to sign a CSR.
 * Structure is documented below.
 * @property labels Labels with user-defined metadata. An object containing a list of "key": value pairs. Example: { "name": "wrench",
 * "mass": "1.3kg", "count": "3" }. **Note**: This field is non-authoritative, and will only manage the labels present in
 * your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
 * @property lifetime The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509
 * certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
 * @property location Location of the CertificateAuthority. A full list of valid locations can be found by
 * running `gcloud privateca locations list`.
 * @property pemCaCertificate The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with
 * a third party issuer.
 * @property pool The name of the CaPool this Certificate Authority belongs to.
 * @property project
 * @property skipGracePeriod If this flag is set, the Certificate Authority will be deleted as soon as possible without a 30-day grace period where
 * undeletion would have been allowed. If you proceed, there will be no way to recover this CA. Use with care. Defaults to
 * 'false'.
 * @property subordinateConfig If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
 * describes its issuers.
 * @property type The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
 * before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
 */
public data class AuthorityArgs(
    public val certificateAuthorityId: Output? = null,
    public val config: Output? = null,
    public val deletionProtection: Output? = null,
    public val desiredState: Output? = null,
    public val gcsBucket: Output? = null,
    public val ignoreActiveCertificatesOnDeletion: Output? = null,
    public val keySpec: Output? = null,
    public val labels: Output>? = null,
    public val lifetime: Output? = null,
    public val location: Output? = null,
    public val pemCaCertificate: Output? = null,
    public val pool: Output? = null,
    public val project: Output? = null,
    public val skipGracePeriod: Output? = null,
    public val subordinateConfig: Output? = null,
    public val type: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.certificateauthority.AuthorityArgs =
        com.pulumi.gcp.certificateauthority.AuthorityArgs.builder()
            .certificateAuthorityId(certificateAuthorityId?.applyValue({ args0 -> args0 }))
            .config(config?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .deletionProtection(deletionProtection?.applyValue({ args0 -> args0 }))
            .desiredState(desiredState?.applyValue({ args0 -> args0 }))
            .gcsBucket(gcsBucket?.applyValue({ args0 -> args0 }))
            .ignoreActiveCertificatesOnDeletion(
                ignoreActiveCertificatesOnDeletion?.applyValue({ args0 ->
                    args0
                }),
            )
            .keySpec(keySpec?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .labels(labels?.applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }))
            .lifetime(lifetime?.applyValue({ args0 -> args0 }))
            .location(location?.applyValue({ args0 -> args0 }))
            .pemCaCertificate(pemCaCertificate?.applyValue({ args0 -> args0 }))
            .pool(pool?.applyValue({ args0 -> args0 }))
            .project(project?.applyValue({ args0 -> args0 }))
            .skipGracePeriod(skipGracePeriod?.applyValue({ args0 -> args0 }))
            .subordinateConfig(subordinateConfig?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .type(type?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [AuthorityArgs].
 */
@PulumiTagMarker
public class AuthorityArgsBuilder internal constructor() {
    private var certificateAuthorityId: Output? = null

    private var config: Output? = null

    private var deletionProtection: Output? = null

    private var desiredState: Output? = null

    private var gcsBucket: Output? = null

    private var ignoreActiveCertificatesOnDeletion: Output? = null

    private var keySpec: Output? = null

    private var labels: Output>? = null

    private var lifetime: Output? = null

    private var location: Output? = null

    private var pemCaCertificate: Output? = null

    private var pool: Output? = null

    private var project: Output? = null

    private var skipGracePeriod: Output? = null

    private var subordinateConfig: Output? = null

    private var type: Output? = null

    /**
     * @param value The user provided Resource ID for this Certificate Authority.
     */
    @JvmName("hxaryrmxxrjmgmal")
    public suspend fun certificateAuthorityId(`value`: Output) {
        this.certificateAuthorityId = value
    }

    /**
     * @param value The config used to create a self-signed X.509 certificate or CSR.
     * Structure is documented below.
     */
    @JvmName("buxkiuwdcnphvvon")
    public suspend fun config(`value`: Output) {
        this.config = value
    }

    /**
     * @param value
     */
    @JvmName("awiqvwpghbuxdsnw")
    public suspend fun deletionProtection(`value`: Output) {
        this.deletionProtection = value
    }

    /**
     * @param value Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
     */
    @JvmName("sofyyamjxlpqylqm")
    public suspend fun desiredState(`value`: Output) {
        this.desiredState = value
    }

    /**
     * @param value The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
     * CRLs. This must be a bucket name, without any prefixes (such as 'gs://') or suffixes (such as '.googleapis.com'). For
     * example, to use a bucket named my-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will
     * be created.
     */
    @JvmName("nhkpwwaertcelqco")
    public suspend fun gcsBucket(`value`: Output) {
        this.gcsBucket = value
    }

    /**
     * @param value This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and
     * unexpired certs. Use with care. Defaults to 'false'.
     */
    @JvmName("tuexoclrlpfdjptc")
    public suspend fun ignoreActiveCertificatesOnDeletion(`value`: Output) {
        this.ignoreActiveCertificatesOnDeletion = value
    }

    /**
     * @param value Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority
     * is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA
     * certificate. Otherwise, it is used to sign a CSR.
     * Structure is documented below.
     */
    @JvmName("xjnivgbywpvqghkw")
    public suspend fun keySpec(`value`: Output) {
        this.keySpec = value
    }

    /**
     * @param value Labels with user-defined metadata. An object containing a list of "key": value pairs. Example: { "name": "wrench",
     * "mass": "1.3kg", "count": "3" }. **Note**: This field is non-authoritative, and will only manage the labels present in
     * your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
     */
    @JvmName("ufhqlufguxhmaihm")
    public suspend fun labels(`value`: Output>) {
        this.labels = value
    }

    /**
     * @param value The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509
     * certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
     */
    @JvmName("ymirnubaahcnsnhr")
    public suspend fun lifetime(`value`: Output) {
        this.lifetime = value
    }

    /**
     * @param value Location of the CertificateAuthority. A full list of valid locations can be found by
     * running `gcloud privateca locations list`.
     */
    @JvmName("nynkkdcgnsfdrkwq")
    public suspend fun location(`value`: Output) {
        this.location = value
    }

    /**
     * @param value The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with
     * a third party issuer.
     */
    @JvmName("hnjumwckqhngjhvc")
    public suspend fun pemCaCertificate(`value`: Output) {
        this.pemCaCertificate = value
    }

    /**
     * @param value The name of the CaPool this Certificate Authority belongs to.
     */
    @JvmName("tulkoxcbiydrmkga")
    public suspend fun pool(`value`: Output) {
        this.pool = value
    }

    /**
     * @param value
     */
    @JvmName("afcoskykfmljmwng")
    public suspend fun project(`value`: Output) {
        this.project = value
    }

    /**
     * @param value If this flag is set, the Certificate Authority will be deleted as soon as possible without a 30-day grace period where
     * undeletion would have been allowed. If you proceed, there will be no way to recover this CA. Use with care. Defaults to
     * 'false'.
     */
    @JvmName("xjvhljrkricqiaey")
    public suspend fun skipGracePeriod(`value`: Output) {
        this.skipGracePeriod = value
    }

    /**
     * @param value If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
     * describes its issuers.
     */
    @JvmName("vgvfgevawrudlvjk")
    public suspend fun subordinateConfig(`value`: Output) {
        this.subordinateConfig = value
    }

    /**
     * @param value The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
     * before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
     */
    @JvmName("iednixapjcjkivkx")
    public suspend fun type(`value`: Output) {
        this.type = value
    }

    /**
     * @param value The user provided Resource ID for this Certificate Authority.
     */
    @JvmName("adwskhyfyqjlawdd")
    public suspend fun certificateAuthorityId(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.certificateAuthorityId = mapped
    }

    /**
     * @param value The config used to create a self-signed X.509 certificate or CSR.
     * Structure is documented below.
     */
    @JvmName("tkxydpypohhnuuxj")
    public suspend fun config(`value`: AuthorityConfigArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.config = mapped
    }

    /**
     * @param argument The config used to create a self-signed X.509 certificate or CSR.
     * Structure is documented below.
     */
    @JvmName("qapvvpfhpooxnwug")
    public suspend fun config(argument: suspend AuthorityConfigArgsBuilder.() -> Unit) {
        val toBeMapped = AuthorityConfigArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.config = mapped
    }

    /**
     * @param value
     */
    @JvmName("ircfdsrirslpmgee")
    public suspend fun deletionProtection(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.deletionProtection = mapped
    }

    /**
     * @param value Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
     */
    @JvmName("doumuvnvgrjvtatk")
    public suspend fun desiredState(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.desiredState = mapped
    }

    /**
     * @param value The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
     * CRLs. This must be a bucket name, without any prefixes (such as 'gs://') or suffixes (such as '.googleapis.com'). For
     * example, to use a bucket named my-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will
     * be created.
     */
    @JvmName("rawcrbybibnvwjud")
    public suspend fun gcsBucket(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.gcsBucket = mapped
    }

    /**
     * @param value This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and
     * unexpired certs. Use with care. Defaults to 'false'.
     */
    @JvmName("qdiowodrnkcselin")
    public suspend fun ignoreActiveCertificatesOnDeletion(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.ignoreActiveCertificatesOnDeletion = mapped
    }

    /**
     * @param value Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority
     * is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA
     * certificate. Otherwise, it is used to sign a CSR.
     * Structure is documented below.
     */
    @JvmName("hbwbxlcjrkejrldd")
    public suspend fun keySpec(`value`: AuthorityKeySpecArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.keySpec = mapped
    }

    /**
     * @param argument Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority
     * is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA
     * certificate. Otherwise, it is used to sign a CSR.
     * Structure is documented below.
     */
    @JvmName("yvisipqdmsmoxcfv")
    public suspend fun keySpec(argument: suspend AuthorityKeySpecArgsBuilder.() -> Unit) {
        val toBeMapped = AuthorityKeySpecArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.keySpec = mapped
    }

    /**
     * @param value Labels with user-defined metadata. An object containing a list of "key": value pairs. Example: { "name": "wrench",
     * "mass": "1.3kg", "count": "3" }. **Note**: This field is non-authoritative, and will only manage the labels present in
     * your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
     */
    @JvmName("okabqtdsxbvbqhtg")
    public suspend fun labels(`value`: Map?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.labels = mapped
    }

    /**
     * @param values Labels with user-defined metadata. An object containing a list of "key": value pairs. Example: { "name": "wrench",
     * "mass": "1.3kg", "count": "3" }. **Note**: This field is non-authoritative, and will only manage the labels present in
     * your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
     */
    @JvmName("pwfrdsxgawkqhnwg")
    public fun labels(vararg values: Pair) {
        val toBeMapped = values.toMap()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.labels = mapped
    }

    /**
     * @param value The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509
     * certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
     */
    @JvmName("fgbulcfkfayqsqtn")
    public suspend fun lifetime(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.lifetime = mapped
    }

    /**
     * @param value Location of the CertificateAuthority. A full list of valid locations can be found by
     * running `gcloud privateca locations list`.
     */
    @JvmName("ylqhykcanlaiprcu")
    public suspend fun location(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.location = mapped
    }

    /**
     * @param value The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with
     * a third party issuer.
     */
    @JvmName("yuqelljjwtsnpnid")
    public suspend fun pemCaCertificate(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.pemCaCertificate = mapped
    }

    /**
     * @param value The name of the CaPool this Certificate Authority belongs to.
     */
    @JvmName("bblxrcpnxrmrtknh")
    public suspend fun pool(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.pool = mapped
    }

    /**
     * @param value
     */
    @JvmName("ukwwpwnqmbacklyr")
    public suspend fun project(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.project = mapped
    }

    /**
     * @param value If this flag is set, the Certificate Authority will be deleted as soon as possible without a 30-day grace period where
     * undeletion would have been allowed. If you proceed, there will be no way to recover this CA. Use with care. Defaults to
     * 'false'.
     */
    @JvmName("oiowaaiflbjimiyo")
    public suspend fun skipGracePeriod(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.skipGracePeriod = mapped
    }

    /**
     * @param value If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
     * describes its issuers.
     */
    @JvmName("orfgdspngjybeogt")
    public suspend fun subordinateConfig(`value`: AuthoritySubordinateConfigArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.subordinateConfig = mapped
    }

    /**
     * @param argument If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
     * describes its issuers.
     */
    @JvmName("grrmnaqnvramsjjj")
    public suspend fun subordinateConfig(argument: suspend AuthoritySubordinateConfigArgsBuilder.() -> Unit) {
        val toBeMapped = AuthoritySubordinateConfigArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.subordinateConfig = mapped
    }

    /**
     * @param value The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
     * before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
     */
    @JvmName("loqjnqkwenxntapj")
    public suspend fun type(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.type = mapped
    }

    internal fun build(): AuthorityArgs = AuthorityArgs(
        certificateAuthorityId = certificateAuthorityId,
        config = config,
        deletionProtection = deletionProtection,
        desiredState = desiredState,
        gcsBucket = gcsBucket,
        ignoreActiveCertificatesOnDeletion = ignoreActiveCertificatesOnDeletion,
        keySpec = keySpec,
        labels = labels,
        lifetime = lifetime,
        location = location,
        pemCaCertificate = pemCaCertificate,
        pool = pool,
        project = project,
        skipGracePeriod = skipGracePeriod,
        subordinateConfig = subordinateConfig,
        type = type,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy