Struct IssuancePolicy 

pub struct IssuancePolicy {
    pub allowed_issuance_modes: Option<IssuanceModes>,
    pub allowed_key_types: Option<Vec<AllowedKeyType>>,
    pub backdate_duration: Option<Duration>,
    pub baseline_values: Option<X509Parameters>,
    pub identity_constraints: Option<CertificateIdentityConstraints>,
    pub maximum_lifetime: Option<Duration>,
    pub passthrough_extensions: Option<CertificateExtensionConstraints>,
}

Defines controls over all certificate issuance within a CaPool.

This type is not used in any activity, and only used as part of another schema.

Fields

allowed_issuance_modes: Option<IssuanceModes>

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

allowed_key_types: Option<Vec<AllowedKeyType>>

Optional. If any AllowedKeyType is specified, then the certificate request’s public key must match one of the key types listed here. Otherwise, any key may be used.

backdate_duration: Option<Duration>

Optional. The duration to backdate all certificates issued from this CaPool. If not set, the certificates will be issued with a not_before_time of the issuance time (i.e. the current time). If set, the certificates will be issued with a not_before_time of the issuance time minus the backdate_duration. The not_after_time will be adjusted to preserve the requested lifetime. The backdate_duration must be less than or equal to 48 hours.

baseline_values: Option<X509Parameters>

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

identity_constraints: Option<CertificateIdentityConstraints>

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate’s identity.

maximum_lifetime: Option<Duration>

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate resource’s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

passthrough_extensions: Option<CertificateExtensionConstraints>

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don’t appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don’t appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate’s X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool’s baseline_values.

Trait Implementations

impl Clone for IssuancePolicy

fn clone(&self) -> IssuancePolicy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for IssuancePolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for IssuancePolicy

fn default() -> IssuancePolicy

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for IssuancePolicy

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for IssuancePolicy

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Part for IssuancePolicy