Package com.ibm.cloud.secrets_manager_sdk.secrets_manager.v2.model

Class ConfigurationPatch

    • Method Detail

      • apiKey

        public String apiKey()
        Gets the apiKey. An IBM Cloud API key that can create and manage service IDs. The API key must be assigned the Editor platform role on the Access Groups Service and the Operator platform role on the IAM Identity Service. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-configure-iam-engine).
        Returns:
        the apiKey

      • disabled

        public Boolean disabled()
        Gets the disabled. This parameter indicates whether the API key configuration is disabled. If it is set to `disabled`, the IAM credentials engine doesn't use the configured API key for credentials management.
        Returns:
        the disabled

      • maxTtl

        public String maxTtl()
        Gets the maxTtl. The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API response, this value is returned in seconds (integer). Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
        Returns:
        the maxTtl

      • crlExpiry

        public String crlExpiry()
        Gets the crlExpiry. The time until the certificate revocation list (CRL) expires. The value can be supplied as a string representation of a duration in hours, such as `48h`. The default is 72 hours. In the API response, this value is returned in seconds (integer). **Note:** The CRL is rotated automatically before it expires.
        Returns:
        the crlExpiry

      • crlDisable

        public Boolean crlDisable()
        Gets the crlDisable. This field disables or enables certificate revocation list (CRL) building. If CRL building is disabled, a signed but zero-length CRL is returned when you're downloading the CRL. If CRL building is enabled, it rebuilds the CRL.
        Returns:
        the crlDisable

      • crlDistributionPointsEncoded

        public Boolean crlDistributionPointsEncoded()
        Gets the crlDistributionPointsEncoded. This field determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
        Returns:
        the crlDistributionPointsEncoded

      • issuingCertificatesUrlsEncoded

        public Boolean issuingCertificatesUrlsEncoded()
        Gets the issuingCertificatesUrlsEncoded. This field determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
        Returns:
        the issuingCertificatesUrlsEncoded

      • allowedSecretGroups

        public String allowedSecretGroups()
        Gets the allowedSecretGroups. This field scopes the creation of private certificates to only the secret groups that you specify. This field can be supplied as a comma-delimited list of secret group IDs.
        Returns:
        the allowedSecretGroups

      • ttl

        public String ttl()
        Gets the ttl. The requested time-to-live (TTL) for certificates that are created by this CA. This field's value can't be longer than the `max_ttl` limit. The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API response, this value is returned in seconds (integer).
        Returns:
        the ttl

      • allowLocalhost

        public Boolean allowLocalhost()
        Gets the allowLocalhost. This field indicates whether to allow `localhost` to be included as one of the requested common names.
        Returns:
        the allowLocalhost

      • allowedDomains

        public List<String> allowedDomains()
        Gets the allowedDomains. The domains to define for the certificate template. This property is used along with the `allow_bare_domains` and `allow_subdomains` options.
        Returns:
        the allowedDomains

      • allowedDomainsTemplate

        public Boolean allowedDomainsTemplate()
        Gets the allowedDomainsTemplate. This field indicates whether to allow the domains that are supplied in the `allowed_domains` field to contain access control list (ACL) templates.
        Returns:
        the allowedDomainsTemplate

      • allowBareDomains

        public Boolean allowBareDomains()
        Gets the allowBareDomains. This field indicates whether to allow clients to request private certificates that match the value of the actual domains on the final certificate. For example, if you specify `example.com` in the `allowed_domains` field, you grant clients the ability to request a certificate that contains the name `example.com` as one of the DNS values on the final certificate. **Important:** In some scenarios, allowing bare domains can be considered a security risk.
        Returns:
        the allowBareDomains

      • allowSubdomains

        public Boolean allowSubdomains()
        Gets the allowSubdomains. This field indicates whether to allow clients to request private certificates with common names (CN) that are subdomains of the CNs that are allowed by the other certificate template options. This includes wildcard subdomains. For example, if `allowed_domains` has a value of `example.com` and `allow_subdomains`is set to `true`, then the following subdomains are allowed: `foo.example.com`, `bar.example.com`, `*.example.com`. **Note:** This field is redundant if you use the `allow_any_name` option.
        Returns:
        the allowSubdomains

      • allowGlobDomains

        public Boolean allowGlobDomains()
        Gets the allowGlobDomains. This field indicates whether to allow glob patterns, for example, `ftp*.example.com`, in the names that are specified in the `allowed_domains` field. If set to `true`, clients are allowed to request private certificates with names that match the glob patterns.
        Returns:
        the allowGlobDomains

      • allowAnyName

        public Boolean allowAnyName()
        Gets the allowAnyName. This field indicates whether to allow clients to request a private certificate that matches any common name.
        Returns:
        the allowAnyName

      • enforceHostnames

        public Boolean enforceHostnames()
        Gets the enforceHostnames. This field indicates whether to enforce only valid hostnames for common names, DNS Subject Alternative Names, and the host section of email addresses.
        Returns:
        the enforceHostnames

      • allowIpSans

        public Boolean allowIpSans()
        Gets the allowIpSans. This field indicates whether to allow clients to request a private certificate with IP Subject Alternative Names.
        Returns:
        the allowIpSans

      • allowedUriSans

        public List<String> allowedUriSans()
        Gets the allowedUriSans. The URI Subject Alternative Names to allow for private certificates. Values can contain glob patterns, for example `spiffe://hostname/_*`.
        Returns:
        the allowedUriSans

      • allowedOtherSans

        public List<String> allowedOtherSans()
        Gets the allowedOtherSans. The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to allow for private certificates. The format for each element in the list is the same as OpenSSL: `<oid>:<type>:<value>` where the current valid type is `UTF8`. To allow any value for an OID, use `*` as its value. Alternatively, specify a single `*` to allow any `other_sans` input.
        Returns:
        the allowedOtherSans

      • serverFlag

        public Boolean serverFlag()
        Gets the serverFlag. This field indicates whether private certificates are flagged for server use.
        Returns:
        the serverFlag

      • clientFlag

        public Boolean clientFlag()
        Gets the clientFlag. This field indicates whether private certificates are flagged for client use.
        Returns:
        the clientFlag

      • codeSigningFlag

        public Boolean codeSigningFlag()
        Gets the codeSigningFlag. This field indicates whether private certificates are flagged for code signing use.
        Returns:
        the codeSigningFlag

      • emailProtectionFlag

        public Boolean emailProtectionFlag()
        Gets the emailProtectionFlag. This field indicates whether private certificates are flagged for email protection use.
        Returns:
        the emailProtectionFlag

      • keyType

        public String keyType()
        Gets the keyType. The type of private key to generate.
        Returns:
        the keyType

      • keyBits

        public Long keyBits()
        Gets the keyBits. The number of bits to use to generate the private key. Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
        Returns:
        the keyBits

      • keyUsage

        public List<String> keyUsage()
        Gets the keyUsage. The allowed key usage constraint to define for private certificates. You can find valid values in the [Go x509 package documentation](https://pkg.go.dev/crypto/x509#KeyUsage). Omit the `KeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.
        Returns:
        the keyUsage

      • extKeyUsage

        public List<String> extKeyUsage()
        Gets the extKeyUsage. The allowed extended key usage constraint on private certificates. You can find valid values in the [Go x509 package documentation](https://golang.org/pkg/crypto/x509/#ExtKeyUsage). Omit the `ExtKeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.
        Returns:
        the extKeyUsage

      • extKeyUsageOids

        public List<String> extKeyUsageOids()
        Gets the extKeyUsageOids. A list of extended key usage Object Identifiers (OIDs).
        Returns:
        the extKeyUsageOids

      • useCsrCommonName

        public Boolean useCsrCommonName()
        Gets the useCsrCommonName. When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the common name (CN) from a certificate signing request (CSR) instead of the CN that is included in the data of the certificate. Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names, include the `use_csr_sans` property.
        Returns:
        the useCsrCommonName

      • useCsrSans

        public Boolean useCsrSans()
        Gets the useCsrSans. When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the Subject Alternative Names (SANs) from a certificate signing request (CSR) instead of the SANs that are included in the data of the certificate. This field does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property.
        Returns:
        the useCsrSans

      • ou

        public List<String> ou()
        Gets the ou. The Organizational Unit (OU) values to define in the subject field of the resulting certificate.
        Returns:
        the ou

      • organization

        public List<String> organization()
        Gets the organization. The Organization (O) values to define in the subject field of the resulting certificate.
        Returns:
        the organization

      • country

        public List<String> country()
        Gets the country. The Country (C) values to define in the subject field of the resulting certificate.
        Returns:
        the country

      • locality

        public List<String> locality()
        Gets the locality. The Locality (L) values to define in the subject field of the resulting certificate.
        Returns:
        the locality

      • province

        public List<String> province()
        Gets the province. The Province (ST) values to define in the subject field of the resulting certificate.
        Returns:
        the province

      • streetAddress

        public List<String> streetAddress()
        Gets the streetAddress. The street address values to define in the subject field of the resulting certificate.
        Returns:
        the streetAddress

      • postalCode

        public List<String> postalCode()
        Gets the postalCode. The postal code values to define in the subject field of the resulting certificate.
        Returns:
        the postalCode

      • serialNumber

        public String serialNumber()
        Gets the serialNumber. This field is deprecated. You can ignore its value.
        Returns:
        the serialNumber

      • requireCn

        public Boolean requireCn()
        Gets the requireCn. This field indicates whether to require a common name to create a private certificate. By default, a common name is required to generate a certificate. To make the `common_name` field optional, set the `require_cn` option to `false`.
        Returns:
        the requireCn

      • policyIdentifiers

        public List<String> policyIdentifiers()
        Gets the policyIdentifiers. A list of policy Object Identifiers (OIDs).
        Returns:
        the policyIdentifiers

      • basicConstraintsValidForNonCa

        public Boolean basicConstraintsValidForNonCa()
        Gets the basicConstraintsValidForNonCa. This field indicates whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.
        Returns:
        the basicConstraintsValidForNonCa

      • notBeforeDuration

        public String notBeforeDuration()
        Gets the notBeforeDuration. The duration in seconds by which to backdate the `not_before` property of an issued private certificate. The value can be supplied as a string representation of a duration, such as `30s`. In the API response, this value is returned in seconds (integer).
        Returns:
        the notBeforeDuration

      • letsEncryptEnvironment

        public String letsEncryptEnvironment()
        Gets the letsEncryptEnvironment. The configuration of the Let's Encrypt CA environment.
        Returns:
        the letsEncryptEnvironment

      • letsEncryptPrivateKey

        public String letsEncryptPrivateKey()
        Gets the letsEncryptPrivateKey. The PEM-encoded private key of your Let's Encrypt account. The data must be formatted on a single line with embedded newline characters.
        Returns:
        the letsEncryptPrivateKey

      • letsEncryptPreferredChain

        public String letsEncryptPreferredChain()
        Gets the letsEncryptPreferredChain. This field supports only the chains that Let's Encrypt provides. Keep empty to use the default or supply a valid Let's Encrypt-provided value. For a list of supported chains, see: https://letsencrypt.org/certificates/.
        Returns:
        the letsEncryptPreferredChain

      • cloudInternetServicesApikey

        public String cloudInternetServicesApikey()
        Gets the cloudInternetServicesApikey. An IBM Cloud API key that can list domains in your Cloud Internet Services instance and add DNS records. To grant Secrets Manager the ability to view the Cloud Internet Services instance and all of its domains, the API key must be assigned the Reader service role on Internet Services (`internet-svcs`). In order to add DNS records you need to assign the Manager role. If you want to manage specific domains, you can assign the Manager role for this specific domain. For production environments, it is recommended that you assign the Reader access role, and then use the [IAM Policy Management API](https://cloud.ibm.com/apidocs/iam-policy-management#create-policy) to control specific domains. If an IBM Cloud API key value is empty Secrets Manager tries to access your Cloud Internet Services instance with service-to-service authorization. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-cis).
        Returns:
        the cloudInternetServicesApikey

      • cloudInternetServicesCrn

        public String cloudInternetServicesCrn()
        Gets the cloudInternetServicesCrn. A CRN that uniquely identifies an IBM Cloud resource.
        Returns:
        the cloudInternetServicesCrn

      • classicInfrastructureUsername

        public String classicInfrastructureUsername()
        Gets the classicInfrastructureUsername. The username that is associated with your classic infrastructure account. In most cases, your classic infrastructure username is your `<account_id>_<email_address>`. For more information, see the [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).
        Returns:
        the classicInfrastructureUsername

      • classicInfrastructurePassword

        public String classicInfrastructurePassword()
        Gets the classicInfrastructurePassword. Your classic infrastructure API key. For information about viewing and accessing your classic infrastructure API key, see the [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).
        Returns:
        the classicInfrastructurePassword

      • taskTimeout

        public String taskTimeout()
        Gets the taskTimeout. Specifies the maximum allowed time for a Code Engine task to be completed. After this time elapses, the task state will changed to failed. The minimum value is 5 minutes and the maximum value is 24 hours. Default task time out is 10 minutes. The value can be either an integer that specifies the number of seconds, or the string representation of a duration, such as `10m` or `2h`.
        Returns:
        the taskTimeout

      • asPatch

        public Map<String,​Object> asPatch()
        Construct a JSON merge-patch from the ConfigurationPatch. Note that properties of the ConfigurationPatch with null values are not represented in the constructed JSON merge-patch object, but can be explicitly set afterward to signify a property delete.
        Returns:
        a JSON merge-patch for the ConfigurationPatch