Represents configuration for generating mutual TLS (mTLS) certificates for the identities within this pool.

Attributes

• caPools (type: map(), default: nil) - Optional. A required mapping of a cloud region to the CA pool resource located in that region used for certificate issuance, adhering to these constraints: Key format: A supported cloud region name equivalent to the location identifier in the corresponding map entry's value. Value format: A valid CA pool resource path format like: "projects/{project}/locations/{location}/caPools/{ca_pool}" * Region Matching: Workloads are ONLY issued certificates from CA pools within the same region. Also the CA pool region (in value) must match the workload's region (key).
• keyAlgorithm (type: String.t, default: nil) - Optional. Key algorithm to use when generating the key pair. This key pair will be used to create the certificate. If unspecified, this will default to ECDSA_P256.
• lifetime (type: String.t, default: nil) - Optional. Lifetime of the workload certificates issued by the CA pool. Must be between 10 hours - 30 days. If unspecified, this will be defaulted to 24 hours.
• rotationWindowPercentage (type: integer(), default: nil) - Optional. Rotation window percentage indicating when certificate rotation should be initiated based on remaining lifetime. Must be between 10 - 80. If unspecified, this will be defaulted to 50.