Add Backdate Duration to Issuance Policy (GoogleCloudPlatform#13678)

be74e3b1-6b98-4ba5-b172-9f27fa619e71 · NandiniAgrawal15 · commit 798995015172 · 2025-04-26T10:46:59.000+05:30
diff --git a/mmv1/products/privateca/CaPool.yaml b/mmv1/products/privateca/CaPool.yaml
@@ -129,6 +129,14 @@ properties:
                     - 'ECDSA_P256'
                     - 'ECDSA_P384'
                     - 'EDDSA_25519'
+      - name: 'backdateDuration'
+        type: String
+        description: |
+          The duration to backdate all certificates issued from this CaPool. If not set, the
+          certificates will be issued with a not_before_time of the issuance time (i.e. the current
+          time). If set, the certificates will be issued with a not_before_time of the issuance
+          time minus the backdate_duration. The not_after_time will be adjusted to preserve the
+          requested lifetime. The backdate_duration must be less than or equal to 48 hours.
       - name: 'maximumLifetime'
         type: String
         description: |
diff --git a/mmv1/templates/terraform/examples/privateca_capool_all_fields.tf.tmpl b/mmv1/templates/terraform/examples/privateca_capool_all_fields.tf.tmpl
@@ -22,6 +22,7 @@ resource "google_privateca_ca_pool" "{{$.PrimaryResourceId}}" {
         max_modulus_size = 10
       }
     }
+    backdate_duration = "3600s"
     maximum_lifetime = "50000s"
     allowed_issuance_modes {
       allow_csr_based_issuance = true

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ resource "google_privateca_ca_pool" "{{$.PrimaryResourceId}}" {`
`22`	`22`	`max_modulus_size = 10`
`23`	`23`	`}`
`24`	`24`	`}`
	`25`	`+ backdate_duration = "3600s"`
`25`	`26`	`maximum_lifetime = "50000s"`
`26`	`27`	`allowed_issuance_modes {`
`27`	`28`	`allow_csr_based_issuance = true`