Control: GCP > Project > Organization Policy > Define allowed root certificate authority [Deprecated]

Manage the GCP Organization Policy "Define allowed root certificate authority" for the project. BETA: This list constraint defines the set of trusted root certificate authorities from which the issued public certificates can be added to Cloud IAM Service Accounts. By default, all public certificates are allowed to be uploaded to Cloud IAM Service Accounts. If this constraint is active, only public certificates issued by the root certificate authorities in the allowed list will be eligible to be added to Cloud IAM service accounts. Note: This control has been deprecated in v5.1.0 and will be removed in the next major version.

Resource Types

This control targets the following resource types:

GCP > Project

Primary Policies

The following policies can be used to configure this control:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-orgpolicy#/control/types/iamAllowedPublicCertificateTrustedRootCa

Category URI

tmod:@turbot/turbot#/control/categories/policy

GraphQL

query controlType(id: "tmod:@turbot/gcp-orgpolicy#/control/types/iamAllowedPublicCertificateTrustedRootCa") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-orgpolicy#/control/types/iamAllowedPublicCertificateTrustedRootCa'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-orgpolicy#/control/types/iamAllowedPublicCertificateTrustedRootCa"