IssueNodeCertificateRequest is the request for instances.issueNodeCertificate.
| JSON representation |
|---|
{
"instance"
:
string
,
"subjectPublicKey"
:
string
,
"ekPublicCertificate"
:
string
,
"attestation"
:
{
object (
|
| Fields | |
|---|---|
instance
|
Required. The name of the Compute Engine instance to issue a certificate for. Format: |
subjectPublicKey
|
Required. A PKIX-serialized public key to which the node identity certificate should be issued. A base64-encoded string. |
ekPublicCertificate
|
Required. The Public part of the EK (Endorsement key) loaded from the TPM. Will be ECDSA key. GKE will verify this certificate against claimed instance identity. A base64-encoded string. |
attestation
|
Required. The attestation public key that the client had the TPM generate. |
TPMAttestation
TPMAttestation holds TPM attestation key and associated metadata.
| JSON representation |
|---|
{ "publicKey" : string , "keyCreateData" : string , "keyCreateAttestation" : string , "keyCreateSignature" : string } |
| Fields | |
|---|---|
publicKey
|
Required. The attestation public key that the client had the TPM generate. Serialized as a TPMT_PUBLIC structure from TPM 2.0 Part 2 (Structures). A base64-encoded string. |
keyCreateData
|
Required. The creation properties of the attestation key. TPMS_CREATION_DATA structure from TPM 2.0 Part 2 (Structures). A base64-encoded string. |
keyCreateAttestation
|
Required. TPMS_ATTEST structure from TPM 2.0 Part 2 (Structures). A base64-encoded string. |
keyCreateSignature
|
Required. TPMT_SIGNATURE structure from TPM 2.0 Part 2 (Structures). A base64-encoded string. |
