IssueNodeCertificateRequest

IssueNodeCertificateRequest is the request for instances.issueNodeCertificate.

JSON representation 
{
  "instance": string,
  "subjectPublicKey": string,
  "ekPublicCertificate": string,
  "attestation": {
    object (TPMAttestation)
  }
}
Fields
instance

string

Required. The name of the Compute Engine instance to issue a certificate for.

Format: projects/*/locations/*/instances/*.
subjectPublicKey

string (bytes format)

Required. A PKIX-serialized public key to which the node identity certificate should be issued.

A base64-encoded string.
ekPublicCertificate

string (bytes format)

Required. The Public part of the EK (Endorsement key) loaded from the TPM. Will be ECDSA key.

GKE will verify this certificate against claimed instance identity.

A base64-encoded string.
attestation

object (TPMAttestation)

Required. The attestation public key that the client had the TPM generate.

TPMAttestation

TPMAttestation holds TPM attestation key and associated metadata.

JSON representation 
{
  "publicKey": string,
  "keyCreateData": string,
  "keyCreateAttestation": string,
  "keyCreateSignature": string
}
Fields
publicKey

string (bytes format)

Required. The attestation public key that the client had the TPM generate.

Serialized as a TPMT_PUBLIC structure from TPM 2.0 Part 2 (Structures).

A base64-encoded string.
keyCreateData

string (bytes format)

Required. The creation properties of the attestation key. TPMS_CREATION_DATA structure from TPM 2.0 Part 2 (Structures).

A base64-encoded string.
keyCreateAttestation

string (bytes format)

Required. TPMS_ATTEST structure from TPM 2.0 Part 2 (Structures).

A base64-encoded string.
keyCreateSignature

string (bytes format)

Required. TPMT_SIGNATURE structure from TPM 2.0 Part 2 (Structures).

A base64-encoded string.