Chiebot-Mirror
/
googleapis
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Beta version of the Certificate Authority Service.

Browse Source 
PiperOrigin-RevId: 321230095
pull/611/head
Google APIs 5 years ago committed by Copybara-Service
parent 5099a037c9
commit 6ae314c051
6 changed files with 2320 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 386
      google/cloud/security/privateca/v1beta1/BUILD.bazel
  2. 18
      google/cloud/security/privateca/v1beta1/privateca_gapic.yaml
  3. 22
      google/cloud/security/privateca/v1beta1/privateca_grpc_service_config.json
  4. 61
      google/cloud/security/privateca/v1beta1/privateca_v1beta1.yaml
  5. 845
      google/cloud/security/privateca/v1beta1/resources.proto
  6. 988
      google/cloud/security/privateca/v1beta1/service.proto

386
google/cloud/security/privateca/v1beta1/BUILD.bazel
Unescape View File

@ -0,0 +1,386 @@
# This file was automatically generated by BuildFileGenerator
# https://github.com/googleapis/gapic-generator/tree/master/rules_gapic/bazel
# Most of the manual changes to this file will be overwritten.
# It's **only** allowed to change the following rule attribute values:
# - names of *_gapic_assembly_* rules
# - certain parameters of *_gapic_library rules, including but not limited to:
# * extra_protoc_parameters
# * extra_protoc_file_parameters
# The complete list of preserved parameters can be found in the source code.
# This is an API workspace, having public visibility by default makes perfect sense.
package(default_visibility = ["//visibility:public"])
##############################################################################
# Common
##############################################################################
load("@rules_proto//proto:defs.bzl", "proto_library")
load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info")
proto_library(
name = "privateca_proto",
srcs = [
"resources.proto",
"service.proto",
],
deps = [
"//google/api:annotations_proto",
"//google/api:client_proto",
"//google/api:field_behavior_proto",
"//google/api:resource_proto",
"//google/longrunning:operations_proto",
"@com_google_protobuf//:duration_proto",
"@com_google_protobuf//:field_mask_proto",
"@com_google_protobuf//:timestamp_proto",
"@com_google_protobuf//:wrappers_proto",
],
)
proto_library_with_info(
name = "privateca_proto_with_info",
deps = [
":privateca_proto",
"//google/cloud:common_resources_proto",
],
)
##############################################################################
# Java
##############################################################################
load(
"@com_google_googleapis_imports//:imports.bzl",
"java_gapic_assembly_gradle_pkg",
"java_gapic_library",
"java_gapic_test",
"java_grpc_library",
"java_proto_library",
)
java_proto_library(
name = "privateca_java_proto",
deps = [":privateca_proto"],
)
java_grpc_library(
name = "privateca_java_grpc",
srcs = [":privateca_proto"],
deps = [":privateca_java_proto"],
)
java_gapic_library(
name = "privateca_java_gapic",
src = ":privateca_proto_with_info",
gapic_yaml = "privateca_gapic.yaml",
grpc_service_config = "privateca_grpc_service_config.json",
package = "google.cloud.security.privateca.v1beta1",
service_yaml = "privateca_v1beta1.yaml",
test_deps = [
":privateca_java_grpc",
],
deps = [
":privateca_java_proto",
],
)
java_gapic_test(
name = "privateca_java_gapic_test_suite",
test_classes = [
"com.google.cloud.security.privateca.v1beta1.CertificateAuthorityServiceClientTest",
],
runtime_deps = [":privateca_java_gapic_test"],
)
# Open Source Packages
java_gapic_assembly_gradle_pkg(
name = "google-cloud-security-privateca-v1beta1-java",
deps = [
":privateca_java_gapic",
":privateca_java_grpc",
":privateca_java_proto",
":privateca_proto",
],
)
##############################################################################
# Go
##############################################################################
load(
"@com_google_googleapis_imports//:imports.bzl",
"go_gapic_assembly_pkg",
"go_gapic_library",
"go_proto_library",
"go_test",
)
go_proto_library(
name = "privateca_go_proto",
compilers = ["@io_bazel_rules_go//proto:go_grpc"],
importpath = "google.golang.org/genproto/googleapis/cloud/security/privateca/v1beta1",
protos = [":privateca_proto"],
deps = [
"//google/api:annotations_go_proto",
"//google/longrunning:longrunning_go_proto",
],
)
go_gapic_library(
name = "privateca_go_gapic",
srcs = [":privateca_proto_with_info"],
grpc_service_config = "privateca_grpc_service_config.json",
importpath = "cloud.google.com/go/security/privateca/apiv1beta1;privateca",
service_yaml = "privateca_v1beta1.yaml",
deps = [
":privateca_go_proto",
"//google/longrunning:longrunning_go_gapic",
"//google/longrunning:longrunning_go_proto",
"@com_google_cloud_go//longrunning:go_default_library",
"@io_bazel_rules_go//proto/wkt:duration_go_proto",
],
)
go_test(
name = "privateca_go_gapic_test",
srcs = [":privateca_go_gapic_srcjar_test"],
embed = [":privateca_go_gapic"],
importpath = "cloud.google.com/go/security/privateca/apiv1beta1",
)
# Open Source Packages
go_gapic_assembly_pkg(
name = "gapi-cloud-security-privateca-v1beta1-go",
deps = [
":privateca_go_gapic",
":privateca_go_gapic_srcjar-test.srcjar",
":privateca_go_proto",
],
)
##############################################################################
# Python
##############################################################################
load(
"@com_google_googleapis_imports//:imports.bzl",
"moved_proto_library",
"py_gapic_assembly_pkg",
"py_gapic_library",
"py_grpc_library",
"py_proto_library",
)
moved_proto_library(
name = "privateca_moved_proto",
srcs = [":privateca_proto"],
deps = [
"//google/api:annotations_proto",
"//google/api:client_proto",
"//google/api:field_behavior_proto",
"//google/api:resource_proto",
"//google/longrunning:operations_proto",
"@com_google_protobuf//:duration_proto",
"@com_google_protobuf//:field_mask_proto",
"@com_google_protobuf//:timestamp_proto",
"@com_google_protobuf//:wrappers_proto",
],
)
py_proto_library(
name = "privateca_py_proto",
plugin = "@protoc_docs_plugin//:docs_plugin",
deps = [":privateca_moved_proto"],
)
py_grpc_library(
name = "privateca_py_grpc",
srcs = [":privateca_moved_proto"],
deps = [":privateca_py_proto"],
)
py_gapic_library(
name = "privateca_py_gapic",
src = ":privateca_proto_with_info",
gapic_yaml = "privateca_gapic.yaml",
grpc_service_config = "privateca_grpc_service_config.json",
package = "google.cloud.security.privateca.v1beta1",
service_yaml = "privateca_v1beta1.yaml",
deps = [
":privateca_py_grpc",
":privateca_py_proto",
],
)
# Open Source Packages
py_gapic_assembly_pkg(
name = "security-privateca-v1beta1-py",
deps = [
":privateca_py_gapic",
":privateca_py_grpc",
":privateca_py_proto",
],
)
##############################################################################
# PHP
##############################################################################
load(
"@com_google_googleapis_imports//:imports.bzl",
"php_gapic_assembly_pkg",
"php_gapic_library",
"php_grpc_library",
"php_proto_library",
)
php_proto_library(
name = "privateca_php_proto",
deps = [":privateca_proto"],
)
php_grpc_library(
name = "privateca_php_grpc",
srcs = [":privateca_proto"],
deps = [":privateca_php_proto"],
)
php_gapic_library(
name = "privateca_php_gapic",
src = ":privateca_proto_with_info",
gapic_yaml = "privateca_gapic.yaml",
grpc_service_config = "privateca_grpc_service_config.json",
package = "google.cloud.security.privateca.v1beta1",
service_yaml = "privateca_v1beta1.yaml",
deps = [
":privateca_php_grpc",
":privateca_php_proto",
],
)
# Open Source Packages
php_gapic_assembly_pkg(
name = "google-cloud-security-privateca-v1beta1-php",
deps = [
":privateca_php_gapic",
":privateca_php_grpc",
":privateca_php_proto",
],
)
##############################################################################
# Node.js
##############################################################################
load(
"@com_google_googleapis_imports//:imports.bzl",
"nodejs_gapic_assembly_pkg",
"nodejs_gapic_library",
)
nodejs_gapic_library(
name = "privateca_nodejs_gapic",
src = ":privateca_proto_with_info",
grpc_service_config = "privateca_grpc_service_config.json",
package = "google.cloud.security.privateca.v1beta1",
service_yaml = "privateca_v1beta1.yaml",
deps = [],
)
nodejs_gapic_assembly_pkg(
name = "security-privateca-v1beta1-nodejs",
deps = [
":privateca_nodejs_gapic",
":privateca_proto",
],
)
##############################################################################
# Ruby
##############################################################################
load(
"@com_google_googleapis_imports//:imports.bzl",
"ruby_gapic_assembly_pkg",
"ruby_gapic_library",
"ruby_grpc_library",
"ruby_proto_library",
)
ruby_proto_library(
name = "privateca_ruby_proto",
deps = [":privateca_proto"],
)
ruby_grpc_library(
name = "privateca_ruby_grpc",
srcs = [":privateca_proto"],
deps = [":privateca_ruby_proto"],
)
ruby_gapic_library(
name = "privateca_ruby_gapic",
src = ":privateca_proto_with_info",
gapic_yaml = "privateca_gapic.yaml",
grpc_service_config = "privateca_grpc_service_config.json",
package = "google.cloud.security.privateca.v1beta1",
service_yaml = "privateca_v1beta1.yaml",
deps = [
":privateca_ruby_grpc",
":privateca_ruby_proto",
],
)
# Open Source Packages
ruby_gapic_assembly_pkg(
name = "google-cloud-security-privateca-v1beta1-ruby",
deps = [
":privateca_ruby_gapic",
":privateca_ruby_grpc",
":privateca_ruby_proto",
],
)
##############################################################################
# C#
##############################################################################
load(
"@com_google_googleapis_imports//:imports.bzl",
"csharp_gapic_assembly_pkg",
"csharp_gapic_library",
"csharp_grpc_library",
"csharp_proto_library",
)
csharp_proto_library(
name = "privateca_csharp_proto",
deps = [":privateca_proto"],
)
csharp_grpc_library(
name = "privateca_csharp_grpc",
srcs = [":privateca_proto"],
deps = [":privateca_csharp_proto"],
)
csharp_gapic_library(
name = "privateca_csharp_gapic",
src = ":privateca_proto_with_info",
gapic_yaml = "privateca_gapic.yaml",
grpc_service_config = "privateca_grpc_service_config.json",
package = "google.cloud.security.privateca.v1beta1",
service_yaml = "privateca_v1beta1.yaml",
deps = [
":privateca_csharp_grpc",
":privateca_csharp_proto",
],
)
# Open Source Packages
csharp_gapic_assembly_pkg(
name = "google-cloud-security-privateca-v1beta1-csharp",
deps = [
":privateca_csharp_gapic",
":privateca_csharp_grpc",
":privateca_csharp_proto",
],
)
##############################################################################
# C++
##############################################################################
# Put your C++ rules here

18
google/cloud/security/privateca/v1beta1/privateca_gapic.yaml
Unescape View File

@ -0,0 +1,18 @@
type: com.google.api.codegen.ConfigProto
config_schema_version: 2.0.0
language_settings:
java:
package_name: com.google.cloud.security.privateca.v1beta1
python:
package_name: google.cloud.security.privateca_v1beta1.gapic
go:
package_name: cloud.google.com/go/security/privateca/apiv1beta1
csharp:
package_name: Google.Cloud.Security.PrivateCA.V1Alpha1
ruby:
package_name: Google::Cloud::Security::Privateca::V1beta1
php:
package_name: Google\Cloud\Security\Privateca\V1beta1
nodejs:
package_name: privateca.v1beta1
domain_layer_location: google-cloud

22
google/cloud/security/privateca/v1beta1/privateca_grpc_service_config.json
Unescape View File

@ -0,0 +1,22 @@
{
"methodConfig": [
{
"name": [
{
"service": "google.cloud.security.privateca.v1beta1.CertificateAuthorityService"
}
],
"timeout": "60s",
"retryPolicy": {
"initialBackoff": "0.100s",
"maxBackoff": "60s",
"backoffMultiplier": 1.3,
"retryableStatusCodes": [
"UNKNOWN",
"UNAVAILABLE",
"DEADLINE_EXCEEDED"
]
}
}
]
}

61
google/cloud/security/privateca/v1beta1/privateca_v1beta1.yaml
Unescape View File

@ -0,0 +1,61 @@
type: google.api.Service
config_version: 3
name: privateca.googleapis.com
title: Certificate Authority Service API
apis:
- name: google.cloud.security.privateca.v1beta1.CertificateAuthorityService
types:
- name: google.cloud.security.privateca.v1beta1.OperationMetadata
documentation:
rules:
- selector: google.iam.v1.IAMPolicy.GetIamPolicy
description: |-
Gets the access control policy for a resource. Returns an empty policy
if the resource exists and does not have a policy set.
- selector: google.iam.v1.IAMPolicy.SetIamPolicy
description: |-
Sets the access control policy on the specified resource. Replaces
any existing policy.
Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
errors.
- selector: google.iam.v1.IAMPolicy.TestIamPermissions
description: |-
Returns permissions that a caller has on the specified resource. If the
resource does not exist, this will return an empty set of
permissions, not a `NOT_FOUND` error.
Note: This operation is designed to be used for building
permission-aware UIs and command-line tools, not for authorization
checking. This operation may "fail open" without warning.
backend:
rules:
- selector: 'google.cloud.security.privateca.v1beta1.CertificateAuthorityService.*'
deadline: 60.0
- selector: 'google.iam.v1.IAMPolicy.*'
deadline: 60.0
- selector: 'google.longrunning.Operations.*'
deadline: 60.0
- selector: google.longrunning.Operations.GetOperation
deadline: 5.0
authentication:
rules:
- selector: 'google.cloud.security.privateca.v1beta1.CertificateAuthorityService.*'
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform
- selector: 'google.iam.v1.IAMPolicy.*'
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform
- selector: 'google.longrunning.Operations.*'
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform

845
google/cloud/security/privateca/v1beta1/resources.proto
Unescape View File

@ -0,0 +1,845 @@
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.cloud.security.privateca.v1beta1;
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/wrappers.proto";
import "google/api/annotations.proto";
option cc_enable_arenas = true;
option csharp_namespace = "Google.Cloud.Security.PrivateCA.V1Beta1";
option go_package = "google.golang.org/genproto/googleapis/cloud/security/privateca/v1beta1;privateca";
option java_multiple_files = true;
option java_outer_classname = "PrivateCaResourcesProto";
option java_package = "com.google.cloud.security.privateca.v1beta1";
// A [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] represents an individual Certificate Authority.
// A [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] can be used to create [Certificates][google.cloud.security.privateca.v1beta1.Certificate].
message CertificateAuthority {
option (google.api.resource) = {
type: "privateca.googleapis.com/CertificateAuthority"
pattern: "projects/{project}/locations/{location}/certificateAuthorities/{certificate_authority}"
};
// Options that affect all certificates issued by a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
message IssuingOptions {
// Required. When true, includes a URL to the issuing CA certificate in the
// "authority information access" X.509 extension.
bool include_ca_cert_url = 1 [(google.api.field_behavior) = REQUIRED];
// Required. When true, includes a URL to the CRL corresponding to certificates
// issued from a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
// CRLs will expire 7 days from their creation. However, we will rebuild
// daily. CRLs are also rebuilt shortly after a certificate is revoked.
bool include_crl_access_url = 2 [(google.api.field_behavior) = REQUIRED];
}
// The issuing policy for a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
// [Certificates][google.cloud.security.privateca.v1beta1.Certificate] will not be successfully issued from this
// [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] if they violate the policy.
message CertificateAuthorityPolicy {
message AllowedConfigList {
// Required. All [Certificates][google.cloud.security.privateca.v1beta1.Certificate] issued by the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]
// must match at least one listed [ReusableConfigWrapper][google.cloud.security.privateca.v1beta1.ReusableConfigWrapper]. If a
// [ReusableConfigWrapper][google.cloud.security.privateca.v1beta1.ReusableConfigWrapper] has an empty field, any value will be
// allowed for that field.
repeated ReusableConfigWrapper allowed_config_values = 1 [(google.api.field_behavior) = REQUIRED];
}
// [AllowedSubjectAltNames][google.cloud.security.privateca.v1beta1.CertificateAuthority.CertificateAuthorityPolicy.AllowedSubjectAltNames] specifies the allowed values for
// [SubjectAltNames][google.cloud.security.privateca.v1beta1.SubjectAltNames] by the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] when issuing
// [Certificates][google.cloud.security.privateca.v1beta1.Certificate].
message AllowedSubjectAltNames {
// Optional. Contains valid, fully-qualified host names. Glob patterns are also
// supported. To allow an explicit wildcard certificate, escape with
// backlash (i.e. "\*").
// E.g. for globbed entries: '*bar.com' will allow foo.bar.com, but not
// *.bar.com, unless the [allow_globbing_dns_wildcards][google.cloud.security.privateca.v1beta1.CertificateAuthority.CertificateAuthorityPolicy.AllowedSubjectAltNames.allow_globbing_dns_wildcards] field is set.
// E.g. for wildcard entries: '\*.bar.com' will allow '*.bar.com', but not
// 'foo.bar.com'.
repeated string allowed_dns_names = 1 [(google.api.field_behavior) = OPTIONAL];
// Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To
// match across path seperators (i.e. '/') use the double star glob
// pattern (i.e. '**').
repeated string allowed_uris = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also
// supported.
repeated string allowed_email_addresses = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6
// addresses and subnet ranges. Subnet ranges are specified using the
// '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns
// are supported only for ip address entries (i.e. not for subnet ranges).
repeated string allowed_ips = 4 [(google.api.field_behavior) = OPTIONAL];
// Optional. Specifies if glob patterns used for [allowed_dns_names][google.cloud.security.privateca.v1beta1.CertificateAuthority.CertificateAuthorityPolicy.AllowedSubjectAltNames.allowed_dns_names] allows
// wildcard certificates.
bool allow_globbing_dns_wildcards = 5 [(google.api.field_behavior) = OPTIONAL];
// Optional. Specifies if to allow custom X509Extension values.
bool allow_custom_sans = 6 [(google.api.field_behavior) = OPTIONAL];
}
// [CloudFunctionPolicy][google.cloud.security.privateca.v1beta1.CertificateAuthority.CertificateAuthorityPolicy.CloudFunctionPolicy] specifies the Cloud Function custom certificate
// policy for certificate issuance.
message CloudFunctionPolicy {
// Required. The resource name of the Cloud Function to invoke, in the format
// `projects/*/locations/*/functions/*`.
string name = 1 [(google.api.field_behavior) = REQUIRED];
}
// Allowed configurations or a single configuration for all issued
// certificates.
oneof config_policy {
// Optional. All [Certificates][google.cloud.security.privateca.v1beta1.Certificate] issued by the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]
// must match at least one listed [ReusableConfigWrapper][google.cloud.security.privateca.v1beta1.ReusableConfigWrapper] in the list.
AllowedConfigList allowed_config_list = 1 [(google.api.field_behavior) = OPTIONAL];
// Optional. All [Certificates][google.cloud.security.privateca.v1beta1.Certificate] issued by the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]
// will use the provided configuration values, overwriting any requested
// configuration values.
ReusableConfigWrapper overwrite_config_values = 2 [(google.api.field_behavior) = OPTIONAL];
}
// Optional. If any [Subject][google.cloud.security.privateca.v1beta1.Subject] is specified here, then all
// [Certificates][google.cloud.security.privateca.v1beta1.Certificate] issued by the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] must
// match at least one listed [Subject][google.cloud.security.privateca.v1beta1.Subject]. If a [Subject][google.cloud.security.privateca.v1beta1.Subject] has an empty
// field, any value will be allowed for that field.
repeated Subject allowed_locations_and_organizations = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. If any value is specified here, then all
// [Certificates][google.cloud.security.privateca.v1beta1.Certificate] issued by the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] must
// match at least one listed value. If no value is specified, all values
// will be allowed for this fied. Glob patterns are also supported.
repeated string allowed_common_names = 4 [(google.api.field_behavior) = OPTIONAL];
// Optional. If a [AllowedSubjectAltNames][google.cloud.security.privateca.v1beta1.CertificateAuthority.CertificateAuthorityPolicy.AllowedSubjectAltNames] is specified here, then all
// [Certificates][google.cloud.security.privateca.v1beta1.Certificate] issued by the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] must
// match [AllowedSubjectAltNames][google.cloud.security.privateca.v1beta1.CertificateAuthority.CertificateAuthorityPolicy.AllowedSubjectAltNames]. If no value or an empty value
// is specified, any value will be allowed for the [SubjectAltNames][google.cloud.security.privateca.v1beta1.SubjectAltNames]
// field.
AllowedSubjectAltNames allowed_sans = 5 [(google.api.field_behavior) = OPTIONAL];
// Optional. The maximum lifetime allowed by the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]. Note that
// if the any part if the issuing chain expires before a [Certificate][google.cloud.security.privateca.v1beta1.Certificate]'s
// requested maximum_lifetime, the effective lifetime will be explicitly
// truncated.
google.protobuf.Duration maximum_lifetime = 6 [(google.api.field_behavior) = OPTIONAL];
// Optional. If specified, use a Cloud Function to implement custom certificate policy
// for certificate issuance.
CloudFunctionPolicy cloud_function_policy = 7 [(google.api.field_behavior) = OPTIONAL];
}
// URLs where a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] will publish content.
message AccessUrls {
// The URL where this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]'s CA certificate is
// published. This will only be set for CAs that have been activated.
string ca_certificate_access_url = 1;
// The URL where this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]'s CRLs are published. This
// will only be set for CAs that have been activated.
string crl_access_url = 2;
}
// A Cloud KMS key configuration that a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] will use.
message KeyVersionSpec {
oneof KeyVersion {
// Required. The resource name for an existing Cloud KMS CryptoKeyVersion in the
// format`projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
// This option enables full flexibility in the key's capabilities and
// properties.
string cloud_kms_key_version = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The algorithm to use for creating a managed Cloud KMS key for a for a
// simplified experience. All managed keys will be have their
// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
SignHashAlgorithm algorithm = 2 [(google.api.field_behavior) = REQUIRED];
}
}
// The type of a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority], indicating its issuing chain.
enum Type {
// Not specified.
TYPE_UNSPECIFIED = 0;
// Self-signed CA.
SELF_SIGNED = 1;
// Subordinate CA. Could be issued by a Private CA [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]
// or an unmanaged CA.
SUBORDINATE = 2;
}
// The tier of a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority], indicating its supported
// functionality and/or billing SKU.
enum Tier {
// Not specified.
TIER_UNSPECIFIED = 0;
// Enterprise tier.
ENTERPRISE = 1;
// DevOps tier.
DEVOPS = 2;
}
// The state of a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority], indicating if it can be used.
enum State {
// Not specified.
STATE_UNSPECIFIED = 0;
// Certificates can be issued from this CA. CRLs will be generated for this
// CA.
ENABLED = 1;
// Certificates cannot be issued from this CA. CRLs will still be generated.
DISABLED = 2;
// Certificates cannot be issued from this CA. CRLs will not be generated.
PENDING_ACTIVATION = 3;
// Certificates cannot be issued from this CA. CRLs will not be generated.
PENDING_DELETION = 4;
}
// The algorithm of a Cloud KMS CryptoKeyVersion of a
// [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
// [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
// `ASYMMETRIC_SIGN`. These values correspond to the
// [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKey.CryptoKeyVersion.CryptoKeyVersionAlgorithm].
// values.
enum SignHashAlgorithm {
// Not specified.
SIGN_HASH_ALGORITHM_UNSPECIFIED = 0;
// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
RSA_2048_SHA_256 = 1;
// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
RSA_3072_SHA_256 = 2;
// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
RSA_4096_SHA_256 = 3;
// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
EC_P256_SHA256 = 4;
// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA256
EC_P384_SHA256 = 5;
// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P521_SHA256
EC_P521_SHA256 = 6;
}
// Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
// format `projects/*/locations/*/certificateAuthorities/*`.
string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
// Required. Immutable. The [Type][google.cloud.security.privateca.v1beta1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
Type type = 2 [
(google.api.field_behavior) = REQUIRED,
(google.api.field_behavior) = IMMUTABLE
];
// Required. Immutable. The [Tier][google.cloud.security.privateca.v1beta1.CertificateAuthority.Tier] of this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
Tier tier = 3 [
(google.api.field_behavior) = REQUIRED,
(google.api.field_behavior) = IMMUTABLE
];
// Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
CertificateConfig config = 4 [
(google.api.field_behavior) = REQUIRED,
(google.api.field_behavior) = IMMUTABLE
];
// Required. The desired lifetime of the CA certificate. Used to create the
// "not_before_time" and "not_after_time" fields inside an X.509
// certificate.
google.protobuf.Duration lifetime = 5 [(google.api.field_behavior) = REQUIRED];
// Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]. If this
// [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] is a self-signed CertificateAuthority, this key
// is also used to sign the self-signed CA certificate. Otherwise, it
// is used to sign a CSR.
KeyVersionSpec key_spec = 6 [
(google.api.field_behavior) = REQUIRED,
(google.api.field_behavior) = IMMUTABLE
];
// Optional. The [CertificateAuthorityPolicy][google.cloud.security.privateca.v1beta1.CertificateAuthority.CertificateAuthorityPolicy] to enforce when issuing
// [Certificates][google.cloud.security.privateca.v1beta1.Certificate] from this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
CertificateAuthorityPolicy certificate_policy = 7 [(google.api.field_behavior) = OPTIONAL];
// Optional. The [IssuingOptions][google.cloud.security.privateca.v1beta1.CertificateAuthority.IssuingOptions] to follow when issuing [Certificates][google.cloud.security.privateca.v1beta1.Certificate]
// from this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
IssuingOptions issuing_options = 8 [(google.api.field_behavior) = OPTIONAL];
// Optional. This [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]'s issuer chain. If self-signed, will be the
// same as 'pem_cert'. This may be updated (e.g., if an issuer's cert was
// replaced). Expected to be in issuer-to-root order according to RFC 5246.
repeated string pem_issuer_cert_chain = 9 [(google.api.field_behavior) = OPTIONAL];
// Output only. The [State][google.cloud.security.privateca.v1beta1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
State state = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. This [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]'s CA certificate.
string pem_certificate = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]'s CA cert.
CertificateDescription ca_certificate_description = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
// Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] will
// publish content, such as the CA certificate and CRLs. This must be a bucket
// name, without any prefixes (such as `gs://`) or suffixes (such as
// `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
// would simply specify `my-bucket`. If not specified, a managed bucket will
// be created.
string gcs_bucket = 13 [(google.api.field_behavior) = IMMUTABLE];
// Output only. URLs for accessing content published by this CA, such as the CA certificate
// and CRLs.
AccessUrls access_urls = 14 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] was created.
google.protobuf.Timestamp create_time = 15 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] was updated.
google.protobuf.Timestamp update_time = 16 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] will be deleted, if
// scheduled for deletion.
google.protobuf.Timestamp deletion_time = 17 [(google.api.field_behavior) = OUTPUT_ONLY];
// Optional. Labels with user-defined metadata.
map<string, string> labels = 18 [(google.api.field_behavior) = OPTIONAL];
}
// A [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] corresponds to a signed X.509 certificate
// Revocation List (CRL). A CRL contains the serial numbers of certificates that
// should no longer be trusted.
message CertificateRevocationList {
option (google.api.resource) = {
type: "privateca.googleapis.com/CertificateRevocationList"
pattern: "projects/{project}/locations/{location}/certificateAuthorities/{certificate_authority}/certificateRevocationLists/{certificate_revocation_list}"
};
// Describes a revoked [Certificate][google.cloud.security.privateca.v1beta1.Certificate].
message RevokedCertificate {
// The resource path for the [Certificate][google.cloud.security.privateca.v1beta1.Certificate] in the format
// `projects/*/locations/*/certificateAuthorities/*/certificates/*`.
string certificate = 1;
// The serial number of the [Certificate][google.cloud.security.privateca.v1beta1.Certificate].
string hex_serial_number = 2;
// The reason the [Certificate][google.cloud.security.privateca.v1beta1.Certificate] was revoked.
RevocationReason revocation_reason = 3;
}
// The state of a [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList], indicating if it is current.
enum State {
// Not specified.
STATE_UNSPECIFIED = 0;
// The [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] is up to date.
ACTIVE = 1;
// The [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] is no longer current.
SUPERSEDED = 2;
}
// Output only. The resource path for this [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] in
// the format
// `projects/*/locations/*/certificateAuthorities/*/
// certificateRevocationLists/*`.
string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The CRL sequence number that appears in pem_crl.
int64 sequence_number = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The revoked serial numbers that appear in pem_crl.
repeated RevokedCertificate revoked_certificates = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The PEM-encoded X.509 CRL.
string pem_crl = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The location where 'pem_crl' can be accessed.
string access_url = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The [State][google.cloud.security.privateca.v1beta1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList].
State state = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] was created.
google.protobuf.Timestamp create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] was updated.
google.protobuf.Timestamp update_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
// Optional. Labels with user-defined metadata.
map<string, string> labels = 9 [(google.api.field_behavior) = OPTIONAL];
}
// A [Certificate][google.cloud.security.privateca.v1beta1.Certificate] corresponds to a signed X.509 certificate issued by a
// [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
message Certificate {
option (google.api.resource) = {
type: "privateca.googleapis.com/Certificate"
pattern: "projects/{project}/locations/{location}/certificateAuthorities/{certificate_authority}/certificates/{certificate}"
};
// Describes fields that are relavent to the revocation of a [Certificate][google.cloud.security.privateca.v1beta1.Certificate].
message RevocationDetails {
// Indicates why a [Certificate][google.cloud.security.privateca.v1beta1.Certificate] was revoked.
RevocationReason revocation_state = 1;
// The time at which this [Certificate][google.cloud.security.privateca.v1beta1.Certificate] was revoked.
google.protobuf.Timestamp revocation_time = 2;
}
// Output only. The resource path for this [Certificate][google.cloud.security.privateca.v1beta1.Certificate] in the format
// `projects/*/locations/*/certificateAuthorities/*/certificates/*`.
string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
// The config used to create a signed X.509 certificate.
oneof certificate_config {
// Immutable. A pem-encoded X.509 certificate signing request (CSR).
string pem_csr = 2 [(google.api.field_behavior) = IMMUTABLE];
// Immutable. A description of the certificate and key that does not require X.509 or
// ASN.1.
CertificateConfig config = 3 [(google.api.field_behavior) = IMMUTABLE];
}
// Required. The desired lifetime of a certificate. Used to create the
// "not_before_time" and "not_after_time" fields inside an X.509
// certificate. Note that the lifetime may be truncated if it would extend
// past the life of any certificate authority in the issuing chain.
google.protobuf.Duration lifetime = 4 [(google.api.field_behavior) = REQUIRED];
// Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1beta1.Certificate]. This
// [Certificate][google.cloud.security.privateca.v1beta1.Certificate] is considered revoked if and only if this field is present.
RevocationDetails revocation_details = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The pem-encoded, signed X.509 certificate.
string pem_certificate = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. A structured description of the issued X.509 certificate.
CertificateDescription certificate_description = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The chain that may be used to verify the X.509 certificate. Expected to be
// in issuer-to-root order according to RFC 5246.
repeated string pem_certificate_chain = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time at which this [Certificate][google.cloud.security.privateca.v1beta1.Certificate] was created.
google.protobuf.Timestamp create_time = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time at which this [Certificate][google.cloud.security.privateca.v1beta1.Certificate] was updated.
google.protobuf.Timestamp update_time = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
// Optional. Labels with user-defined metadata.
map<string, string> labels = 11 [(google.api.field_behavior) = OPTIONAL];
}
// A [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig] refers to a managed [ReusableConfigValues][google.cloud.security.privateca.v1beta1.ReusableConfigValues]. Those, in
// turn, are used to describe certain fields of an X.509 certificate, such as
// the key usage fields, fields specific to CA certificates, certificate policy
// extensions and custom extensions.
message ReusableConfig {
option (google.api.resource) = {
type: "privateca.googleapis.com/ReusableConfig"
pattern: "projects/{project}/locations/{location}/reusableConfigs/{reusable_config}"
};
// Output only. The resource path for this [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig] in the format
// `projects/*/locations/*/reusableConfigs/*`.
string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
// Required. The config values.
ReusableConfigValues values = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. A human-readable description of scenarios these ReusableConfigValues may be
// compatible with.
string description = 3 [(google.api.field_behavior) = OPTIONAL];
// Output only. The time at which this [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig] was created.
google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time at which this [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig] was updated.
google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Optional. Labels with user-defined metadata.
map<string, string> labels = 6 [(google.api.field_behavior) = OPTIONAL];
}
// A [ReusableConfigValues][google.cloud.security.privateca.v1beta1.ReusableConfigValues] is used to describe certain fields of an
// X.509 certificate, such as the key usage fields, fields specific to CA
// certificates, certificate policy extensions and custom extensions.
message ReusableConfigValues {
// Describes values that are relevant in a CA certificate.
message CaOptions {
// Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
// value is missing, the extension will be omitted from the CA certificate.
google.protobuf.BoolValue is_ca = 1 [(google.api.field_behavior) = OPTIONAL];
// Optional. Refers to the path length restriction X.509 extension. For a CA
// certificate, this value describes the depth of subordinate CA
// certificates that are allowed.
// If this value is less than 0, the request will fail.
// If this value is missing, the max path length will be omitted from the
// CA certificate.
google.protobuf.Int32Value max_issuer_path_length = 2 [(google.api.field_behavior) = OPTIONAL];
}
// Optional. Indicates the intended use for keys that correspond to a certificate.
KeyUsage key_usage = 1 [(google.api.field_behavior) = OPTIONAL];
// Optional. Describes options in this [ReusableConfigValues][google.cloud.security.privateca.v1beta1.ReusableConfigValues] that are
// relevant in a CA certificate.
CaOptions ca_options = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Describes the X.509 certificate policy object identifiers, per
// https://tools.ietf.org/html/rfc5280#section-4.2.1.4rfc5280
repeated ObjectId policy_ids = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
// that appear in the "Authority Information Access" extension in the
// certificate.
repeated string aia_ocsp_servers = 4 [(google.api.field_behavior) = OPTIONAL];
// Optional. Describes custom X.509 extensions.
repeated X509Extension additional_extensions = 5 [(google.api.field_behavior) = OPTIONAL];
}
// A [ReusableConfigWrapper][google.cloud.security.privateca.v1beta1.ReusableConfigWrapper] describes values that may assist in creating an
// X.509 certificate, or a reference to a pre-defined set of values.
message ReusableConfigWrapper {
// Reusable or inline config values.
oneof config_values {
// Required. A resource path to a [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig] in the format
// `projects/*/locations/*/reusableConfigs/*`.
string reusable_config = 1 [(google.api.field_behavior) = REQUIRED];
// Required. A user-specified inline [ReusableConfigValues][google.cloud.security.privateca.v1beta1.ReusableConfigValues].
ReusableConfigValues reusable_config_values = 2 [(google.api.field_behavior) = REQUIRED];
}
}
// A [PublicKey][google.cloud.security.privateca.v1beta1.PublicKey] describes a public key.
message PublicKey {
// Types of public keys that are supported.
// At a minimum, we support RSA and ECDSA, for the key sizes or curves listed:
// https://cloud.google.com/kms/docs/algorithms#asymmetric_signing_algorithms
enum KeyType {
// Default unspecified value.
KEY_TYPE_UNSPECIFIED = 0;
// A PEM-encoded PKCS#1/RFC 3447 RSAPrivateKey structure.
PEM_RSA_KEY = 1;
// A PEM-encoded compressed NIST P-256/secp256r1/prime256v1 or P-384 key.
PEM_EC_KEY = 2;
}
// Required. The type of public key.
KeyType type = 1 [(google.api.field_behavior) = REQUIRED];
// Required. A public key. Padding and encoding varies by 'KeyType' and is described
// along with the KeyType values.
bytes key = 2 [(google.api.field_behavior) = REQUIRED];
}
// A [CertificateConfig][google.cloud.security.privateca.v1beta1.CertificateConfig] describes an X.509 certificate or CSR that is to be
// created, as an alternative to using ASN.1.
message CertificateConfig {
// These values are used to create the distinguished name and subject
// alternative name fields in an X.509 certificate.
message SubjectConfig {
// Required. Contains distinguished name fields such as the location and organization.
Subject subject = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. The "common name" of the distinguished name.
string common_name = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The subject alternative name fields.
SubjectAltNames subject_alt_name = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Required. Specifies some of the values in a certificate that are related to the
// subject.
SubjectConfig subject_config = 1 [(google.api.field_behavior) = REQUIRED];
// Required. Describes how some of the technical fields in a certificate should be
// populated.
ReusableConfigWrapper reusable_config = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. The public key that corresponds to this config. This is, for example, used
// when issuing [Certificates][google.cloud.security.privateca.v1beta1.Certificate], but not when creating a
// self-signed [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] CSR.
PublicKey public_key = 3 [(google.api.field_behavior) = OPTIONAL];
}
// A [CertificateDescription][google.cloud.security.privateca.v1beta1.CertificateDescription] describes an X.509 certificate or CSR that has
// been issued, as an alternative to using ASN.1 / X.509.
message CertificateDescription {
// These values describe fields in an issued X.509 certificate such as the
// distinguished name, subject alternative names, serial number, and lifetime.
message SubjectDescription {
// Contains distinguished name fields such as the location and organization.
Subject subject = 1;
// The "common name" of the distinguished name.
string common_name = 2;
// The subject alternative name fields.
SubjectAltNames subject_alt_name = 3;
// The serial number encoded in lowercase hexadecimal.
string hex_serial_number = 4;
// For convenience, the actual lifetime of an issued certificate.
// Corresponds to 'not_after_time' - 'not_before_time'.
google.protobuf.Duration lifetime = 5;
// The time at which the certificate becomes valid.
google.protobuf.Timestamp not_before_time = 6;
// The time at which the certificate expires.
google.protobuf.Timestamp not_after_time = 7;
}
// A KeyId identifies a specific public key, usually by hashing the public
// key.
message KeyId {
// Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
// likely the 160 bit SHA-1 hash of the public key.
string key_id = 1 [(google.api.field_behavior) = OPTIONAL];
}
// Describes some of the values in a certificate that are related to the
// subject and lifetime.
SubjectDescription subject_description = 1;
// Describes some of the technical fields in a certificate.
ReusableConfigValues config_values = 2;
// The public key that corresponds to an issued certificate.
PublicKey public_key = 3;
// Provides a means of identifiying certificates that contain a particular
// public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
KeyId subject_key_id = 4;
// Identifies the subject_key_id of the parent certificate, per
// https://tools.ietf.org/html/rfc5280#section-4.2.1.1
KeyId authority_key_id = 5;
// Describes a list of locations to obtain CRL information, i.e.
// the DistributionPoint.fullName described by
// https://tools.ietf.org/html/rfc5280#section-4.2.1.13
repeated string crl_distribution_points = 6;
// Describes lists of issuer CA certificate URLs that appear in the
// "Authority Information Access" extension in the certificate.
repeated string aia_issuing_certificate_urls = 7;
}
// An [ObjectId][google.cloud.security.privateca.v1beta1.ObjectId] specifies an object identifier (OID). These provide context
// and describe types in ASN.1 messages.
message ObjectId {
// Required. The parts of an OID path. The most significant parts of the path come
// first.
repeated int32 object_id_path = 1 [(google.api.field_behavior) = REQUIRED];
}
// An [X509Extension][google.cloud.security.privateca.v1beta1.X509Extension] specifies an X.509 extension, which may be used in
// different parts of X.509 objects like certificates, CSRs, and CRLs.
message X509Extension {
// Required. The OID for this X.509 extension.
ObjectId object_id = 1 [(google.api.field_behavior) = REQUIRED];
// Required. Indicates whether or not this extension is critical (i.e., if the client
// does not know how to handle this extension, the client should consider this
// to be an error).
bool critical = 2 [(google.api.field_behavior) = REQUIRED];
// Required. The value of this X.509 extension.
bytes value = 3 [(google.api.field_behavior) = REQUIRED];
}
// A [KeyUsage][google.cloud.security.privateca.v1beta1.KeyUsage] describes key usage values that may appear in an X.509
// certificate.
message KeyUsage {
// [KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1beta1.KeyUsage.KeyUsageOptions] corresponds to the key usage values
// described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
message KeyUsageOptions {
// The key may be used for digital signatures.
bool digital_signature = 1;
// The key may be used for cryptographic commitments. Note that this may
// also be referred to as "non-repudiation".
bool content_commitment = 2;
// The key may be used to encipher other keys.
bool key_encipherment = 3;
// The key may be used to encipher data.
bool data_encipherment = 4;
// The key may be used in a key agreement protocol.
bool key_agreement = 5;
// The key may be used to sign certificates.
bool cert_sign = 6;
// The key may be used sign certificate revocation lists.
bool crl_sign = 7;
// The key may be used to encipher only.
bool encipher_only = 8;
// The key may be used to decipher only.
bool decipher_only = 9;
}
// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1beta1.KeyUsage.ExtendedKeyUsageOptions] has fields that correspond to
// certain common OIDs that could be specified as an extended key usage value.
message ExtendedKeyUsageOptions {
// Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
// server authentication", though regularly used for non-WWW TLS.
bool server_auth = 1;
// Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
// client authentication", though regularly used for non-WWW TLS.
bool client_auth = 2;
// Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
// downloadable executable code client authentication".
bool code_signing = 3;
// Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
// protection".
bool email_protection = 4;
// Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
// the hash of an object to a time".
bool time_stamping = 5;
// Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
// OCSP responses".
bool ocsp_signing = 6;
}
// Describes high-level ways in which a key may be used.
KeyUsageOptions base_key_usage = 1;
// Detailed scenarios in which a key may be used.
ExtendedKeyUsageOptions extended_key_usage = 2;
// Used to describe extended key usages that are not listed in the
// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1beta1.KeyUsage.ExtendedKeyUsageOptions] message.
repeated ObjectId unknown_extended_key_usages = 3;
}
// [Subject][google.cloud.security.privateca.v1beta1.Subject] describes parts of a distinguished name that, in turn,
// describes the subject of the certificate.
message Subject {
// The country code of the subject.
string country_code = 1;
// The organization of the subject.
string organization = 2;
// The organizational_unit of the subject.
string organizational_unit = 3;
// The locality or city of the subject.
string locality = 4;
// The province, territory, or regional state of the subject.
string province = 5;
// The street address of the subject.
string street_address = 6;
// The postal code of the subject.
string postal_code = 7;
}
// [SubjectAltNames][google.cloud.security.privateca.v1beta1.SubjectAltNames] corresponds to a more modern way of listing what
// the asserted identity is in a certificate (i.e., compared to the "common
// name" in the distinguished name).
message SubjectAltNames {
// Contains only valid, fully-qualified host names.
repeated string dns_names = 1;
// Contains only valid RFC 3986 URIs.
repeated string uris = 2;
// Contains only valid RFC 2822 E-mail addresses.
repeated string email_addresses = 3;
// Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
repeated string ip_addresses = 4;
// Contains additional subject alternative name values.
repeated X509Extension custom_sans = 5;
}
// A [RevocationReason][google.cloud.security.privateca.v1beta1.RevocationReason] indicates whether a [Certificate][google.cloud.security.privateca.v1beta1.Certificate] has been revoked,
// and the reason for revocation. These are standard revocation reasons from RFC
// 5280.
enum RevocationReason {
// Default unspecified value. This value does indicate that a [Certificate][google.cloud.security.privateca.v1beta1.Certificate]
// has been revoked, but that a reason has not been recorded.
REVOCATION_REASON_UNSPECIFIED = 0;
// Key material for this [Certificate][google.cloud.security.privateca.v1beta1.Certificate] may have leaked.
KEY_COMPROMISE = 1;
// The key material for a certificate authority in the issuing path may have
// leaked.
CERTIFICATE_AUTHORITY_COMPROMISE = 2;
// The subject or other attributes in this [Certificate][google.cloud.security.privateca.v1beta1.Certificate] have changed.
AFFILIATION_CHANGED = 3;
// This [Certificate][google.cloud.security.privateca.v1beta1.Certificate] has been superseded.
SUPERSEDED = 4;
// This [Certificate][google.cloud.security.privateca.v1beta1.Certificate] or entities in the issuing path have ceased to
// operate.
CESSATION_OF_OPERATION = 5;
// This [Certificate][google.cloud.security.privateca.v1beta1.Certificate] should not be considered valid, it is expected that it
// may become valid in the future.
CERTIFICATE_HOLD = 6;
// This [Certificate][google.cloud.security.privateca.v1beta1.Certificate] no longer has permission to assert the listed
// attributes.
PRIVILEGE_WITHDRAWN = 7;
// The authority which determines appropriate attributes for a [Certificate][google.cloud.security.privateca.v1beta1.Certificate]
// may have been compromised.
ATTRIBUTE_AUTHORITY_COMPROMISE = 8;
}

988
google/cloud/security/privateca/v1beta1/service.proto
Unescape View File

@ -0,0 +1,988 @@
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.cloud.security.privateca.v1beta1;
import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/cloud/security/privateca/v1beta1/resources.proto";
import "google/longrunning/operations.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
option cc_enable_arenas = true;
option csharp_namespace = "Google.Cloud.Security.PrivateCA.V1Beta1";
option go_package = "google.golang.org/genproto/googleapis/cloud/security/privateca/v1beta1;privateca";
option java_multiple_files = true;
option java_outer_classname = "PrivateCaProto";
option java_package = "com.google.cloud.security.privateca.v1beta1";
// [Certificate Authority Service][google.cloud.security.privateca.v1beta1.CertificateAuthorityService] manages private
// certificate authorities and issued certificates.
service CertificateAuthorityService {
option (google.api.default_host) = "privateca.googleapis.com";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
// Lists [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority].
rpc ListCertificateAuthorities(ListCertificateAuthoritiesRequest) returns (ListCertificateAuthoritiesResponse) {
option (google.api.http) = {
get: "/v1beta1/{parent=projects/*/locations/*}/certificateAuthorities"
};
option (google.api.method_signature) = "parent";
}
// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList].
rpc ListCertificateRevocationLists(ListCertificateRevocationListsRequest) returns (ListCertificateRevocationListsResponse) {
option (google.api.http) = {
get: "/v1beta1/{parent=projects/*/locations/*/certificateAuthorities/*}/certificateRevocationLists"
};
option (google.api.method_signature) = "parent";
}
// Lists [Certificates][google.cloud.security.privateca.v1beta1.Certificate].
rpc ListCertificates(ListCertificatesRequest) returns (ListCertificatesResponse) {
option (google.api.http) = {
get: "/v1beta1/{parent=projects/*/locations/*/certificateAuthorities/*}/certificates"
};
option (google.api.method_signature) = "parent";
}
// Lists [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig].
rpc ListReusableConfigs(ListReusableConfigsRequest) returns (ListReusableConfigsResponse) {
option (google.api.http) = {
get: "/v1beta1/{parent=projects/*/locations/*}/reusableConfigs"
};
option (google.api.method_signature) = "parent";
}
// Returns a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
rpc GetCertificateAuthority(GetCertificateAuthorityRequest) returns (CertificateAuthority) {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}"
};
option (google.api.method_signature) = "name";
}
// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList].
rpc GetCertificateRevocationList(GetCertificateRevocationListRequest) returns (CertificateRevocationList) {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*/certificateRevocationLists/*}"
};
option (google.api.method_signature) = "name";
}
// Returns a [Certificate][google.cloud.security.privateca.v1beta1.Certificate].
rpc GetCertificate(GetCertificateRequest) returns (Certificate) {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*/certificates/*}"
};
option (google.api.method_signature) = "name";
}
// Returns a [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig].
rpc GetReusableConfig(GetReusableConfigRequest) returns (ReusableConfig) {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/locations/*/reusableConfigs/*}"
};
option (google.api.method_signature) = "name";
}
// Create a new [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in a given Project and Location.
rpc CreateCertificateAuthority(CreateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1beta1/{parent=projects/*/locations/*}/certificateAuthorities"
body: "certificate_authority"
};
option (google.api.method_signature) = "parent,certificate_authority,certificate_authority_id";
option (google.longrunning.operation_info) = {
response_type: "CertificateAuthority"
metadata_type: "OperationMetadata"
};
}
// Create a new [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] in a given Project, Location
// for a particular [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
rpc CreateCertificateRevocationList(CreateCertificateRevocationListRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1beta1/{parent=projects/*/locations/*/certificateAuthorities/*}/certificateRevocationLists"
body: "certificate_revocation_list"
};
option (google.api.method_signature) = "parent,certificate_revocation_list,certificate_revocation_list_id";
option (google.longrunning.operation_info) = {
response_type: "CertificateRevocationList"
metadata_type: "OperationMetadata"
};
}
// Create a new [Certificate][google.cloud.security.privateca.v1beta1.Certificate] in a given Project, Location from a particular
// [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
rpc CreateCertificate(CreateCertificateRequest) returns (Certificate) {
option (google.api.http) = {
post: "/v1beta1/{parent=projects/*/locations/*/certificateAuthorities/*}/certificates"
body: "certificate"
};
option (google.api.method_signature) = "parent,certificate,certificate_id";
}
// Create a new [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig] in a given Project and Location.
rpc CreateReusableConfig(CreateReusableConfigRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1beta1/{parent=projects/*/locations/*}/reusableConfigs"
body: "reusable_config"
};
option (google.api.method_signature) = "parent,reusable_config,reusable_config_id";
option (google.longrunning.operation_info) = {
response_type: "ReusableConfig"
metadata_type: "OperationMetadata"
};
}
// Update a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
rpc UpdateCertificateAuthority(UpdateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
patch: "/v1beta1/{certificate_authority.name=projects/*/locations/*/certificateAuthorities/*}"
body: "certificate_authority"
};
option (google.api.method_signature) = "certificate_authority,update_mask";
option (google.longrunning.operation_info) = {
response_type: "CertificateAuthority"
metadata_type: "OperationMetadata"
};
}
// Update a [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList].
rpc UpdateCertificateRevocationList(UpdateCertificateRevocationListRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
patch: "/v1beta1/{certificate_revocation_list.name=projects/*/locations/*/certificateAuthorities/*/certificateRevocationLists/*}"
body: "certificate_revocation_list"
};
option (google.api.method_signature) = "certificate_revocation_list,update_mask";
option (google.longrunning.operation_info) = {
response_type: "CertificateRevocationList"
metadata_type: "OperationMetadata"
};
}
// Update a [Certificate][google.cloud.security.privateca.v1beta1.Certificate].
rpc UpdateCertificate(UpdateCertificateRequest) returns (Certificate) {
option (google.api.http) = {
patch: "/v1beta1/{certificate.name=projects/*/locations/*/certificateAuthorities/*/certificates/*}"
body: "certificate"
};
option (google.api.method_signature) = "certificate,update_mask";
}
// Update a [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig].
rpc UpdateReusableConfig(UpdateReusableConfigRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
patch: "/v1beta1/{reusable_config.name=projects/*/locations/*/reusableConfigs/*}"
body: "reusable_config"
};
option (google.api.method_signature) = "reusable_config,update_mask";
option (google.longrunning.operation_info) = {
response_type: "ReusableConfig"
metadata_type: "OperationMetadata"
};
}
// Get the CSR for a pending [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
rpc GetCertificateAuthorityCsr(GetCertificateAuthorityCsrRequest) returns (GetCertificateAuthorityCsrResponse) {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:getCsr"
};
option (google.api.method_signature) = "name";
}
// Activate a pending [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
rpc ActivateCertificateAuthority(ActivateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:activate"
body: "*"
};
option (google.api.method_signature) = "name";
option (google.longrunning.operation_info) = {
response_type: "CertificateAuthority"
metadata_type: "OperationMetadata"
};
}
// Disable a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
rpc DisableCertificateAuthority(DisableCertificateAuthorityRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:disable"
body: "*"
};
option (google.api.method_signature) = "name";
option (google.longrunning.operation_info) = {
response_type: "CertificateAuthority"
metadata_type: "OperationMetadata"
};
}
// Enable a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
rpc EnableCertificateAuthority(EnableCertificateAuthorityRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:enable"
body: "*"
};
option (google.api.method_signature) = "name";
option (google.longrunning.operation_info) = {
response_type: "CertificateAuthority"
metadata_type: "OperationMetadata"
};
}
// Schedule a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] for deletion.
rpc ScheduleDeleteCertificateAuthority(ScheduleDeleteCertificateAuthorityRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:scheduleDelete"
body: "*"
};
option (google.api.method_signature) = "name";
option (google.longrunning.operation_info) = {
response_type: "CertificateAuthority"
metadata_type: "OperationMetadata"
};
}
// Restore a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] that is scheduled for deletion.
rpc RestoreCertificateAuthority(RestoreCertificateAuthorityRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:restore"
body: "*"
};
option (google.api.method_signature) = "name";
option (google.longrunning.operation_info) = {
response_type: "CertificateAuthority"
metadata_type: "OperationMetadata"
};
}
// Revoke a [Certificate][google.cloud.security.privateca.v1beta1.Certificate].
rpc RevokeCertificate(RevokeCertificateRequest) returns (Certificate) {
option (google.api.http) = {
post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*/certificates/*}:revoke"
body: "*"
};
option (google.api.method_signature) = "name";
}
}
// Request message for
// [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateAuthorities].
message ListCertificateAuthoritiesRequest {
// Required. The resource name of the location associated with the
// [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority], in the format
// `projects/*/locations/*`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "locations.googleapis.com/Location"
}
];
// Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority] to
// include in the response.
// Further [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority] can subsequently be
// obtained by including the
// [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
// request. If unspecified, the server will pick an appropriate default.
int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Pagination token, returned earlier via
// [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateAuthoritiesResponse.next_page_token].
string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. Only include resources that match the filter in the response.
string filter = 4 [(google.api.field_behavior) = OPTIONAL];
// Optional. Specify how the results should be sorted.
string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateRevocationLists].
message ListCertificateRevocationListsRequest {
// Required. The resource name of the location associated with the
// [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList], in the format
// `projects/*/locations/*/certificateauthorities/*`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
// Optional. Limit on the number of
// [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList] to include in the
// response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList]
// can subsequently be obtained by including the
// [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
// request. If unspecified, the server will pick an appropriate default.
int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Pagination token, returned earlier via
// [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateRevocationListsResponse.next_page_token].
string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. Only include resources that match the filter in the response.
string filter = 4 [(google.api.field_behavior) = OPTIONAL];
// Optional. Specify how the results should be sorted.
string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificates].
message ListCertificatesRequest {
// Required. The resource name of the location associated with the
// [Certificates][google.cloud.security.privateca.v1beta1.Certificate], in the format
// `projects/*/locations/*/certificateauthorities/*`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
// Optional. Limit on the number of
// [Certificates][google.cloud.security.privateca.v1beta1.Certificate] to include in the
// response. Further [Certificates][google.cloud.security.privateca.v1beta1.Certificate] can subsequently be obtained
// by including the
// [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificatesResponse.next_page_token] in a subsequent
// request. If unspecified, the server will pick an appropriate default.
int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Pagination token, returned earlier via
// [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificatesResponse.next_page_token].
string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. Only include resources that match the filter in the response.
string filter = 4 [(google.api.field_behavior) = OPTIONAL];
// Optional. Specify how the results should be sorted.
string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.ListReusableConfigs][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListReusableConfigs].
message ListReusableConfigsRequest {
// Required. The resource name of the location associated with the
// [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig], in the format
// `projects/*/locations/*`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "locations.googleapis.com/Location"
}
];
// Optional. Limit on the number of
// [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig] to include in the response.
// Further [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig] can subsequently be
// obtained by including the
// [ListReusableConfigsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListReusableConfigsResponse.next_page_token] in a subsequent request. If
// unspecified, the server will pick an appropriate default.
int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Pagination token, returned earlier via
// [ListReusableConfigsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListReusableConfigsResponse.next_page_token].
string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. Only include resources that match the filter in the response.
string filter = 4 [(google.api.field_behavior) = OPTIONAL];
// Optional. Specify how the results should be sorted.
string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
}
// Response message for
// [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateAuthorities].
message ListCertificateAuthoritiesResponse {
// The list of [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority].
repeated CertificateAuthority certificate_authorities = 1;
// A token to retrieve next page of results. Pass this value in
// [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
// page of results.
string next_page_token = 2;
// A list of locations (e.g. "us-west1") that could not be reached.
repeated string unreachable = 3;
}
// Response message for
// [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateRevocationLists].
message ListCertificateRevocationListsResponse {
// The list of [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList].
repeated CertificateRevocationList certificate_revocation_lists = 1;
// A token to retrieve next page of results. Pass this value in
// [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
// next page of results.
string next_page_token = 2;
// A list of locations (e.g. "us-west1") that could not be reached.
repeated string unreachable = 3;
}
// Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificates].
message ListCertificatesResponse {
// The list of [Certificates][google.cloud.security.privateca.v1beta1.Certificate].
repeated Certificate certificates = 1;
// A token to retrieve next page of results. Pass this value in
// [ListCertificatesRequest.next_page_token][] to retrieve the
// next page of results.
string next_page_token = 2;
// A list of locations (e.g. "us-west1") that could not be reached.
repeated string unreachable = 3;
}
// Response message for
// [CertificateAuthorityService.ListReusableConfigs][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListReusableConfigs].
message ListReusableConfigsResponse {
// The list of [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig].
repeated ReusableConfig reusable_configs = 1;
// A token to retrieve next page of results. Pass this value in
// [ListReusableConfigsRequest.next_page_token][] to retrieve
// the next page of results.
string next_page_token = 2;
// A list of locations (e.g. "us-west1") that could not be reached.
repeated string unreachable = 3;
}
// Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificateAuthority].
message GetCertificateAuthorityRequest {
// Required. The [name][google.cloud.security.privateca.v1beta1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] to
// get.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
}
// Request message for
// [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificateRevocationList].
message GetCertificateRevocationListRequest {
// Required. The [name][google.cloud.security.privateca.v1beta1.CertificateRevocationList.name] of the
// [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] to get.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateRevocationList"
}
];
}
// Request message for
// [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificate].
message GetCertificateRequest {
// Required. The [name][google.cloud.security.privateca.v1beta1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1beta1.Certificate] to get.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/Certificate"
}
];
}
// Request message for
// [CertificateAuthorityService.GetReusableConfig][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetReusableConfig].
message GetReusableConfigRequest {
// Required. The [name][ReusableConfigs.name] of the [ReusableConfigs][] to get.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/ReusableConfig"
}
];
}
// Request message for
// [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.CreateCertificateAuthority].
message CreateCertificateAuthorityRequest {
// Required. The resource name of the location associated with the
// [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority], in the format
// `projects/*/locations/*`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "locations.googleapis.com/Location"
}
];
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9-]{1,63}`
string certificate_authority_id = 2 [(google.api.field_behavior) = REQUIRED];
// Required. A [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] with initial field values.
CertificateAuthority certificate_authority = 3 [(google.api.field_behavior) = REQUIRED];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.CreateCertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.CreateCertificateRevocationList].
message CreateCertificateRevocationListRequest {
// Required. The resource name of the location and [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]
// associated with the [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList], in the format
// `projects/*/locations/*/certificateAuthorities/*`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
// Required. It must be unique within a location and match the regular expression
// `[a-zA-Z0-9-]{1,63}`
string certificate_revocation_list_id = 2 [(google.api.field_behavior) = REQUIRED];
// Required. A [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] with initial field values.
CertificateRevocationList certificate_revocation_list = 3 [(google.api.field_behavior) = REQUIRED];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.CreateCertificate].
message CreateCertificateRequest {
// Required. The resource name of the location and [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]
// associated with the [Certificate][google.cloud.security.privateca.v1beta1.Certificate], in the format
// `projects/*/locations/*/certificateAuthorities/*`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9-]{1,63}`
string certificate_id = 2 [(google.api.field_behavior) = REQUIRED];
// Required. A [Certificate][google.cloud.security.privateca.v1beta1.Certificate] with initial field values.
Certificate certificate = 3 [(google.api.field_behavior) = REQUIRED];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.CreateReusableConfig][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.CreateReusableConfig].
message CreateReusableConfigRequest {
// Required. The resource name of the location associated with the
// [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig], in the format
// `projects/*/locations/*`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "locations.googleapis.com/Location"
}
];
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9-]{1,63}`
string reusable_config_id = 2 [(google.api.field_behavior) = REQUIRED];
// Required. A [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig] with initial field values.
ReusableConfig reusable_config = 3 [(google.api.field_behavior) = REQUIRED];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.UpdateCertificateAuthority].
message UpdateCertificateAuthorityRequest {
// Required. [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] with updated values.
CertificateAuthority certificate_authority = 1 [(google.api.field_behavior) = REQUIRED];
// Required. A list of fields to be updated in this request.
google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.UpdateCertificateRevocationList].
message UpdateCertificateRevocationListRequest {
// Required. [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] with updated values.
CertificateRevocationList certificate_revocation_list = 1 [(google.api.field_behavior) = REQUIRED];
// Required. A list of fields to be updated in this request.
google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.UpdateCertificate].
message UpdateCertificateRequest {
// Required. [Certificate][google.cloud.security.privateca.v1beta1.Certificate] with updated values.
Certificate certificate = 1 [(google.api.field_behavior) = REQUIRED];
// Required. A list of fields to be updated in this request.
google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.UpdateReusableConfig][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.UpdateReusableConfig].
message UpdateReusableConfigRequest {
// Required. [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig] with updated values.
ReusableConfig reusable_config = 1 [(google.api.field_behavior) = REQUIRED];
// Required. A list of fields to be updated in this request.
google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.GetCertificateAuthorityCsr][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificateAuthorityCsr].
message GetCertificateAuthorityCsrRequest {
// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
// format `projects/*/locations/*/certificateAuthorities/*`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
}
// Response message for
// [CertificateAuthorityService.GetCertificateAuthorityCsr][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificateAuthorityCsr].
message GetCertificateAuthorityCsrResponse {
// Output only. The PEM-encoded signed certificate signing request (CSR).
string pem_csr = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// Request message for
// [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ActivateCertificateAuthority].
message ActivateCertificateAuthorityRequest {
// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
// format `projects/*/locations/*/certificateAuthorities/*`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
// Required. The signed CA certificate issued from
// [GetCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1beta1.GetCertificateAuthorityCsrResponse.pem_csr].
string pem_ca_certificate = 2 [(google.api.field_behavior) = REQUIRED];
// Required. Must include the issuer of 'pem_ca_certificate', and any further issuers
// until the self-signed CA. Expected to be in issuer-to-root order according
// to RFC 5246.
repeated string pem_ca_certificate_chain = 3 [(google.api.field_behavior) = REQUIRED];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.DisableCertificateAuthority].
message DisableCertificateAuthorityRequest {
// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
// format `projects/*/locations/*/certificateAuthorities/*`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.EnableCertificateAuthority].
message EnableCertificateAuthorityRequest {
// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
// format `projects/*/locations/*/certificateAuthorities/*`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.ScheduleDeleteCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ScheduleDeleteCertificateAuthority].
message ScheduleDeleteCertificateAuthorityRequest {
// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
// format `projects/*/locations/*/certificateAuthorities/*`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.RestoreCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.RestoreCertificateAuthority].
message RestoreCertificateAuthorityRequest {
// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
// format `projects/*/locations/*/certificateAuthorities/*`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CertificateAuthority"
}
];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for
// [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.RevokeCertificate].
message RevokeCertificateRequest {
// Required. The resource name for this [Certificate][google.cloud.security.privateca.v1beta1.Certificate] in the
// format `projects/*/locations/*/certificateAuthorities/*/certificates/*`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/Certificate"
}
];
// Required. The [RevocationReason][google.cloud.security.privateca.v1beta1.RevocationReason] for revoking this certificate.
RevocationReason reason = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. An ID to identify requests. Specify a unique request ID so that if you must
// retry your request, the server will know to ignore the request if it has
// already been completed. The server will guarantee that for at least 60
// minutes since the first request.
//
// For example, consider a situation where you make an initial request and t
// he request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Represents the metadata of the long-running operation.
message OperationMetadata {
// Output only. The time the operation was created.
google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time the operation finished running.
google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Server-defined resource path for the target of the operation.
string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Name of the verb executed by the operation.
string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Human-readable status of the operation, if any.
string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Identifies whether the user has requested cancellation
// of the operation. Operations that have successfully been cancelled
// have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
// corresponding to `Code.CANCELLED`.
bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. API version used to start the operation.
string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
}
Write Preview
Loading…
Cancel
Save