1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.security.privateca.v1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/cloud/security/privateca/v1/resources.proto"; 24import "google/longrunning/operations.proto"; 25import "google/protobuf/empty.proto"; 26import "google/protobuf/field_mask.proto"; 27import "google/protobuf/timestamp.proto"; 28 29option cc_enable_arenas = true; 30option csharp_namespace = "Google.Cloud.Security.PrivateCA.V1"; 31option go_package = "cloud.google.com/go/security/privateca/apiv1/privatecapb;privatecapb"; 32option java_multiple_files = true; 33option java_outer_classname = "PrivateCaProto"; 34option java_package = "com.google.cloud.security.privateca.v1"; 35option php_namespace = "Google\\Cloud\\Security\\PrivateCA\\V1"; 36option ruby_package = "Google::Cloud::Security::PrivateCA::V1"; 37 38// [Certificate Authority 39// Service][google.cloud.security.privateca.v1.CertificateAuthorityService] 40// manages private certificate authorities and issued certificates. 41service CertificateAuthorityService { 42 option (google.api.default_host) = "privateca.googleapis.com"; 43 option (google.api.oauth_scopes) = 44 "https://www.googleapis.com/auth/cloud-platform"; 45 46 // Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] 47 // in a given Project, Location from a particular 48 // [CaPool][google.cloud.security.privateca.v1.CaPool]. 49 rpc CreateCertificate(CreateCertificateRequest) returns (Certificate) { 50 option (google.api.http) = { 51 post: "/v1/{parent=projects/*/locations/*/caPools/*}/certificates" 52 body: "certificate" 53 }; 54 option (google.api.method_signature) = "parent,certificate,certificate_id"; 55 } 56 57 // Returns a [Certificate][google.cloud.security.privateca.v1.Certificate]. 58 rpc GetCertificate(GetCertificateRequest) returns (Certificate) { 59 option (google.api.http) = { 60 get: "/v1/{name=projects/*/locations/*/caPools/*/certificates/*}" 61 }; 62 option (google.api.method_signature) = "name"; 63 } 64 65 // Lists [Certificates][google.cloud.security.privateca.v1.Certificate]. 66 rpc ListCertificates(ListCertificatesRequest) 67 returns (ListCertificatesResponse) { 68 option (google.api.http) = { 69 get: "/v1/{parent=projects/*/locations/*/caPools/*}/certificates" 70 }; 71 option (google.api.method_signature) = "parent"; 72 } 73 74 // Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate]. 75 rpc RevokeCertificate(RevokeCertificateRequest) returns (Certificate) { 76 option (google.api.http) = { 77 post: "/v1/{name=projects/*/locations/*/caPools/*/certificates/*}:revoke" 78 body: "*" 79 }; 80 option (google.api.method_signature) = "name"; 81 } 82 83 // Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. 84 // Currently, the only field you can update is the 85 // [labels][google.cloud.security.privateca.v1.Certificate.labels] field. 86 rpc UpdateCertificate(UpdateCertificateRequest) returns (Certificate) { 87 option (google.api.http) = { 88 patch: "/v1/{certificate.name=projects/*/locations/*/caPools/*/certificates/*}" 89 body: "certificate" 90 }; 91 option (google.api.method_signature) = "certificate,update_mask"; 92 } 93 94 // Activate a 95 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 96 // that is in state 97 // [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION] 98 // and is of type 99 // [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. 100 // After the parent Certificate Authority signs a certificate signing request 101 // from 102 // [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], 103 // this method can complete the activation process. 104 rpc ActivateCertificateAuthority(ActivateCertificateAuthorityRequest) 105 returns (google.longrunning.Operation) { 106 option (google.api.http) = { 107 post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:activate" 108 body: "*" 109 }; 110 option (google.api.method_signature) = "name"; 111 option (google.longrunning.operation_info) = { 112 response_type: "CertificateAuthority" 113 metadata_type: "OperationMetadata" 114 }; 115 } 116 117 // Create a new 118 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 119 // in a given Project and Location. 120 rpc CreateCertificateAuthority(CreateCertificateAuthorityRequest) 121 returns (google.longrunning.Operation) { 122 option (google.api.http) = { 123 post: "/v1/{parent=projects/*/locations/*/caPools/*}/certificateAuthorities" 124 body: "certificate_authority" 125 }; 126 option (google.api.method_signature) = 127 "parent,certificate_authority,certificate_authority_id"; 128 option (google.longrunning.operation_info) = { 129 response_type: "CertificateAuthority" 130 metadata_type: "OperationMetadata" 131 }; 132 } 133 134 // Disable a 135 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. 136 rpc DisableCertificateAuthority(DisableCertificateAuthorityRequest) 137 returns (google.longrunning.Operation) { 138 option (google.api.http) = { 139 post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:disable" 140 body: "*" 141 }; 142 option (google.api.method_signature) = "name"; 143 option (google.longrunning.operation_info) = { 144 response_type: "CertificateAuthority" 145 metadata_type: "OperationMetadata" 146 }; 147 } 148 149 // Enable a 150 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. 151 rpc EnableCertificateAuthority(EnableCertificateAuthorityRequest) 152 returns (google.longrunning.Operation) { 153 option (google.api.http) = { 154 post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:enable" 155 body: "*" 156 }; 157 option (google.api.method_signature) = "name"; 158 option (google.longrunning.operation_info) = { 159 response_type: "CertificateAuthority" 160 metadata_type: "OperationMetadata" 161 }; 162 } 163 164 // Fetch a certificate signing request (CSR) from a 165 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 166 // that is in state 167 // [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION] 168 // and is of type 169 // [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. 170 // The CSR must then be signed by the desired parent Certificate Authority, 171 // which could be another 172 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 173 // resource, or could be an on-prem certificate authority. See also 174 // [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority]. 175 rpc FetchCertificateAuthorityCsr(FetchCertificateAuthorityCsrRequest) 176 returns (FetchCertificateAuthorityCsrResponse) { 177 option (google.api.http) = { 178 get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:fetch" 179 }; 180 option (google.api.method_signature) = "name"; 181 } 182 183 // Returns a 184 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. 185 rpc GetCertificateAuthority(GetCertificateAuthorityRequest) 186 returns (CertificateAuthority) { 187 option (google.api.http) = { 188 get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}" 189 }; 190 option (google.api.method_signature) = "name"; 191 } 192 193 // Lists 194 // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]. 195 rpc ListCertificateAuthorities(ListCertificateAuthoritiesRequest) 196 returns (ListCertificateAuthoritiesResponse) { 197 option (google.api.http) = { 198 get: "/v1/{parent=projects/*/locations/*/caPools/*}/certificateAuthorities" 199 }; 200 option (google.api.method_signature) = "parent"; 201 } 202 203 // Undelete a 204 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 205 // that has been deleted. 206 rpc UndeleteCertificateAuthority(UndeleteCertificateAuthorityRequest) 207 returns (google.longrunning.Operation) { 208 option (google.api.http) = { 209 post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:undelete" 210 body: "*" 211 }; 212 option (google.api.method_signature) = "name"; 213 option (google.longrunning.operation_info) = { 214 response_type: "CertificateAuthority" 215 metadata_type: "OperationMetadata" 216 }; 217 } 218 219 // Delete a 220 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. 221 rpc DeleteCertificateAuthority(DeleteCertificateAuthorityRequest) 222 returns (google.longrunning.Operation) { 223 option (google.api.http) = { 224 delete: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}" 225 }; 226 option (google.api.method_signature) = "name"; 227 option (google.longrunning.operation_info) = { 228 response_type: "CertificateAuthority" 229 metadata_type: "OperationMetadata" 230 }; 231 } 232 233 // Update a 234 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. 235 rpc UpdateCertificateAuthority(UpdateCertificateAuthorityRequest) 236 returns (google.longrunning.Operation) { 237 option (google.api.http) = { 238 patch: "/v1/{certificate_authority.name=projects/*/locations/*/caPools/*/certificateAuthorities/*}" 239 body: "certificate_authority" 240 }; 241 option (google.api.method_signature) = "certificate_authority,update_mask"; 242 option (google.longrunning.operation_info) = { 243 response_type: "CertificateAuthority" 244 metadata_type: "OperationMetadata" 245 }; 246 } 247 248 // Create a [CaPool][google.cloud.security.privateca.v1.CaPool]. 249 rpc CreateCaPool(CreateCaPoolRequest) returns (google.longrunning.Operation) { 250 option (google.api.http) = { 251 post: "/v1/{parent=projects/*/locations/*}/caPools" 252 body: "ca_pool" 253 }; 254 option (google.api.method_signature) = "parent,ca_pool,ca_pool_id"; 255 option (google.longrunning.operation_info) = { 256 response_type: "CaPool" 257 metadata_type: "OperationMetadata" 258 }; 259 } 260 261 // Update a [CaPool][google.cloud.security.privateca.v1.CaPool]. 262 rpc UpdateCaPool(UpdateCaPoolRequest) returns (google.longrunning.Operation) { 263 option (google.api.http) = { 264 patch: "/v1/{ca_pool.name=projects/*/locations/*/caPools/*}" 265 body: "ca_pool" 266 }; 267 option (google.api.method_signature) = "ca_pool,update_mask"; 268 option (google.longrunning.operation_info) = { 269 response_type: "CaPool" 270 metadata_type: "OperationMetadata" 271 }; 272 } 273 274 // Returns a [CaPool][google.cloud.security.privateca.v1.CaPool]. 275 rpc GetCaPool(GetCaPoolRequest) returns (CaPool) { 276 option (google.api.http) = { 277 get: "/v1/{name=projects/*/locations/*/caPools/*}" 278 }; 279 option (google.api.method_signature) = "name"; 280 } 281 282 // Lists [CaPools][google.cloud.security.privateca.v1.CaPool]. 283 rpc ListCaPools(ListCaPoolsRequest) returns (ListCaPoolsResponse) { 284 option (google.api.http) = { 285 get: "/v1/{parent=projects/*/locations/*}/caPools" 286 }; 287 option (google.api.method_signature) = "parent"; 288 } 289 290 // Delete a [CaPool][google.cloud.security.privateca.v1.CaPool]. 291 rpc DeleteCaPool(DeleteCaPoolRequest) returns (google.longrunning.Operation) { 292 option (google.api.http) = { 293 delete: "/v1/{name=projects/*/locations/*/caPools/*}" 294 }; 295 option (google.api.method_signature) = "name"; 296 option (google.longrunning.operation_info) = { 297 response_type: "google.protobuf.Empty" 298 metadata_type: "OperationMetadata" 299 }; 300 } 301 302 // FetchCaCerts returns the current trust anchor for the 303 // [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA 304 // certificate chains for all certificate authorities in the ENABLED, 305 // DISABLED, or STAGED states. 306 rpc FetchCaCerts(FetchCaCertsRequest) returns (FetchCaCertsResponse) { 307 option (google.api.http) = { 308 post: "/v1/{ca_pool=projects/*/locations/*/caPools/*}:fetchCaCerts" 309 body: "*" 310 }; 311 option (google.api.method_signature) = "ca_pool"; 312 } 313 314 // Returns a 315 // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. 316 rpc GetCertificateRevocationList(GetCertificateRevocationListRequest) 317 returns (CertificateRevocationList) { 318 option (google.api.http) = { 319 get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*/certificateRevocationLists/*}" 320 }; 321 option (google.api.method_signature) = "name"; 322 } 323 324 // Lists 325 // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]. 326 rpc ListCertificateRevocationLists(ListCertificateRevocationListsRequest) 327 returns (ListCertificateRevocationListsResponse) { 328 option (google.api.http) = { 329 get: "/v1/{parent=projects/*/locations/*/caPools/*/certificateAuthorities/*}/certificateRevocationLists" 330 }; 331 option (google.api.method_signature) = "parent"; 332 } 333 334 // Update a 335 // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. 336 rpc UpdateCertificateRevocationList(UpdateCertificateRevocationListRequest) 337 returns (google.longrunning.Operation) { 338 option (google.api.http) = { 339 patch: "/v1/{certificate_revocation_list.name=projects/*/locations/*/caPools/*/certificateAuthorities/*/certificateRevocationLists/*}" 340 body: "certificate_revocation_list" 341 }; 342 option (google.api.method_signature) = 343 "certificate_revocation_list,update_mask"; 344 option (google.longrunning.operation_info) = { 345 response_type: "CertificateRevocationList" 346 metadata_type: "OperationMetadata" 347 }; 348 } 349 350 // Create a new 351 // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] 352 // in a given Project and Location. 353 rpc CreateCertificateTemplate(CreateCertificateTemplateRequest) 354 returns (google.longrunning.Operation) { 355 option (google.api.http) = { 356 post: "/v1/{parent=projects/*/locations/*}/certificateTemplates" 357 body: "certificate_template" 358 }; 359 option (google.api.method_signature) = 360 "parent,certificate_template,certificate_template_id"; 361 option (google.longrunning.operation_info) = { 362 response_type: "CertificateTemplate" 363 metadata_type: "OperationMetadata" 364 }; 365 } 366 367 // DeleteCertificateTemplate deletes a 368 // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. 369 rpc DeleteCertificateTemplate(DeleteCertificateTemplateRequest) 370 returns (google.longrunning.Operation) { 371 option (google.api.http) = { 372 delete: "/v1/{name=projects/*/locations/*/certificateTemplates/*}" 373 }; 374 option (google.api.method_signature) = "name"; 375 option (google.longrunning.operation_info) = { 376 response_type: "google.protobuf.Empty" 377 metadata_type: "google.cloud.security.privateca.v1.OperationMetadata" 378 }; 379 } 380 381 // Returns a 382 // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. 383 rpc GetCertificateTemplate(GetCertificateTemplateRequest) 384 returns (CertificateTemplate) { 385 option (google.api.http) = { 386 get: "/v1/{name=projects/*/locations/*/certificateTemplates/*}" 387 }; 388 option (google.api.method_signature) = "name"; 389 } 390 391 // Lists 392 // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]. 393 rpc ListCertificateTemplates(ListCertificateTemplatesRequest) 394 returns (ListCertificateTemplatesResponse) { 395 option (google.api.http) = { 396 get: "/v1/{parent=projects/*/locations/*}/certificateTemplates" 397 }; 398 option (google.api.method_signature) = "parent"; 399 } 400 401 // Update a 402 // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. 403 rpc UpdateCertificateTemplate(UpdateCertificateTemplateRequest) 404 returns (google.longrunning.Operation) { 405 option (google.api.http) = { 406 patch: "/v1/{certificate_template.name=projects/*/locations/*/certificateTemplates/*}" 407 body: "certificate_template" 408 }; 409 option (google.api.method_signature) = "certificate_template,update_mask"; 410 option (google.longrunning.operation_info) = { 411 response_type: "CertificateTemplate" 412 metadata_type: "OperationMetadata" 413 }; 414 } 415} 416 417// Request message for 418// [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate]. 419message CreateCertificateRequest { 420 // Required. The resource name of the 421 // [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the 422 // [Certificate][google.cloud.security.privateca.v1.Certificate], in the 423 // format `projects/*/locations/*/caPools/*`. 424 string parent = 1 [ 425 (google.api.field_behavior) = REQUIRED, 426 (google.api.resource_reference) = { 427 type: "privateca.googleapis.com/CaPool" 428 } 429 ]; 430 431 // Optional. It must be unique within a location and match the regular 432 // expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a 433 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 434 // in the Enterprise [CertificateAuthority.Tier][], but is optional and its 435 // value is ignored otherwise. 436 string certificate_id = 2 [(google.api.field_behavior) = OPTIONAL]; 437 438 // Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] 439 // with initial field values. 440 Certificate certificate = 3 [(google.api.field_behavior) = REQUIRED]; 441 442 // Optional. An ID to identify requests. Specify a unique request ID so that 443 // if you must retry your request, the server will know to ignore the request 444 // if it has already been completed. The server will guarantee that for at 445 // least 60 minutes since the first request. 446 // 447 // For example, consider a situation where you make an initial request and the 448 // request times out. If you make the request again with the same request ID, 449 // the server can check if original operation with the same request ID was 450 // received, and if so, will ignore the second request. This prevents clients 451 // from accidentally creating duplicate commitments. 452 // 453 // The request ID must be a valid UUID with the exception that zero UUID is 454 // not supported (00000000-0000-0000-0000-000000000000). 455 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 456 457 // Optional. If this is true, no 458 // [Certificate][google.cloud.security.privateca.v1.Certificate] resource will 459 // be persisted regardless of the 460 // [CaPool][google.cloud.security.privateca.v1.CaPool]'s 461 // [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned 462 // [Certificate][google.cloud.security.privateca.v1.Certificate] will not 463 // contain the 464 // [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] 465 // field. 466 bool validate_only = 5 [(google.api.field_behavior) = OPTIONAL]; 467 468 // Optional. The resource ID of the 469 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 470 // that should issue the certificate. This optional field will ignore the 471 // load-balancing scheme of the Pool and directly issue the certificate from 472 // the CA with the specified ID, contained in the same 473 // [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. 474 // Per-CA quota rules apply. If left empty, a 475 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 476 // will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool] 477 // by the service. For example, to issue a 478 // [Certificate][google.cloud.security.privateca.v1.Certificate] from a 479 // Certificate Authority with resource name 480 // "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca", 481 // you can set the 482 // [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] 483 // to "projects/my-project/locations/us-central1/caPools/my-pool" and the 484 // [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] 485 // to "my-ca". 486 string issuing_certificate_authority_id = 6 487 [(google.api.field_behavior) = OPTIONAL]; 488} 489 490// Request message for 491// [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate]. 492message GetCertificateRequest { 493 // Required. The [name][google.cloud.security.privateca.v1.Certificate.name] 494 // of the [Certificate][google.cloud.security.privateca.v1.Certificate] to 495 // get. 496 string name = 1 [ 497 (google.api.field_behavior) = REQUIRED, 498 (google.api.resource_reference) = { 499 type: "privateca.googleapis.com/Certificate" 500 } 501 ]; 502} 503 504// Request message for 505// [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates]. 506message ListCertificatesRequest { 507 // Required. The resource name of the location associated with the 508 // [Certificates][google.cloud.security.privateca.v1.Certificate], in the 509 // format `projects/*/locations/*/caPools/*`. 510 string parent = 1 [ 511 (google.api.field_behavior) = REQUIRED, 512 (google.api.resource_reference) = { 513 type: "privateca.googleapis.com/CaPool" 514 } 515 ]; 516 517 // Optional. Limit on the number of 518 // [Certificates][google.cloud.security.privateca.v1.Certificate] to include 519 // in the response. Further 520 // [Certificates][google.cloud.security.privateca.v1.Certificate] can 521 // subsequently be obtained by including the 522 // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] 523 // in a subsequent request. If unspecified, the server will pick an 524 // appropriate default. 525 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 526 527 // Optional. Pagination token, returned earlier via 528 // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]. 529 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 530 531 // Optional. Only include resources that match the filter in the response. For 532 // details on supported filters and syntax, see [Certificates Filtering 533 // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support). 534 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 535 536 // Optional. Specify how the results should be sorted. For details on 537 // supported fields and syntax, see [Certificates Sorting 538 // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support). 539 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 540} 541 542// Response message for 543// [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates]. 544message ListCertificatesResponse { 545 // The list of [Certificates][google.cloud.security.privateca.v1.Certificate]. 546 repeated Certificate certificates = 1; 547 548 // A token to retrieve next page of results. Pass this value in 549 // [ListCertificatesRequest.next_page_token][] to retrieve the 550 // next page of results. 551 string next_page_token = 2; 552 553 // A list of locations (e.g. "us-west1") that could not be reached. 554 repeated string unreachable = 3; 555} 556 557// Request message for 558// [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.RevokeCertificate]. 559message RevokeCertificateRequest { 560 // Required. The resource name for this 561 // [Certificate][google.cloud.security.privateca.v1.Certificate] in the format 562 // `projects/*/locations/*/caPools/*/certificates/*`. 563 string name = 1 [ 564 (google.api.field_behavior) = REQUIRED, 565 (google.api.resource_reference) = { 566 type: "privateca.googleapis.com/Certificate" 567 } 568 ]; 569 570 // Required. The 571 // [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for 572 // revoking this certificate. 573 RevocationReason reason = 2 [(google.api.field_behavior) = REQUIRED]; 574 575 // Optional. An ID to identify requests. Specify a unique request ID so that 576 // if you must retry your request, the server will know to ignore the request 577 // if it has already been completed. The server will guarantee that for at 578 // least 60 minutes since the first request. 579 // 580 // For example, consider a situation where you make an initial request and 581 // the request times out. If you make the request again with the same request 582 // ID, the server can check if original operation with the same request ID 583 // was received, and if so, will ignore the second request. This prevents 584 // clients from accidentally creating duplicate commitments. 585 // 586 // The request ID must be a valid UUID with the exception that zero UUID is 587 // not supported (00000000-0000-0000-0000-000000000000). 588 string request_id = 3 [(google.api.field_behavior) = OPTIONAL]; 589} 590 591// Request message for 592// [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate]. 593message UpdateCertificateRequest { 594 // Required. [Certificate][google.cloud.security.privateca.v1.Certificate] 595 // with updated values. 596 Certificate certificate = 1 [(google.api.field_behavior) = REQUIRED]; 597 598 // Required. A list of fields to be updated in this request. 599 google.protobuf.FieldMask update_mask = 2 600 [(google.api.field_behavior) = REQUIRED]; 601 602 // Optional. An ID to identify requests. Specify a unique request ID so that 603 // if you must retry your request, the server will know to ignore the request 604 // if it has already been completed. The server will guarantee that for at 605 // least 60 minutes since the first request. 606 // 607 // For example, consider a situation where you make an initial request and 608 // the request times out. If you make the request again with the same request 609 // ID, the server can check if original operation with the same request ID 610 // was received, and if so, will ignore the second request. This prevents 611 // clients from accidentally creating duplicate commitments. 612 // 613 // The request ID must be a valid UUID with the exception that zero UUID is 614 // not supported (00000000-0000-0000-0000-000000000000). 615 string request_id = 3 [(google.api.field_behavior) = OPTIONAL]; 616} 617 618// Request message for 619// [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority]. 620message ActivateCertificateAuthorityRequest { 621 // Required. The resource name for this 622 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 623 // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. 624 string name = 1 [ 625 (google.api.field_behavior) = REQUIRED, 626 (google.api.resource_reference) = { 627 type: "privateca.googleapis.com/CertificateAuthority" 628 } 629 ]; 630 631 // Required. The signed CA certificate issued from 632 // [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr]. 633 string pem_ca_certificate = 2 [(google.api.field_behavior) = REQUIRED]; 634 635 // Required. Must include information about the issuer of 636 // 'pem_ca_certificate', and any further issuers until the self-signed CA. 637 SubordinateConfig subordinate_config = 3 638 [(google.api.field_behavior) = REQUIRED]; 639 640 // Optional. An ID to identify requests. Specify a unique request ID so that 641 // if you must retry your request, the server will know to ignore the request 642 // if it has already been completed. The server will guarantee that for at 643 // least 60 minutes since the first request. 644 // 645 // For example, consider a situation where you make an initial request and 646 // the request times out. If you make the request again with the same request 647 // ID, the server can check if original operation with the same request ID 648 // was received, and if so, will ignore the second request. This prevents 649 // clients from accidentally creating duplicate commitments. 650 // 651 // The request ID must be a valid UUID with the exception that zero UUID is 652 // not supported (00000000-0000-0000-0000-000000000000). 653 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 654} 655 656// Request message for 657// [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority]. 658message CreateCertificateAuthorityRequest { 659 // Required. The resource name of the 660 // [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the 661 // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], 662 // in the format `projects/*/locations/*/caPools/*`. 663 string parent = 1 [ 664 (google.api.field_behavior) = REQUIRED, 665 (google.api.resource_reference) = { 666 type: "privateca.googleapis.com/CaPool" 667 } 668 ]; 669 670 // Required. It must be unique within a location and match the regular 671 // expression `[a-zA-Z0-9_-]{1,63}` 672 string certificate_authority_id = 2 [(google.api.field_behavior) = REQUIRED]; 673 674 // Required. A 675 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 676 // with initial field values. 677 CertificateAuthority certificate_authority = 3 678 [(google.api.field_behavior) = REQUIRED]; 679 680 // Optional. An ID to identify requests. Specify a unique request ID so that 681 // if you must retry your request, the server will know to ignore the request 682 // if it has already been completed. The server will guarantee that for at 683 // least 60 minutes since the first request. 684 // 685 // For example, consider a situation where you make an initial request and 686 // the request times out. If you make the request again with the same request 687 // ID, the server can check if original operation with the same request ID 688 // was received, and if so, will ignore the second request. This prevents 689 // clients from accidentally creating duplicate commitments. 690 // 691 // The request ID must be a valid UUID with the exception that zero UUID is 692 // not supported (00000000-0000-0000-0000-000000000000). 693 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 694} 695 696// Request message for 697// [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority]. 698message DisableCertificateAuthorityRequest { 699 // Required. The resource name for this 700 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 701 // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. 702 string name = 1 [ 703 (google.api.field_behavior) = REQUIRED, 704 (google.api.resource_reference) = { 705 type: "privateca.googleapis.com/CertificateAuthority" 706 } 707 ]; 708 709 // Optional. An ID to identify requests. Specify a unique request ID so that 710 // if you must retry your request, the server will know to ignore the request 711 // if it has already been completed. The server will guarantee that for at 712 // least 60 minutes since the first request. 713 // 714 // For example, consider a situation where you make an initial request and 715 // the request times out. If you make the request again with the same request 716 // ID, the server can check if original operation with the same request ID 717 // was received, and if so, will ignore the second request. This prevents 718 // clients from accidentally creating duplicate commitments. 719 // 720 // The request ID must be a valid UUID with the exception that zero UUID is 721 // not supported (00000000-0000-0000-0000-000000000000). 722 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 723 724 // Optional. This field allows this CA to be disabled even if it's being 725 // depended on by another resource. However, doing so may result in unintended 726 // and unrecoverable effects on any dependent resources since the CA will 727 // no longer be able to issue certificates. 728 bool ignore_dependent_resources = 3 [(google.api.field_behavior) = OPTIONAL]; 729} 730 731// Request message for 732// [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority]. 733message EnableCertificateAuthorityRequest { 734 // Required. The resource name for this 735 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 736 // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. 737 string name = 1 [ 738 (google.api.field_behavior) = REQUIRED, 739 (google.api.resource_reference) = { 740 type: "privateca.googleapis.com/CertificateAuthority" 741 } 742 ]; 743 744 // Optional. An ID to identify requests. Specify a unique request ID so that 745 // if you must retry your request, the server will know to ignore the request 746 // if it has already been completed. The server will guarantee that for at 747 // least 60 minutes since the first request. 748 // 749 // For example, consider a situation where you make an initial request and 750 // the request times out. If you make the request again with the same request 751 // ID, the server can check if original operation with the same request ID 752 // was received, and if so, will ignore the second request. This prevents 753 // clients from accidentally creating duplicate commitments. 754 // 755 // The request ID must be a valid UUID with the exception that zero UUID is 756 // not supported (00000000-0000-0000-0000-000000000000). 757 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 758} 759 760// Request message for 761// [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr]. 762message FetchCertificateAuthorityCsrRequest { 763 // Required. The resource name for this 764 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 765 // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. 766 string name = 1 [ 767 (google.api.field_behavior) = REQUIRED, 768 (google.api.resource_reference) = { 769 type: "privateca.googleapis.com/CertificateAuthority" 770 } 771 ]; 772} 773 774// Response message for 775// [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr]. 776message FetchCertificateAuthorityCsrResponse { 777 // Output only. The PEM-encoded signed certificate signing request (CSR). 778 string pem_csr = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 779} 780 781// Request message for 782// [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority]. 783message GetCertificateAuthorityRequest { 784 // Required. The 785 // [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the 786 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 787 // to get. 788 string name = 1 [ 789 (google.api.field_behavior) = REQUIRED, 790 (google.api.resource_reference) = { 791 type: "privateca.googleapis.com/CertificateAuthority" 792 } 793 ]; 794} 795 796// Request message for 797// [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities]. 798message ListCertificateAuthoritiesRequest { 799 // Required. The resource name of the 800 // [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the 801 // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], 802 // in the format `projects/*/locations/*/caPools/*`. 803 string parent = 1 [ 804 (google.api.field_behavior) = REQUIRED, 805 (google.api.resource_reference) = { 806 type: "privateca.googleapis.com/CaPool" 807 } 808 ]; 809 810 // Optional. Limit on the number of 811 // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] 812 // to include in the response. Further 813 // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] 814 // can subsequently be obtained by including the 815 // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] 816 // in a subsequent request. If unspecified, the server will pick an 817 // appropriate default. 818 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 819 820 // Optional. Pagination token, returned earlier via 821 // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]. 822 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 823 824 // Optional. Only include resources that match the filter in the response. 825 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 826 827 // Optional. Specify how the results should be sorted. 828 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 829} 830 831// Response message for 832// [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities]. 833message ListCertificateAuthoritiesResponse { 834 // The list of 835 // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]. 836 repeated CertificateAuthority certificate_authorities = 1; 837 838 // A token to retrieve next page of results. Pass this value in 839 // [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next 840 // page of results. 841 string next_page_token = 2; 842 843 // A list of locations (e.g. "us-west1") that could not be reached. 844 repeated string unreachable = 3; 845} 846 847// Request message for 848// [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority]. 849message UndeleteCertificateAuthorityRequest { 850 // Required. The resource name for this 851 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 852 // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. 853 string name = 1 [ 854 (google.api.field_behavior) = REQUIRED, 855 (google.api.resource_reference) = { 856 type: "privateca.googleapis.com/CertificateAuthority" 857 } 858 ]; 859 860 // Optional. An ID to identify requests. Specify a unique request ID so that 861 // if you must retry your request, the server will know to ignore the request 862 // if it has already been completed. The server will guarantee that for at 863 // least 60 minutes since the first request. 864 // 865 // For example, consider a situation where you make an initial request and 866 // the request times out. If you make the request again with the same request 867 // ID, the server can check if original operation with the same request ID 868 // was received, and if so, will ignore the second request. This prevents 869 // clients from accidentally creating duplicate commitments. 870 // 871 // The request ID must be a valid UUID with the exception that zero UUID is 872 // not supported (00000000-0000-0000-0000-000000000000). 873 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 874} 875 876// Request message for 877// [CertificateAuthorityService.DeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority]. 878message DeleteCertificateAuthorityRequest { 879 // Required. The resource name for this 880 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 881 // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. 882 string name = 1 [ 883 (google.api.field_behavior) = REQUIRED, 884 (google.api.resource_reference) = { 885 type: "privateca.googleapis.com/CertificateAuthority" 886 } 887 ]; 888 889 // Optional. An ID to identify requests. Specify a unique request ID so that 890 // if you must retry your request, the server will know to ignore the request 891 // if it has already been completed. The server will guarantee that for at 892 // least 60 minutes since the first request. 893 // 894 // For example, consider a situation where you make an initial request and 895 // the request times out. If you make the request again with the same request 896 // ID, the server can check if original operation with the same request ID 897 // was received, and if so, will ignore the second request. This prevents 898 // clients from accidentally creating duplicate commitments. 899 // 900 // The request ID must be a valid UUID with the exception that zero UUID is 901 // not supported (00000000-0000-0000-0000-000000000000). 902 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 903 904 // Optional. This field allows the CA to be deleted even if the CA has 905 // active certs. Active certs include both unrevoked and unexpired certs. 906 bool ignore_active_certificates = 4 [(google.api.field_behavior) = OPTIONAL]; 907 908 // Optional. If this flag is set, the Certificate Authority will be deleted as 909 // soon as possible without a 30-day grace period where undeletion would have 910 // been allowed. If you proceed, there will be no way to recover this CA. 911 bool skip_grace_period = 5 [(google.api.field_behavior) = OPTIONAL]; 912 913 // Optional. This field allows this CA to be deleted even if it's being 914 // depended on by another resource. However, doing so may result in unintended 915 // and unrecoverable effects on any dependent resources since the CA will 916 // no longer be able to issue certificates. 917 bool ignore_dependent_resources = 6 [(google.api.field_behavior) = OPTIONAL]; 918} 919 920// Request message for 921// [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateAuthority]. 922message UpdateCertificateAuthorityRequest { 923 // Required. 924 // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] 925 // with updated values. 926 CertificateAuthority certificate_authority = 1 927 [(google.api.field_behavior) = REQUIRED]; 928 929 // Required. A list of fields to be updated in this request. 930 google.protobuf.FieldMask update_mask = 2 931 [(google.api.field_behavior) = REQUIRED]; 932 933 // Optional. An ID to identify requests. Specify a unique request ID so that 934 // if you must retry your request, the server will know to ignore the request 935 // if it has already been completed. The server will guarantee that for at 936 // least 60 minutes since the first request. 937 // 938 // For example, consider a situation where you make an initial request and 939 // the request times out. If you make the request again with the same request 940 // ID, the server can check if original operation with the same request ID 941 // was received, and if so, will ignore the second request. This prevents 942 // clients from accidentally creating duplicate commitments. 943 // 944 // The request ID must be a valid UUID with the exception that zero UUID is 945 // not supported (00000000-0000-0000-0000-000000000000). 946 string request_id = 3 [(google.api.field_behavior) = OPTIONAL]; 947} 948 949// Request message for 950// [CertificateAuthorityService.CreateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool]. 951message CreateCaPoolRequest { 952 // Required. The resource name of the location associated with the 953 // [CaPool][google.cloud.security.privateca.v1.CaPool], in the format 954 // `projects/*/locations/*`. 955 string parent = 1 [ 956 (google.api.field_behavior) = REQUIRED, 957 (google.api.resource_reference) = { 958 type: "locations.googleapis.com/Location" 959 } 960 ]; 961 962 // Required. It must be unique within a location and match the regular 963 // expression `[a-zA-Z0-9_-]{1,63}` 964 string ca_pool_id = 2 [(google.api.field_behavior) = REQUIRED]; 965 966 // Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with 967 // initial field values. 968 CaPool ca_pool = 3 [(google.api.field_behavior) = REQUIRED]; 969 970 // Optional. An ID to identify requests. Specify a unique request ID so that 971 // if you must retry your request, the server will know to ignore the request 972 // if it has already been completed. The server will guarantee that for at 973 // least 60 minutes since the first request. 974 // 975 // For example, consider a situation where you make an initial request and 976 // the request times out. If you make the request again with the same request 977 // ID, the server can check if original operation with the same request ID 978 // was received, and if so, will ignore the second request. This prevents 979 // clients from accidentally creating duplicate commitments. 980 // 981 // The request ID must be a valid UUID with the exception that zero UUID is 982 // not supported (00000000-0000-0000-0000-000000000000). 983 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 984} 985 986// Request message for 987// [CertificateAuthorityService.UpdateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCaPool]. 988message UpdateCaPoolRequest { 989 // Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated 990 // values. 991 CaPool ca_pool = 1 [(google.api.field_behavior) = REQUIRED]; 992 993 // Required. A list of fields to be updated in this request. 994 google.protobuf.FieldMask update_mask = 2 995 [(google.api.field_behavior) = REQUIRED]; 996 997 // Optional. An ID to identify requests. Specify a unique request ID so that 998 // if you must retry your request, the server will know to ignore the request 999 // if it has already been completed. The server will guarantee that for at 1000 // least 60 minutes since the first request. 1001 // 1002 // For example, consider a situation where you make an initial request and 1003 // the request times out. If you make the request again with the same request 1004 // ID, the server can check if original operation with the same request ID 1005 // was received, and if so, will ignore the second request. This prevents 1006 // clients from accidentally creating duplicate commitments. 1007 // 1008 // The request ID must be a valid UUID with the exception that zero UUID is 1009 // not supported (00000000-0000-0000-0000-000000000000). 1010 string request_id = 3 [(google.api.field_behavior) = OPTIONAL]; 1011} 1012 1013// Request message for 1014// [CertificateAuthorityService.DeleteCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool]. 1015message DeleteCaPoolRequest { 1016 // Required. The resource name for this 1017 // [CaPool][google.cloud.security.privateca.v1.CaPool] in the format 1018 // `projects/*/locations/*/caPools/*`. 1019 string name = 1 [ 1020 (google.api.field_behavior) = REQUIRED, 1021 (google.api.resource_reference) = { 1022 type: "privateca.googleapis.com/CaPool" 1023 } 1024 ]; 1025 1026 // Optional. An ID to identify requests. Specify a unique request ID so that 1027 // if you must retry your request, the server will know to ignore the request 1028 // if it has already been completed. The server will guarantee that for at 1029 // least 60 minutes since the first request. 1030 // 1031 // For example, consider a situation where you make an initial request and 1032 // the request times out. If you make the request again with the same request 1033 // ID, the server can check if original operation with the same request ID 1034 // was received, and if so, will ignore the second request. This prevents 1035 // clients from accidentally creating duplicate commitments. 1036 // 1037 // The request ID must be a valid UUID with the exception that zero UUID is 1038 // not supported (00000000-0000-0000-0000-000000000000). 1039 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 1040 1041 // Optional. This field allows this pool to be deleted even if it's being 1042 // depended on by another resource. However, doing so may result in unintended 1043 // and unrecoverable effects on any dependent resources since the pool will 1044 // no longer be able to issue certificates. 1045 bool ignore_dependent_resources = 4 [(google.api.field_behavior) = OPTIONAL]; 1046} 1047 1048// Request message for 1049// [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts]. 1050message FetchCaCertsRequest { 1051 // Required. The resource name for the 1052 // [CaPool][google.cloud.security.privateca.v1.CaPool] in the format 1053 // `projects/*/locations/*/caPools/*`. 1054 string ca_pool = 1 [ 1055 (google.api.field_behavior) = REQUIRED, 1056 (google.api.resource_reference) = { 1057 type: "privateca.googleapis.com/CaPool" 1058 } 1059 ]; 1060 1061 // Optional. An ID to identify requests. Specify a unique request ID so that 1062 // if you must retry your request, the server will know to ignore the request 1063 // if it has already been completed. The server will guarantee that for at 1064 // least 60 minutes since the first request. 1065 // 1066 // For example, consider a situation where you make an initial request and 1067 // the request times out. If you make the request again with the same request 1068 // ID, the server can check if original operation with the same request ID 1069 // was received, and if so, will ignore the second request. This prevents 1070 // clients from accidentally creating duplicate commitments. 1071 // 1072 // The request ID must be a valid UUID with the exception that zero UUID is 1073 // not supported (00000000-0000-0000-0000-000000000000). 1074 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 1075} 1076 1077// Response message for 1078// [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts]. 1079message FetchCaCertsResponse { 1080 message CertChain { 1081 // The certificates that form the CA chain, from leaf to root order. 1082 repeated string certificates = 1; 1083 } 1084 1085 // The PEM encoded CA certificate chains of all certificate authorities in 1086 // this [CaPool][google.cloud.security.privateca.v1.CaPool] in the ENABLED, 1087 // DISABLED, or STAGED states. 1088 repeated CertChain ca_certs = 1; 1089} 1090 1091// Request message for 1092// [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool]. 1093message GetCaPoolRequest { 1094 // Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the 1095 // [CaPool][google.cloud.security.privateca.v1.CaPool] to get. 1096 string name = 1 [ 1097 (google.api.field_behavior) = REQUIRED, 1098 (google.api.resource_reference) = { 1099 type: "privateca.googleapis.com/CaPool" 1100 } 1101 ]; 1102} 1103 1104// Request message for 1105// [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools]. 1106message ListCaPoolsRequest { 1107 // Required. The resource name of the location associated with the 1108 // [CaPools][google.cloud.security.privateca.v1.CaPool], in the format 1109 // `projects/*/locations/*`. 1110 string parent = 1 [ 1111 (google.api.field_behavior) = REQUIRED, 1112 (google.api.resource_reference) = { 1113 type: "locations.googleapis.com/Location" 1114 } 1115 ]; 1116 1117 // Optional. Limit on the number of 1118 // [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the 1119 // response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can 1120 // subsequently be obtained by including the 1121 // [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] 1122 // in a subsequent request. If unspecified, the server will pick an 1123 // appropriate default. 1124 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 1125 1126 // Optional. Pagination token, returned earlier via 1127 // [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]. 1128 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 1129 1130 // Optional. Only include resources that match the filter in the response. 1131 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 1132 1133 // Optional. Specify how the results should be sorted. 1134 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 1135} 1136 1137// Response message for 1138// [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools]. 1139message ListCaPoolsResponse { 1140 // The list of [CaPools][google.cloud.security.privateca.v1.CaPool]. 1141 repeated CaPool ca_pools = 1; 1142 1143 // A token to retrieve next page of results. Pass this value in 1144 // [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next 1145 // page of results. 1146 string next_page_token = 2; 1147 1148 // A list of locations (e.g. "us-west1") that could not be reached. 1149 repeated string unreachable = 3; 1150} 1151 1152// Request message for 1153// [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList]. 1154message GetCertificateRevocationListRequest { 1155 // Required. The 1156 // [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] 1157 // of the 1158 // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] 1159 // to get. 1160 string name = 1 [ 1161 (google.api.field_behavior) = REQUIRED, 1162 (google.api.resource_reference) = { 1163 type: "privateca.googleapis.com/CertificateRevocationList" 1164 } 1165 ]; 1166} 1167 1168// Request message for 1169// [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists]. 1170message ListCertificateRevocationListsRequest { 1171 // Required. The resource name of the location associated with the 1172 // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], 1173 // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. 1174 string parent = 1 [ 1175 (google.api.field_behavior) = REQUIRED, 1176 (google.api.resource_reference) = { 1177 type: "privateca.googleapis.com/CertificateAuthority" 1178 } 1179 ]; 1180 1181 // Optional. Limit on the number of 1182 // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] 1183 // to include in the response. Further 1184 // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] 1185 // can subsequently be obtained by including the 1186 // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] 1187 // in a subsequent request. If unspecified, the server will pick an 1188 // appropriate default. 1189 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 1190 1191 // Optional. Pagination token, returned earlier via 1192 // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]. 1193 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 1194 1195 // Optional. Only include resources that match the filter in the response. 1196 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 1197 1198 // Optional. Specify how the results should be sorted. 1199 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 1200} 1201 1202// Response message for 1203// [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists]. 1204message ListCertificateRevocationListsResponse { 1205 // The list of 1206 // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]. 1207 repeated CertificateRevocationList certificate_revocation_lists = 1; 1208 1209 // A token to retrieve next page of results. Pass this value in 1210 // [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the 1211 // next page of results. 1212 string next_page_token = 2; 1213 1214 // A list of locations (e.g. "us-west1") that could not be reached. 1215 repeated string unreachable = 3; 1216} 1217 1218// Request message for 1219// [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateRevocationList]. 1220message UpdateCertificateRevocationListRequest { 1221 // Required. 1222 // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] 1223 // with updated values. 1224 CertificateRevocationList certificate_revocation_list = 1 1225 [(google.api.field_behavior) = REQUIRED]; 1226 1227 // Required. A list of fields to be updated in this request. 1228 google.protobuf.FieldMask update_mask = 2 1229 [(google.api.field_behavior) = REQUIRED]; 1230 1231 // Optional. An ID to identify requests. Specify a unique request ID so that 1232 // if you must retry your request, the server will know to ignore the request 1233 // if it has already been completed. The server will guarantee that for at 1234 // least 60 minutes since the first request. 1235 // 1236 // For example, consider a situation where you make an initial request and 1237 // the request times out. If you make the request again with the same request 1238 // ID, the server can check if original operation with the same request ID 1239 // was received, and if so, will ignore the second request. This prevents 1240 // clients from accidentally creating duplicate commitments. 1241 // 1242 // The request ID must be a valid UUID with the exception that zero UUID is 1243 // not supported (00000000-0000-0000-0000-000000000000). 1244 string request_id = 3 [(google.api.field_behavior) = OPTIONAL]; 1245} 1246 1247// Request message for 1248// [CertificateAuthorityService.CreateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate]. 1249message CreateCertificateTemplateRequest { 1250 // Required. The resource name of the location associated with the 1251 // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], 1252 // in the format `projects/*/locations/*`. 1253 string parent = 1 [ 1254 (google.api.field_behavior) = REQUIRED, 1255 (google.api.resource_reference) = { 1256 type: "locations.googleapis.com/Location" 1257 } 1258 ]; 1259 1260 // Required. It must be unique within a location and match the regular 1261 // expression `[a-zA-Z0-9_-]{1,63}` 1262 string certificate_template_id = 2 [(google.api.field_behavior) = REQUIRED]; 1263 1264 // Required. A 1265 // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] 1266 // with initial field values. 1267 CertificateTemplate certificate_template = 3 1268 [(google.api.field_behavior) = REQUIRED]; 1269 1270 // Optional. An ID to identify requests. Specify a unique request ID so that 1271 // if you must retry your request, the server will know to ignore the request 1272 // if it has already been completed. The server will guarantee that for at 1273 // least 60 minutes since the first request. 1274 // 1275 // For example, consider a situation where you make an initial request and 1276 // the request times out. If you make the request again with the same request 1277 // ID, the server can check if original operation with the same request ID 1278 // was received, and if so, will ignore the second request. This prevents 1279 // clients from accidentally creating duplicate commitments. 1280 // 1281 // The request ID must be a valid UUID with the exception that zero UUID is 1282 // not supported (00000000-0000-0000-0000-000000000000). 1283 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 1284} 1285 1286// Request message for 1287// [CertificateAuthorityService.DeleteCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate]. 1288message DeleteCertificateTemplateRequest { 1289 // Required. The resource name for this 1290 // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] 1291 // in the format `projects/*/locations/*/certificateTemplates/*`. 1292 string name = 1 [ 1293 (google.api.field_behavior) = REQUIRED, 1294 (google.api.resource_reference) = { 1295 type: "privateca.googleapis.com/CertificateTemplate" 1296 } 1297 ]; 1298 1299 // Optional. An ID to identify requests. Specify a unique request ID so that 1300 // if you must retry your request, the server will know to ignore the request 1301 // if it has already been completed. The server will guarantee that for at 1302 // least 60 minutes since the first request. 1303 // 1304 // For example, consider a situation where you make an initial request and 1305 // the request times out. If you make the request again with the same request 1306 // ID, the server can check if original operation with the same request ID 1307 // was received, and if so, will ignore the second request. This prevents 1308 // clients from accidentally creating duplicate commitments. 1309 // 1310 // The request ID must be a valid UUID with the exception that zero UUID is 1311 // not supported (00000000-0000-0000-0000-000000000000). 1312 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 1313} 1314 1315// Request message for 1316// [CertificateAuthorityService.GetCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate]. 1317message GetCertificateTemplateRequest { 1318 // Required. The 1319 // [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the 1320 // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] 1321 // to get. 1322 string name = 1 [ 1323 (google.api.field_behavior) = REQUIRED, 1324 (google.api.resource_reference) = { 1325 type: "privateca.googleapis.com/CertificateTemplate" 1326 } 1327 ]; 1328} 1329 1330// Request message for 1331// [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates]. 1332message ListCertificateTemplatesRequest { 1333 // Required. The resource name of the location associated with the 1334 // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], 1335 // in the format `projects/*/locations/*`. 1336 string parent = 1 [ 1337 (google.api.field_behavior) = REQUIRED, 1338 (google.api.resource_reference) = { 1339 type: "locations.googleapis.com/Location" 1340 } 1341 ]; 1342 1343 // Optional. Limit on the number of 1344 // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] 1345 // to include in the response. Further 1346 // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] 1347 // can subsequently be obtained by including the 1348 // [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] 1349 // in a subsequent request. If unspecified, the server will pick an 1350 // appropriate default. 1351 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 1352 1353 // Optional. Pagination token, returned earlier via 1354 // [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]. 1355 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 1356 1357 // Optional. Only include resources that match the filter in the response. 1358 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 1359 1360 // Optional. Specify how the results should be sorted. 1361 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 1362} 1363 1364// Response message for 1365// [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates]. 1366message ListCertificateTemplatesResponse { 1367 // The list of 1368 // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]. 1369 repeated CertificateTemplate certificate_templates = 1; 1370 1371 // A token to retrieve next page of results. Pass this value in 1372 // [ListCertificateTemplatesRequest.next_page_token][] to retrieve 1373 // the next page of results. 1374 string next_page_token = 2; 1375 1376 // A list of locations (e.g. "us-west1") that could not be reached. 1377 repeated string unreachable = 3; 1378} 1379 1380// Request message for 1381// [CertificateAuthorityService.UpdateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateTemplate]. 1382message UpdateCertificateTemplateRequest { 1383 // Required. 1384 // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] 1385 // with updated values. 1386 CertificateTemplate certificate_template = 1 1387 [(google.api.field_behavior) = REQUIRED]; 1388 1389 // Required. A list of fields to be updated in this request. 1390 google.protobuf.FieldMask update_mask = 2 1391 [(google.api.field_behavior) = REQUIRED]; 1392 1393 // Optional. An ID to identify requests. Specify a unique request ID so that 1394 // if you must retry your request, the server will know to ignore the request 1395 // if it has already been completed. The server will guarantee that for at 1396 // least 60 minutes since the first request. 1397 // 1398 // For example, consider a situation where you make an initial request and 1399 // the request times out. If you make the request again with the same request 1400 // ID, the server can check if original operation with the same request ID 1401 // was received, and if so, will ignore the second request. This prevents 1402 // clients from accidentally creating duplicate commitments. 1403 // 1404 // The request ID must be a valid UUID with the exception that zero UUID is 1405 // not supported (00000000-0000-0000-0000-000000000000). 1406 string request_id = 3 [(google.api.field_behavior) = OPTIONAL]; 1407} 1408 1409// Represents the metadata of the long-running operation. 1410message OperationMetadata { 1411 // Output only. The time the operation was created. 1412 google.protobuf.Timestamp create_time = 1 1413 [(google.api.field_behavior) = OUTPUT_ONLY]; 1414 1415 // Output only. The time the operation finished running. 1416 google.protobuf.Timestamp end_time = 2 1417 [(google.api.field_behavior) = OUTPUT_ONLY]; 1418 1419 // Output only. Server-defined resource path for the target of the operation. 1420 string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 1421 1422 // Output only. Name of the verb executed by the operation. 1423 string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 1424 1425 // Output only. Human-readable status of the operation, if any. 1426 string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 1427 1428 // Output only. Identifies whether the user has requested cancellation 1429 // of the operation. Operations that have successfully been cancelled 1430 // have [Operation.error][] value with a 1431 // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to 1432 // `Code.CANCELLED`. 1433 bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 1434 1435 // Output only. API version used to start the operation. 1436 string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 1437} 1438