1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.certificatemanager.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/protobuf/duration.proto"; 22import "google/protobuf/timestamp.proto"; 23 24option csharp_namespace = "Google.Cloud.CertificateManager.V1"; 25option go_package = "cloud.google.com/go/certificatemanager/apiv1/certificatemanagerpb;certificatemanagerpb"; 26option java_multiple_files = true; 27option java_outer_classname = "CertificateIssuanceConfigProto"; 28option java_package = "com.google.cloud.certificatemanager.v1"; 29option php_namespace = "Google\\Cloud\\CertificateManager\\V1"; 30option ruby_package = "Google::Cloud::CertificateManager::V1"; 31option (google.api.resource_definition) = { 32 type: "privateca.googleapis.com/CaPool" 33 pattern: "projects/{project}/locations/{location}/caPools/{ca_pool}" 34}; 35 36// Request for the `ListCertificateIssuanceConfigs` method. 37message ListCertificateIssuanceConfigsRequest { 38 // Required. The project and location from which the certificate should be 39 // listed, specified in the format `projects/*/locations/*`. 40 string parent = 1 [ 41 (google.api.field_behavior) = REQUIRED, 42 (google.api.resource_reference) = { 43 type: "locations.googleapis.com/Location" 44 } 45 ]; 46 47 // Maximum number of certificate configs to return per call. 48 int32 page_size = 2; 49 50 // The value returned by the last `ListCertificateIssuanceConfigsResponse`. 51 // Indicates that this is a continuation of a prior 52 // `ListCertificateIssuanceConfigs` call, and that the system should return 53 // the next page of data. 54 string page_token = 3; 55 56 // Filter expression to restrict the Certificates Configs returned. 57 string filter = 4; 58 59 // A list of Certificate Config field names used to specify the order of the 60 // returned results. The default sorting order is ascending. To specify 61 // descending order for a field, add a suffix `" desc"`. 62 string order_by = 5; 63} 64 65// Response for the `ListCertificateIssuanceConfigs` method. 66message ListCertificateIssuanceConfigsResponse { 67 // A list of certificate configs for the parent resource. 68 repeated CertificateIssuanceConfig certificate_issuance_configs = 1; 69 70 // If there might be more results than those appearing in this response, then 71 // `next_page_token` is included. To get the next set of results, call this 72 // method again using the value of `next_page_token` as `page_token`. 73 string next_page_token = 2; 74 75 // Locations that could not be reached. 76 repeated string unreachable = 3; 77} 78 79// Request for the `GetCertificateIssuanceConfig` method. 80message GetCertificateIssuanceConfigRequest { 81 // Required. A name of the certificate issuance config to describe. Must be in 82 // the format `projects/*/locations/*/certificateIssuanceConfigs/*`. 83 string name = 1 [ 84 (google.api.field_behavior) = REQUIRED, 85 (google.api.resource_reference) = { 86 type: "certificatemanager.googleapis.com/CertificateIssuanceConfig" 87 } 88 ]; 89} 90 91// Request for the `CreateCertificateIssuanceConfig` method. 92message CreateCertificateIssuanceConfigRequest { 93 // Required. The parent resource of the certificate issuance config. Must be 94 // in the format `projects/*/locations/*`. 95 string parent = 1 [ 96 (google.api.field_behavior) = REQUIRED, 97 (google.api.resource_reference) = { 98 type: "locations.googleapis.com/Location" 99 } 100 ]; 101 102 // Required. A user-provided name of the certificate config. 103 string certificate_issuance_config_id = 2 104 [(google.api.field_behavior) = REQUIRED]; 105 106 // Required. A definition of the certificate issuance config to create. 107 CertificateIssuanceConfig certificate_issuance_config = 3 108 [(google.api.field_behavior) = REQUIRED]; 109} 110 111// Request for the `DeleteCertificateIssuanceConfig` method. 112message DeleteCertificateIssuanceConfigRequest { 113 // Required. A name of the certificate issuance config to delete. Must be in 114 // the format `projects/*/locations/*/certificateIssuanceConfigs/*`. 115 string name = 1 [ 116 (google.api.field_behavior) = REQUIRED, 117 (google.api.resource_reference) = { 118 type: "certificatemanager.googleapis.com/CertificateIssuanceConfig" 119 } 120 ]; 121} 122 123// CertificateIssuanceConfig specifies how to issue and manage a certificate. 124message CertificateIssuanceConfig { 125 option (google.api.resource) = { 126 type: "certificatemanager.googleapis.com/CertificateIssuanceConfig" 127 pattern: "projects/{project}/locations/{location}/certificateIssuanceConfigs/{certificate_issuance_config}" 128 }; 129 130 // The CA that issues the workload certificate. It includes CA address, type, 131 // authentication to CA service, etc. 132 message CertificateAuthorityConfig { 133 // Contains information required to contact CA service. 134 message CertificateAuthorityServiceConfig { 135 // Required. A CA pool resource used to issue a certificate. 136 // The CA pool string has a relative resource path following the form 137 // "projects/{project}/locations/{location}/caPools/{ca_pool}". 138 string ca_pool = 1 [ 139 (google.api.field_behavior) = REQUIRED, 140 (google.api.resource_reference) = { 141 type: "privateca.googleapis.com/CaPool" 142 } 143 ]; 144 } 145 146 oneof kind { 147 // Defines a CertificateAuthorityServiceConfig. 148 CertificateAuthorityServiceConfig certificate_authority_service_config = 149 1; 150 } 151 } 152 153 // The type of keypair to generate. 154 enum KeyAlgorithm { 155 // Unspecified key algorithm. 156 KEY_ALGORITHM_UNSPECIFIED = 0; 157 158 // Specifies RSA with a 2048-bit modulus. 159 RSA_2048 = 1; 160 161 // Specifies ECDSA with curve P256. 162 ECDSA_P256 = 4; 163 } 164 165 // A user-defined name of the certificate issuance config. 166 // CertificateIssuanceConfig names must be unique globally and match pattern 167 // `projects/*/locations/*/certificateIssuanceConfigs/*`. 168 string name = 1; 169 170 // Output only. The creation timestamp of a CertificateIssuanceConfig. 171 google.protobuf.Timestamp create_time = 2 172 [(google.api.field_behavior) = OUTPUT_ONLY]; 173 174 // Output only. The last update timestamp of a CertificateIssuanceConfig. 175 google.protobuf.Timestamp update_time = 3 176 [(google.api.field_behavior) = OUTPUT_ONLY]; 177 178 // Set of labels associated with a CertificateIssuanceConfig. 179 map<string, string> labels = 4; 180 181 // One or more paragraphs of text description of a CertificateIssuanceConfig. 182 string description = 5; 183 184 // Required. The CA that issues the workload certificate. It includes the CA 185 // address, type, authentication to CA service, etc. 186 CertificateAuthorityConfig certificate_authority_config = 6 187 [(google.api.field_behavior) = REQUIRED]; 188 189 // Required. Workload certificate lifetime requested. 190 google.protobuf.Duration lifetime = 7 191 [(google.api.field_behavior) = REQUIRED]; 192 193 // Required. Specifies the percentage of elapsed time of the certificate 194 // lifetime to wait before renewing the certificate. Must be a number between 195 // 1-99, inclusive. 196 int32 rotation_window_percentage = 8 [(google.api.field_behavior) = REQUIRED]; 197 198 // Required. The key algorithm to use when generating the private key. 199 KeyAlgorithm key_algorithm = 9 [(google.api.field_behavior) = REQUIRED]; 200} 201