1// Copyright 2020 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.security.privateca.v1beta1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/cloud/security/privateca/v1beta1/resources.proto"; 24import "google/longrunning/operations.proto"; 25import "google/protobuf/field_mask.proto"; 26import "google/protobuf/timestamp.proto"; 27 28option cc_enable_arenas = true; 29option csharp_namespace = "Google.Cloud.Security.PrivateCA.V1Beta1"; 30option go_package = "cloud.google.com/go/security/privateca/apiv1beta1/privatecapb;privatecapb"; 31option java_multiple_files = true; 32option java_outer_classname = "PrivateCaProto"; 33option java_package = "com.google.cloud.security.privateca.v1beta1"; 34option php_namespace = "Google\\Cloud\\Security\\PrivateCA\\V1beta1"; 35option ruby_package = "Google::Cloud::Security::PrivateCA::V1beta1"; 36 37// [Certificate Authority Service][google.cloud.security.privateca.v1beta1.CertificateAuthorityService] manages private 38// certificate authorities and issued certificates. 39service CertificateAuthorityService { 40 option (google.api.default_host) = "privateca.googleapis.com"; 41 option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; 42 43 // Create a new [Certificate][google.cloud.security.privateca.v1beta1.Certificate] in a given Project, Location from a particular 44 // [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]. 45 rpc CreateCertificate(CreateCertificateRequest) returns (Certificate) { 46 option (google.api.http) = { 47 post: "/v1beta1/{parent=projects/*/locations/*/certificateAuthorities/*}/certificates" 48 body: "certificate" 49 }; 50 option (google.api.method_signature) = "parent,certificate,certificate_id"; 51 } 52 53 // Returns a [Certificate][google.cloud.security.privateca.v1beta1.Certificate]. 54 rpc GetCertificate(GetCertificateRequest) returns (Certificate) { 55 option (google.api.http) = { 56 get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*/certificates/*}" 57 }; 58 option (google.api.method_signature) = "name"; 59 } 60 61 // Lists [Certificates][google.cloud.security.privateca.v1beta1.Certificate]. 62 rpc ListCertificates(ListCertificatesRequest) returns (ListCertificatesResponse) { 63 option (google.api.http) = { 64 get: "/v1beta1/{parent=projects/*/locations/*/certificateAuthorities/*}/certificates" 65 }; 66 option (google.api.method_signature) = "parent"; 67 } 68 69 // Revoke a [Certificate][google.cloud.security.privateca.v1beta1.Certificate]. 70 rpc RevokeCertificate(RevokeCertificateRequest) returns (Certificate) { 71 option (google.api.http) = { 72 post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*/certificates/*}:revoke" 73 body: "*" 74 }; 75 option (google.api.method_signature) = "name"; 76 } 77 78 // Update a [Certificate][google.cloud.security.privateca.v1beta1.Certificate]. Currently, the only field you can update is the 79 // [labels][google.cloud.security.privateca.v1beta1.Certificate.labels] field. 80 rpc UpdateCertificate(UpdateCertificateRequest) returns (Certificate) { 81 option (google.api.http) = { 82 patch: "/v1beta1/{certificate.name=projects/*/locations/*/certificateAuthorities/*/certificates/*}" 83 body: "certificate" 84 }; 85 option (google.api.method_signature) = "certificate,update_mask"; 86 } 87 88 // Activate a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] that is in state 89 // [PENDING_ACTIVATION][google.cloud.security.privateca.v1beta1.CertificateAuthority.State.PENDING_ACTIVATION] and is 90 // of type [SUBORDINATE][google.cloud.security.privateca.v1beta1.CertificateAuthority.Type.SUBORDINATE]. After the 91 // parent Certificate Authority signs a certificate signing request from 92 // [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation 93 // process. 94 rpc ActivateCertificateAuthority(ActivateCertificateAuthorityRequest) returns (google.longrunning.Operation) { 95 option (google.api.http) = { 96 post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:activate" 97 body: "*" 98 }; 99 option (google.api.method_signature) = "name"; 100 option (google.longrunning.operation_info) = { 101 response_type: "CertificateAuthority" 102 metadata_type: "OperationMetadata" 103 }; 104 } 105 106 // Create a new [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in a given Project and Location. 107 rpc CreateCertificateAuthority(CreateCertificateAuthorityRequest) returns (google.longrunning.Operation) { 108 option (google.api.http) = { 109 post: "/v1beta1/{parent=projects/*/locations/*}/certificateAuthorities" 110 body: "certificate_authority" 111 }; 112 option (google.api.method_signature) = "parent,certificate_authority,certificate_authority_id"; 113 option (google.longrunning.operation_info) = { 114 response_type: "CertificateAuthority" 115 metadata_type: "OperationMetadata" 116 }; 117 } 118 119 // Disable a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]. 120 rpc DisableCertificateAuthority(DisableCertificateAuthorityRequest) returns (google.longrunning.Operation) { 121 option (google.api.http) = { 122 post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:disable" 123 body: "*" 124 }; 125 option (google.api.method_signature) = "name"; 126 option (google.longrunning.operation_info) = { 127 response_type: "CertificateAuthority" 128 metadata_type: "OperationMetadata" 129 }; 130 } 131 132 // Enable a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]. 133 rpc EnableCertificateAuthority(EnableCertificateAuthorityRequest) returns (google.longrunning.Operation) { 134 option (google.api.http) = { 135 post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:enable" 136 body: "*" 137 }; 138 option (google.api.method_signature) = "name"; 139 option (google.longrunning.operation_info) = { 140 response_type: "CertificateAuthority" 141 metadata_type: "OperationMetadata" 142 }; 143 } 144 145 // Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] 146 // that is in state 147 // [PENDING_ACTIVATION][google.cloud.security.privateca.v1beta1.CertificateAuthority.State.PENDING_ACTIVATION] and is 148 // of type [SUBORDINATE][google.cloud.security.privateca.v1beta1.CertificateAuthority.Type.SUBORDINATE]. The CSR must 149 // then be signed by the desired parent Certificate Authority, which could be 150 // another [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] resource, or could be an on-prem 151 // certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ActivateCertificateAuthority]. 152 rpc FetchCertificateAuthorityCsr(FetchCertificateAuthorityCsrRequest) returns (FetchCertificateAuthorityCsrResponse) { 153 option (google.api.http) = { 154 get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:fetch" 155 }; 156 option (google.api.method_signature) = "name"; 157 } 158 159 // Returns a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]. 160 rpc GetCertificateAuthority(GetCertificateAuthorityRequest) returns (CertificateAuthority) { 161 option (google.api.http) = { 162 get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}" 163 }; 164 option (google.api.method_signature) = "name"; 165 } 166 167 // Lists [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority]. 168 rpc ListCertificateAuthorities(ListCertificateAuthoritiesRequest) returns (ListCertificateAuthoritiesResponse) { 169 option (google.api.http) = { 170 get: "/v1beta1/{parent=projects/*/locations/*}/certificateAuthorities" 171 }; 172 option (google.api.method_signature) = "parent"; 173 } 174 175 // Restore a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] that is scheduled for deletion. 176 rpc RestoreCertificateAuthority(RestoreCertificateAuthorityRequest) returns (google.longrunning.Operation) { 177 option (google.api.http) = { 178 post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:restore" 179 body: "*" 180 }; 181 option (google.api.method_signature) = "name"; 182 option (google.longrunning.operation_info) = { 183 response_type: "CertificateAuthority" 184 metadata_type: "OperationMetadata" 185 }; 186 } 187 188 // Schedule a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] for deletion. 189 rpc ScheduleDeleteCertificateAuthority(ScheduleDeleteCertificateAuthorityRequest) returns (google.longrunning.Operation) { 190 option (google.api.http) = { 191 post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:scheduleDelete" 192 body: "*" 193 }; 194 option (google.api.method_signature) = "name"; 195 option (google.longrunning.operation_info) = { 196 response_type: "CertificateAuthority" 197 metadata_type: "OperationMetadata" 198 }; 199 } 200 201 // Update a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]. 202 rpc UpdateCertificateAuthority(UpdateCertificateAuthorityRequest) returns (google.longrunning.Operation) { 203 option (google.api.http) = { 204 patch: "/v1beta1/{certificate_authority.name=projects/*/locations/*/certificateAuthorities/*}" 205 body: "certificate_authority" 206 }; 207 option (google.api.method_signature) = "certificate_authority,update_mask"; 208 option (google.longrunning.operation_info) = { 209 response_type: "CertificateAuthority" 210 metadata_type: "OperationMetadata" 211 }; 212 } 213 214 // Returns a [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList]. 215 rpc GetCertificateRevocationList(GetCertificateRevocationListRequest) returns (CertificateRevocationList) { 216 option (google.api.http) = { 217 get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*/certificateRevocationLists/*}" 218 }; 219 option (google.api.method_signature) = "name"; 220 } 221 222 // Lists [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList]. 223 rpc ListCertificateRevocationLists(ListCertificateRevocationListsRequest) returns (ListCertificateRevocationListsResponse) { 224 option (google.api.http) = { 225 get: "/v1beta1/{parent=projects/*/locations/*/certificateAuthorities/*}/certificateRevocationLists" 226 }; 227 option (google.api.method_signature) = "parent"; 228 } 229 230 // Update a [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList]. 231 rpc UpdateCertificateRevocationList(UpdateCertificateRevocationListRequest) returns (google.longrunning.Operation) { 232 option (google.api.http) = { 233 patch: "/v1beta1/{certificate_revocation_list.name=projects/*/locations/*/certificateAuthorities/*/certificateRevocationLists/*}" 234 body: "certificate_revocation_list" 235 }; 236 option (google.api.method_signature) = "certificate_revocation_list,update_mask"; 237 option (google.longrunning.operation_info) = { 238 response_type: "CertificateRevocationList" 239 metadata_type: "OperationMetadata" 240 }; 241 } 242 243 // Returns a [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig]. 244 rpc GetReusableConfig(GetReusableConfigRequest) returns (ReusableConfig) { 245 option (google.api.http) = { 246 get: "/v1beta1/{name=projects/*/locations/*/reusableConfigs/*}" 247 }; 248 option (google.api.method_signature) = "name"; 249 } 250 251 // Lists [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig]. 252 rpc ListReusableConfigs(ListReusableConfigsRequest) returns (ListReusableConfigsResponse) { 253 option (google.api.http) = { 254 get: "/v1beta1/{parent=projects/*/locations/*}/reusableConfigs" 255 }; 256 option (google.api.method_signature) = "parent"; 257 } 258} 259 260// Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.CreateCertificate]. 261message CreateCertificateRequest { 262 // Required. The resource name of the location and [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] 263 // associated with the [Certificate][google.cloud.security.privateca.v1beta1.Certificate], in the format 264 // `projects/*/locations/*/certificateAuthorities/*`. 265 string parent = 1 [ 266 (google.api.field_behavior) = REQUIRED, 267 (google.api.resource_reference) = { 268 type: "privateca.googleapis.com/CertificateAuthority" 269 } 270 ]; 271 272 // Optional. It must be unique within a location and match the regular 273 // expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a 274 // [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][google.cloud.security.privateca.v1beta1.CertificateAuthority.Tier], 275 // but is optional and its value is ignored otherwise. 276 string certificate_id = 2 [(google.api.field_behavior) = OPTIONAL]; 277 278 // Required. A [Certificate][google.cloud.security.privateca.v1beta1.Certificate] with initial field values. 279 Certificate certificate = 3 [(google.api.field_behavior) = REQUIRED]; 280 281 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 282 // retry your request, the server will know to ignore the request if it has 283 // already been completed. The server will guarantee that for at least 60 284 // minutes since the first request. 285 // 286 // For example, consider a situation where you make an initial request and t 287 // he request times out. If you make the request again with the same request 288 // ID, the server can check if original operation with the same request ID 289 // was received, and if so, will ignore the second request. This prevents 290 // clients from accidentally creating duplicate commitments. 291 // 292 // The request ID must be a valid UUID with the exception that zero UUID is 293 // not supported (00000000-0000-0000-0000-000000000000). 294 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 295} 296 297// Request message for 298// [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificate]. 299message GetCertificateRequest { 300 // Required. The [name][google.cloud.security.privateca.v1beta1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1beta1.Certificate] to get. 301 string name = 1 [ 302 (google.api.field_behavior) = REQUIRED, 303 (google.api.resource_reference) = { 304 type: "privateca.googleapis.com/Certificate" 305 } 306 ]; 307} 308 309// Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificates]. 310message ListCertificatesRequest { 311 // Required. The resource name of the location associated with the 312 // [Certificates][google.cloud.security.privateca.v1beta1.Certificate], in the format 313 // `projects/*/locations/*/certificateauthorities/*`. 314 string parent = 1 [ 315 (google.api.field_behavior) = REQUIRED, 316 (google.api.resource_reference) = { 317 type: "privateca.googleapis.com/CertificateAuthority" 318 } 319 ]; 320 321 // Optional. Limit on the number of 322 // [Certificates][google.cloud.security.privateca.v1beta1.Certificate] to include in the 323 // response. Further [Certificates][google.cloud.security.privateca.v1beta1.Certificate] can subsequently be obtained 324 // by including the 325 // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificatesResponse.next_page_token] in a subsequent 326 // request. If unspecified, the server will pick an appropriate default. 327 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 328 329 // Optional. Pagination token, returned earlier via 330 // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificatesResponse.next_page_token]. 331 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 332 333 // Optional. Only include resources that match the filter in the response. For details 334 // on supported filters and syntax, see [Certificates Filtering 335 // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support). 336 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 337 338 // Optional. Specify how the results should be sorted. For details on supported fields 339 // and syntax, see [Certificates Sorting 340 // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support). 341 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 342} 343 344// Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificates]. 345message ListCertificatesResponse { 346 // The list of [Certificates][google.cloud.security.privateca.v1beta1.Certificate]. 347 repeated Certificate certificates = 1; 348 349 // A token to retrieve next page of results. Pass this value in 350 // [ListCertificatesRequest.next_page_token][] to retrieve the 351 // next page of results. 352 string next_page_token = 2; 353 354 // A list of locations (e.g. "us-west1") that could not be reached. 355 repeated string unreachable = 3; 356} 357 358// Request message for 359// [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.RevokeCertificate]. 360message RevokeCertificateRequest { 361 // Required. The resource name for this [Certificate][google.cloud.security.privateca.v1beta1.Certificate] in the 362 // format `projects/*/locations/*/certificateAuthorities/*/certificates/*`. 363 string name = 1 [ 364 (google.api.field_behavior) = REQUIRED, 365 (google.api.resource_reference) = { 366 type: "privateca.googleapis.com/Certificate" 367 } 368 ]; 369 370 // Required. The [RevocationReason][google.cloud.security.privateca.v1beta1.RevocationReason] for revoking this certificate. 371 RevocationReason reason = 2 [(google.api.field_behavior) = REQUIRED]; 372 373 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 374 // retry your request, the server will know to ignore the request if it has 375 // already been completed. The server will guarantee that for at least 60 376 // minutes since the first request. 377 // 378 // For example, consider a situation where you make an initial request and t 379 // he request times out. If you make the request again with the same request 380 // ID, the server can check if original operation with the same request ID 381 // was received, and if so, will ignore the second request. This prevents 382 // clients from accidentally creating duplicate commitments. 383 // 384 // The request ID must be a valid UUID with the exception that zero UUID is 385 // not supported (00000000-0000-0000-0000-000000000000). 386 string request_id = 3 [(google.api.field_behavior) = OPTIONAL]; 387} 388 389// Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.UpdateCertificate]. 390message UpdateCertificateRequest { 391 // Required. [Certificate][google.cloud.security.privateca.v1beta1.Certificate] with updated values. 392 Certificate certificate = 1 [(google.api.field_behavior) = REQUIRED]; 393 394 // Required. A list of fields to be updated in this request. 395 google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; 396 397 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 398 // retry your request, the server will know to ignore the request if it has 399 // already been completed. The server will guarantee that for at least 60 400 // minutes since the first request. 401 // 402 // For example, consider a situation where you make an initial request and t 403 // he request times out. If you make the request again with the same request 404 // ID, the server can check if original operation with the same request ID 405 // was received, and if so, will ignore the second request. This prevents 406 // clients from accidentally creating duplicate commitments. 407 // 408 // The request ID must be a valid UUID with the exception that zero UUID is 409 // not supported (00000000-0000-0000-0000-000000000000). 410 string request_id = 3 [(google.api.field_behavior) = OPTIONAL]; 411} 412 413// Request message for 414// [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ActivateCertificateAuthority]. 415message ActivateCertificateAuthorityRequest { 416 // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the 417 // format `projects/*/locations/*/certificateAuthorities/*`. 418 string name = 1 [ 419 (google.api.field_behavior) = REQUIRED, 420 (google.api.resource_reference) = { 421 type: "privateca.googleapis.com/CertificateAuthority" 422 } 423 ]; 424 425 // Required. The signed CA certificate issued from 426 // [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1beta1.FetchCertificateAuthorityCsrResponse.pem_csr]. 427 string pem_ca_certificate = 2 [(google.api.field_behavior) = REQUIRED]; 428 429 // Required. Must include information about the issuer of 'pem_ca_certificate', and any 430 // further issuers until the self-signed CA. 431 SubordinateConfig subordinate_config = 3 [(google.api.field_behavior) = REQUIRED]; 432 433 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 434 // retry your request, the server will know to ignore the request if it has 435 // already been completed. The server will guarantee that for at least 60 436 // minutes since the first request. 437 // 438 // For example, consider a situation where you make an initial request and t 439 // he request times out. If you make the request again with the same request 440 // ID, the server can check if original operation with the same request ID 441 // was received, and if so, will ignore the second request. This prevents 442 // clients from accidentally creating duplicate commitments. 443 // 444 // The request ID must be a valid UUID with the exception that zero UUID is 445 // not supported (00000000-0000-0000-0000-000000000000). 446 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 447} 448 449// Request message for 450// [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.CreateCertificateAuthority]. 451message CreateCertificateAuthorityRequest { 452 // Required. The resource name of the location associated with the 453 // [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority], in the format 454 // `projects/*/locations/*`. 455 string parent = 1 [ 456 (google.api.field_behavior) = REQUIRED, 457 (google.api.resource_reference) = { 458 type: "locations.googleapis.com/Location" 459 } 460 ]; 461 462 // Required. It must be unique within a location and match the regular 463 // expression `[a-zA-Z0-9_-]{1,63}` 464 string certificate_authority_id = 2 [(google.api.field_behavior) = REQUIRED]; 465 466 // Required. A [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] with initial field values. 467 CertificateAuthority certificate_authority = 3 [(google.api.field_behavior) = REQUIRED]; 468 469 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 470 // retry your request, the server will know to ignore the request if it has 471 // already been completed. The server will guarantee that for at least 60 472 // minutes since the first request. 473 // 474 // For example, consider a situation where you make an initial request and t 475 // he request times out. If you make the request again with the same request 476 // ID, the server can check if original operation with the same request ID 477 // was received, and if so, will ignore the second request. This prevents 478 // clients from accidentally creating duplicate commitments. 479 // 480 // The request ID must be a valid UUID with the exception that zero UUID is 481 // not supported (00000000-0000-0000-0000-000000000000). 482 string request_id = 4 [(google.api.field_behavior) = OPTIONAL]; 483} 484 485// Request message for 486// [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.DisableCertificateAuthority]. 487message DisableCertificateAuthorityRequest { 488 // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the 489 // format `projects/*/locations/*/certificateAuthorities/*`. 490 string name = 1 [ 491 (google.api.field_behavior) = REQUIRED, 492 (google.api.resource_reference) = { 493 type: "privateca.googleapis.com/CertificateAuthority" 494 } 495 ]; 496 497 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 498 // retry your request, the server will know to ignore the request if it has 499 // already been completed. The server will guarantee that for at least 60 500 // minutes since the first request. 501 // 502 // For example, consider a situation where you make an initial request and t 503 // he request times out. If you make the request again with the same request 504 // ID, the server can check if original operation with the same request ID 505 // was received, and if so, will ignore the second request. This prevents 506 // clients from accidentally creating duplicate commitments. 507 // 508 // The request ID must be a valid UUID with the exception that zero UUID is 509 // not supported (00000000-0000-0000-0000-000000000000). 510 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 511} 512 513// Request message for 514// [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.EnableCertificateAuthority]. 515message EnableCertificateAuthorityRequest { 516 // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the 517 // format `projects/*/locations/*/certificateAuthorities/*`. 518 string name = 1 [ 519 (google.api.field_behavior) = REQUIRED, 520 (google.api.resource_reference) = { 521 type: "privateca.googleapis.com/CertificateAuthority" 522 } 523 ]; 524 525 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 526 // retry your request, the server will know to ignore the request if it has 527 // already been completed. The server will guarantee that for at least 60 528 // minutes since the first request. 529 // 530 // For example, consider a situation where you make an initial request and t 531 // he request times out. If you make the request again with the same request 532 // ID, the server can check if original operation with the same request ID 533 // was received, and if so, will ignore the second request. This prevents 534 // clients from accidentally creating duplicate commitments. 535 // 536 // The request ID must be a valid UUID with the exception that zero UUID is 537 // not supported (00000000-0000-0000-0000-000000000000). 538 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 539} 540 541// Request message for 542// [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.FetchCertificateAuthorityCsr]. 543message FetchCertificateAuthorityCsrRequest { 544 // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the 545 // format `projects/*/locations/*/certificateAuthorities/*`. 546 string name = 1 [ 547 (google.api.field_behavior) = REQUIRED, 548 (google.api.resource_reference) = { 549 type: "privateca.googleapis.com/CertificateAuthority" 550 } 551 ]; 552} 553 554// Response message for 555// [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.FetchCertificateAuthorityCsr]. 556message FetchCertificateAuthorityCsrResponse { 557 // Output only. The PEM-encoded signed certificate signing request (CSR). 558 string pem_csr = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 559} 560 561// Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificateAuthority]. 562message GetCertificateAuthorityRequest { 563 // Required. The [name][google.cloud.security.privateca.v1beta1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] to 564 // get. 565 string name = 1 [ 566 (google.api.field_behavior) = REQUIRED, 567 (google.api.resource_reference) = { 568 type: "privateca.googleapis.com/CertificateAuthority" 569 } 570 ]; 571} 572 573// Request message for 574// [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateAuthorities]. 575message ListCertificateAuthoritiesRequest { 576 // Required. The resource name of the location associated with the 577 // [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority], in the format 578 // `projects/*/locations/*`. 579 string parent = 1 [ 580 (google.api.field_behavior) = REQUIRED, 581 (google.api.resource_reference) = { 582 type: "locations.googleapis.com/Location" 583 } 584 ]; 585 586 // Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority] to 587 // include in the response. 588 // Further [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority] can subsequently be 589 // obtained by including the 590 // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent 591 // request. If unspecified, the server will pick an appropriate default. 592 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 593 594 // Optional. Pagination token, returned earlier via 595 // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateAuthoritiesResponse.next_page_token]. 596 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 597 598 // Optional. Only include resources that match the filter in the response. 599 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 600 601 // Optional. Specify how the results should be sorted. 602 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 603} 604 605// Response message for 606// [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateAuthorities]. 607message ListCertificateAuthoritiesResponse { 608 // The list of [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority]. 609 repeated CertificateAuthority certificate_authorities = 1; 610 611 // A token to retrieve next page of results. Pass this value in 612 // [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next 613 // page of results. 614 string next_page_token = 2; 615 616 // A list of locations (e.g. "us-west1") that could not be reached. 617 repeated string unreachable = 3; 618} 619 620// Request message for 621// [CertificateAuthorityService.RestoreCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.RestoreCertificateAuthority]. 622message RestoreCertificateAuthorityRequest { 623 // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the 624 // format `projects/*/locations/*/certificateAuthorities/*`. 625 string name = 1 [ 626 (google.api.field_behavior) = REQUIRED, 627 (google.api.resource_reference) = { 628 type: "privateca.googleapis.com/CertificateAuthority" 629 } 630 ]; 631 632 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 633 // retry your request, the server will know to ignore the request if it has 634 // already been completed. The server will guarantee that for at least 60 635 // minutes since the first request. 636 // 637 // For example, consider a situation where you make an initial request and t 638 // he request times out. If you make the request again with the same request 639 // ID, the server can check if original operation with the same request ID 640 // was received, and if so, will ignore the second request. This prevents 641 // clients from accidentally creating duplicate commitments. 642 // 643 // The request ID must be a valid UUID with the exception that zero UUID is 644 // not supported (00000000-0000-0000-0000-000000000000). 645 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 646} 647 648// Request message for 649// [CertificateAuthorityService.ScheduleDeleteCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ScheduleDeleteCertificateAuthority]. 650message ScheduleDeleteCertificateAuthorityRequest { 651 // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the 652 // format `projects/*/locations/*/certificateAuthorities/*`. 653 string name = 1 [ 654 (google.api.field_behavior) = REQUIRED, 655 (google.api.resource_reference) = { 656 type: "privateca.googleapis.com/CertificateAuthority" 657 } 658 ]; 659 660 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 661 // retry your request, the server will know to ignore the request if it has 662 // already been completed. The server will guarantee that for at least 60 663 // minutes since the first request. 664 // 665 // For example, consider a situation where you make an initial request and t 666 // he request times out. If you make the request again with the same request 667 // ID, the server can check if original operation with the same request ID 668 // was received, and if so, will ignore the second request. This prevents 669 // clients from accidentally creating duplicate commitments. 670 // 671 // The request ID must be a valid UUID with the exception that zero UUID is 672 // not supported (00000000-0000-0000-0000-000000000000). 673 string request_id = 2 [(google.api.field_behavior) = OPTIONAL]; 674} 675 676// Request message for 677// [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.UpdateCertificateAuthority]. 678message UpdateCertificateAuthorityRequest { 679 // Required. [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] with updated values. 680 CertificateAuthority certificate_authority = 1 [(google.api.field_behavior) = REQUIRED]; 681 682 // Required. A list of fields to be updated in this request. 683 google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; 684 685 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 686 // retry your request, the server will know to ignore the request if it has 687 // already been completed. The server will guarantee that for at least 60 688 // minutes since the first request. 689 // 690 // For example, consider a situation where you make an initial request and t 691 // he request times out. If you make the request again with the same request 692 // ID, the server can check if original operation with the same request ID 693 // was received, and if so, will ignore the second request. This prevents 694 // clients from accidentally creating duplicate commitments. 695 // 696 // The request ID must be a valid UUID with the exception that zero UUID is 697 // not supported (00000000-0000-0000-0000-000000000000). 698 string request_id = 3 [(google.api.field_behavior) = OPTIONAL]; 699} 700 701// Request message for 702// [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificateRevocationList]. 703message GetCertificateRevocationListRequest { 704 // Required. The [name][google.cloud.security.privateca.v1beta1.CertificateRevocationList.name] of the 705 // [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] to get. 706 string name = 1 [ 707 (google.api.field_behavior) = REQUIRED, 708 (google.api.resource_reference) = { 709 type: "privateca.googleapis.com/CertificateRevocationList" 710 } 711 ]; 712} 713 714// Request message for 715// [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateRevocationLists]. 716message ListCertificateRevocationListsRequest { 717 // Required. The resource name of the location associated with the 718 // [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList], in the format 719 // `projects/*/locations/*/certificateauthorities/*`. 720 string parent = 1 [ 721 (google.api.field_behavior) = REQUIRED, 722 (google.api.resource_reference) = { 723 type: "privateca.googleapis.com/CertificateAuthority" 724 } 725 ]; 726 727 // Optional. Limit on the number of 728 // [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList] to include in the 729 // response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList] 730 // can subsequently be obtained by including the 731 // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent 732 // request. If unspecified, the server will pick an appropriate default. 733 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 734 735 // Optional. Pagination token, returned earlier via 736 // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateRevocationListsResponse.next_page_token]. 737 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 738 739 // Optional. Only include resources that match the filter in the response. 740 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 741 742 // Optional. Specify how the results should be sorted. 743 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 744} 745 746// Response message for 747// [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateRevocationLists]. 748message ListCertificateRevocationListsResponse { 749 // The list of [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList]. 750 repeated CertificateRevocationList certificate_revocation_lists = 1; 751 752 // A token to retrieve next page of results. Pass this value in 753 // [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the 754 // next page of results. 755 string next_page_token = 2; 756 757 // A list of locations (e.g. "us-west1") that could not be reached. 758 repeated string unreachable = 3; 759} 760 761// Request message for 762// [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.UpdateCertificateRevocationList]. 763message UpdateCertificateRevocationListRequest { 764 // Required. [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] with updated values. 765 CertificateRevocationList certificate_revocation_list = 1 [(google.api.field_behavior) = REQUIRED]; 766 767 // Required. A list of fields to be updated in this request. 768 google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; 769 770 // Optional. An ID to identify requests. Specify a unique request ID so that if you must 771 // retry your request, the server will know to ignore the request if it has 772 // already been completed. The server will guarantee that for at least 60 773 // minutes since the first request. 774 // 775 // For example, consider a situation where you make an initial request and t 776 // he request times out. If you make the request again with the same request 777 // ID, the server can check if original operation with the same request ID 778 // was received, and if so, will ignore the second request. This prevents 779 // clients from accidentally creating duplicate commitments. 780 // 781 // The request ID must be a valid UUID with the exception that zero UUID is 782 // not supported (00000000-0000-0000-0000-000000000000). 783 string request_id = 3 [(google.api.field_behavior) = OPTIONAL]; 784} 785 786// Request message for 787// [CertificateAuthorityService.GetReusableConfig][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetReusableConfig]. 788message GetReusableConfigRequest { 789 // Required. The [name][ReusableConfigs.name] of the [ReusableConfigs][] to get. 790 string name = 1 [ 791 (google.api.field_behavior) = REQUIRED, 792 (google.api.resource_reference) = { 793 type: "privateca.googleapis.com/ReusableConfig" 794 } 795 ]; 796} 797 798// Request message for 799// [CertificateAuthorityService.ListReusableConfigs][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListReusableConfigs]. 800message ListReusableConfigsRequest { 801 // Required. The resource name of the location associated with the 802 // [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig], in the format 803 // `projects/*/locations/*`. 804 string parent = 1 [ 805 (google.api.field_behavior) = REQUIRED, 806 (google.api.resource_reference) = { 807 type: "locations.googleapis.com/Location" 808 } 809 ]; 810 811 // Optional. Limit on the number of 812 // [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig] to include in the response. 813 // Further [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig] can subsequently be 814 // obtained by including the 815 // [ListReusableConfigsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListReusableConfigsResponse.next_page_token] in a subsequent request. If 816 // unspecified, the server will pick an appropriate default. 817 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 818 819 // Optional. Pagination token, returned earlier via 820 // [ListReusableConfigsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListReusableConfigsResponse.next_page_token]. 821 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 822 823 // Optional. Only include resources that match the filter in the response. 824 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 825 826 // Optional. Specify how the results should be sorted. 827 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 828} 829 830// Response message for 831// [CertificateAuthorityService.ListReusableConfigs][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListReusableConfigs]. 832message ListReusableConfigsResponse { 833 // The list of [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig]. 834 repeated ReusableConfig reusable_configs = 1; 835 836 // A token to retrieve next page of results. Pass this value in 837 // [ListReusableConfigsRequest.next_page_token][] to retrieve 838 // the next page of results. 839 string next_page_token = 2; 840 841 // A list of locations (e.g. "us-west1") that could not be reached. 842 repeated string unreachable = 3; 843} 844 845// Represents the metadata of the long-running operation. 846message OperationMetadata { 847 // Output only. The time the operation was created. 848 google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 849 850 // Output only. The time the operation finished running. 851 google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 852 853 // Output only. Server-defined resource path for the target of the operation. 854 string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 855 856 // Output only. Name of the verb executed by the operation. 857 string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 858 859 // Output only. Human-readable status of the operation, if any. 860 string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 861 862 // Output only. Identifies whether the user has requested cancellation 863 // of the operation. Operations that have successfully been cancelled 864 // have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1, 865 // corresponding to `Code.CANCELLED`. 866 bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 867 868 // Output only. API version used to start the operation. 869 string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 870} 871