service.proto 63 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273
  1. // Copyright 2021 Google LLC
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. syntax = "proto3";
  15. package google.cloud.security.privateca.v1;
  16. import "google/api/annotations.proto";
  17. import "google/api/client.proto";
  18. import "google/api/field_behavior.proto";
  19. import "google/api/resource.proto";
  20. import "google/cloud/security/privateca/v1/resources.proto";
  21. import "google/longrunning/operations.proto";
  22. import "google/protobuf/duration.proto";
  23. import "google/protobuf/field_mask.proto";
  24. import "google/protobuf/timestamp.proto";
  25. option cc_enable_arenas = true;
  26. option csharp_namespace = "Google.Cloud.Security.PrivateCA.V1";
  27. option go_package = "google.golang.org/genproto/googleapis/cloud/security/privateca/v1;privateca";
  28. option java_multiple_files = true;
  29. option java_outer_classname = "PrivateCaProto";
  30. option java_package = "com.google.cloud.security.privateca.v1";
  31. option php_namespace = "Google\\Cloud\\Security\\PrivateCA\\V1";
  32. option ruby_package = "Google::Cloud::Security::PrivateCA::V1";
  33. // [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
  34. // certificate authorities and issued certificates.
  35. service CertificateAuthorityService {
  36. option (google.api.default_host) = "privateca.googleapis.com";
  37. option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
  38. // Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
  39. // [CaPool][google.cloud.security.privateca.v1.CaPool].
  40. rpc CreateCertificate(CreateCertificateRequest) returns (Certificate) {
  41. option (google.api.http) = {
  42. post: "/v1/{parent=projects/*/locations/*/caPools/*}/certificates"
  43. body: "certificate"
  44. };
  45. option (google.api.method_signature) = "parent,certificate,certificate_id";
  46. }
  47. // Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
  48. rpc GetCertificate(GetCertificateRequest) returns (Certificate) {
  49. option (google.api.http) = {
  50. get: "/v1/{name=projects/*/locations/*/caPools/*/certificates/*}"
  51. };
  52. option (google.api.method_signature) = "name";
  53. }
  54. // Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
  55. rpc ListCertificates(ListCertificatesRequest) returns (ListCertificatesResponse) {
  56. option (google.api.http) = {
  57. get: "/v1/{parent=projects/*/locations/*/caPools/*}/certificates"
  58. };
  59. option (google.api.method_signature) = "parent";
  60. }
  61. // Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
  62. rpc RevokeCertificate(RevokeCertificateRequest) returns (Certificate) {
  63. option (google.api.http) = {
  64. post: "/v1/{name=projects/*/locations/*/caPools/*/certificates/*}:revoke"
  65. body: "*"
  66. };
  67. option (google.api.method_signature) = "name";
  68. }
  69. // Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
  70. // [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
  71. rpc UpdateCertificate(UpdateCertificateRequest) returns (Certificate) {
  72. option (google.api.http) = {
  73. patch: "/v1/{certificate.name=projects/*/locations/*/caPools/*/certificates/*}"
  74. body: "certificate"
  75. };
  76. option (google.api.method_signature) = "certificate,update_mask";
  77. }
  78. // Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
  79. // [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
  80. // and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
  81. // the parent Certificate Authority signs a certificate signing request from
  82. // [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
  83. // process.
  84. rpc ActivateCertificateAuthority(ActivateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  85. option (google.api.http) = {
  86. post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:activate"
  87. body: "*"
  88. };
  89. option (google.api.method_signature) = "name";
  90. option (google.longrunning.operation_info) = {
  91. response_type: "CertificateAuthority"
  92. metadata_type: "OperationMetadata"
  93. };
  94. }
  95. // Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
  96. rpc CreateCertificateAuthority(CreateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  97. option (google.api.http) = {
  98. post: "/v1/{parent=projects/*/locations/*/caPools/*}/certificateAuthorities"
  99. body: "certificate_authority"
  100. };
  101. option (google.api.method_signature) = "parent,certificate_authority,certificate_authority_id";
  102. option (google.longrunning.operation_info) = {
  103. response_type: "CertificateAuthority"
  104. metadata_type: "OperationMetadata"
  105. };
  106. }
  107. // Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  108. rpc DisableCertificateAuthority(DisableCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  109. option (google.api.http) = {
  110. post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:disable"
  111. body: "*"
  112. };
  113. option (google.api.method_signature) = "name";
  114. option (google.longrunning.operation_info) = {
  115. response_type: "CertificateAuthority"
  116. metadata_type: "OperationMetadata"
  117. };
  118. }
  119. // Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  120. rpc EnableCertificateAuthority(EnableCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  121. option (google.api.http) = {
  122. post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:enable"
  123. body: "*"
  124. };
  125. option (google.api.method_signature) = "name";
  126. option (google.longrunning.operation_info) = {
  127. response_type: "CertificateAuthority"
  128. metadata_type: "OperationMetadata"
  129. };
  130. }
  131. // Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
  132. // that is in state
  133. // [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
  134. // and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
  135. // CSR must then be signed by the desired parent Certificate Authority, which
  136. // could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
  137. // certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
  138. rpc FetchCertificateAuthorityCsr(FetchCertificateAuthorityCsrRequest) returns (FetchCertificateAuthorityCsrResponse) {
  139. option (google.api.http) = {
  140. get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:fetch"
  141. };
  142. option (google.api.method_signature) = "name";
  143. }
  144. // Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  145. rpc GetCertificateAuthority(GetCertificateAuthorityRequest) returns (CertificateAuthority) {
  146. option (google.api.http) = {
  147. get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}"
  148. };
  149. option (google.api.method_signature) = "name";
  150. }
  151. // Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
  152. rpc ListCertificateAuthorities(ListCertificateAuthoritiesRequest) returns (ListCertificateAuthoritiesResponse) {
  153. option (google.api.http) = {
  154. get: "/v1/{parent=projects/*/locations/*/caPools/*}/certificateAuthorities"
  155. };
  156. option (google.api.method_signature) = "parent";
  157. }
  158. // Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
  159. rpc UndeleteCertificateAuthority(UndeleteCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  160. option (google.api.http) = {
  161. post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:undelete"
  162. body: "*"
  163. };
  164. option (google.api.method_signature) = "name";
  165. option (google.longrunning.operation_info) = {
  166. response_type: "CertificateAuthority"
  167. metadata_type: "OperationMetadata"
  168. };
  169. }
  170. // Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  171. rpc DeleteCertificateAuthority(DeleteCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  172. option (google.api.http) = {
  173. delete: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}"
  174. };
  175. option (google.api.method_signature) = "name";
  176. option (google.longrunning.operation_info) = {
  177. response_type: "CertificateAuthority"
  178. metadata_type: "OperationMetadata"
  179. };
  180. }
  181. // Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  182. rpc UpdateCertificateAuthority(UpdateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  183. option (google.api.http) = {
  184. patch: "/v1/{certificate_authority.name=projects/*/locations/*/caPools/*/certificateAuthorities/*}"
  185. body: "certificate_authority"
  186. };
  187. option (google.api.method_signature) = "certificate_authority,update_mask";
  188. option (google.longrunning.operation_info) = {
  189. response_type: "CertificateAuthority"
  190. metadata_type: "OperationMetadata"
  191. };
  192. }
  193. // Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
  194. rpc CreateCaPool(CreateCaPoolRequest) returns (google.longrunning.Operation) {
  195. option (google.api.http) = {
  196. post: "/v1/{parent=projects/*/locations/*}/caPools"
  197. body: "ca_pool"
  198. };
  199. option (google.api.method_signature) = "parent,ca_pool,ca_pool_id";
  200. option (google.longrunning.operation_info) = {
  201. response_type: "CaPool"
  202. metadata_type: "OperationMetadata"
  203. };
  204. }
  205. // Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
  206. rpc UpdateCaPool(UpdateCaPoolRequest) returns (google.longrunning.Operation) {
  207. option (google.api.http) = {
  208. patch: "/v1/{ca_pool.name=projects/*/locations/*/caPools/*}"
  209. body: "ca_pool"
  210. };
  211. option (google.api.method_signature) = "ca_pool,update_mask";
  212. option (google.longrunning.operation_info) = {
  213. response_type: "CaPool"
  214. metadata_type: "OperationMetadata"
  215. };
  216. }
  217. // Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
  218. rpc GetCaPool(GetCaPoolRequest) returns (CaPool) {
  219. option (google.api.http) = {
  220. get: "/v1/{name=projects/*/locations/*/caPools/*}"
  221. };
  222. option (google.api.method_signature) = "name";
  223. }
  224. // Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
  225. rpc ListCaPools(ListCaPoolsRequest) returns (ListCaPoolsResponse) {
  226. option (google.api.http) = {
  227. get: "/v1/{parent=projects/*/locations/*}/caPools"
  228. };
  229. option (google.api.method_signature) = "parent";
  230. }
  231. // Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
  232. rpc DeleteCaPool(DeleteCaPoolRequest) returns (google.longrunning.Operation) {
  233. option (google.api.http) = {
  234. delete: "/v1/{name=projects/*/locations/*/caPools/*}"
  235. };
  236. option (google.api.method_signature) = "name";
  237. option (google.longrunning.operation_info) = {
  238. response_type: "google.protobuf.Empty"
  239. metadata_type: "OperationMetadata"
  240. };
  241. }
  242. // FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
  243. // include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
  244. // resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
  245. rpc FetchCaCerts(FetchCaCertsRequest) returns (FetchCaCertsResponse) {
  246. option (google.api.http) = {
  247. post: "/v1/{ca_pool=projects/*/locations/*/caPools/*}:fetchCaCerts"
  248. body: "*"
  249. };
  250. option (google.api.method_signature) = "ca_pool";
  251. }
  252. // Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
  253. rpc GetCertificateRevocationList(GetCertificateRevocationListRequest) returns (CertificateRevocationList) {
  254. option (google.api.http) = {
  255. get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*/certificateRevocationLists/*}"
  256. };
  257. option (google.api.method_signature) = "name";
  258. }
  259. // Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
  260. rpc ListCertificateRevocationLists(ListCertificateRevocationListsRequest) returns (ListCertificateRevocationListsResponse) {
  261. option (google.api.http) = {
  262. get: "/v1/{parent=projects/*/locations/*/caPools/*/certificateAuthorities/*}/certificateRevocationLists"
  263. };
  264. option (google.api.method_signature) = "parent";
  265. }
  266. // Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
  267. rpc UpdateCertificateRevocationList(UpdateCertificateRevocationListRequest) returns (google.longrunning.Operation) {
  268. option (google.api.http) = {
  269. patch: "/v1/{certificate_revocation_list.name=projects/*/locations/*/caPools/*/certificateAuthorities/*/certificateRevocationLists/*}"
  270. body: "certificate_revocation_list"
  271. };
  272. option (google.api.method_signature) = "certificate_revocation_list,update_mask";
  273. option (google.longrunning.operation_info) = {
  274. response_type: "CertificateRevocationList"
  275. metadata_type: "OperationMetadata"
  276. };
  277. }
  278. // Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
  279. rpc CreateCertificateTemplate(CreateCertificateTemplateRequest) returns (google.longrunning.Operation) {
  280. option (google.api.http) = {
  281. post: "/v1/{parent=projects/*/locations/*}/certificateTemplates"
  282. body: "certificate_template"
  283. };
  284. option (google.api.method_signature) = "parent,certificate_template,certificate_template_id";
  285. option (google.longrunning.operation_info) = {
  286. response_type: "CertificateTemplate"
  287. metadata_type: "OperationMetadata"
  288. };
  289. }
  290. // DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
  291. rpc DeleteCertificateTemplate(DeleteCertificateTemplateRequest) returns (google.longrunning.Operation) {
  292. option (google.api.http) = {
  293. delete: "/v1/{name=projects/*/locations/*/certificateTemplates/*}"
  294. };
  295. option (google.api.method_signature) = "name";
  296. option (google.longrunning.operation_info) = {
  297. response_type: "google.protobuf.Empty"
  298. metadata_type: "google.cloud.security.privateca.v1.OperationMetadata"
  299. };
  300. }
  301. // Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
  302. rpc GetCertificateTemplate(GetCertificateTemplateRequest) returns (CertificateTemplate) {
  303. option (google.api.http) = {
  304. get: "/v1/{name=projects/*/locations/*/certificateTemplates/*}"
  305. };
  306. option (google.api.method_signature) = "name";
  307. }
  308. // Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
  309. rpc ListCertificateTemplates(ListCertificateTemplatesRequest) returns (ListCertificateTemplatesResponse) {
  310. option (google.api.http) = {
  311. get: "/v1/{parent=projects/*/locations/*}/certificateTemplates"
  312. };
  313. option (google.api.method_signature) = "parent";
  314. }
  315. // Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
  316. rpc UpdateCertificateTemplate(UpdateCertificateTemplateRequest) returns (google.longrunning.Operation) {
  317. option (google.api.http) = {
  318. patch: "/v1/{certificate_template.name=projects/*/locations/*/certificateTemplates/*}"
  319. body: "certificate_template"
  320. };
  321. option (google.api.method_signature) = "certificate_template,update_mask";
  322. option (google.longrunning.operation_info) = {
  323. response_type: "CertificateTemplate"
  324. metadata_type: "OperationMetadata"
  325. };
  326. }
  327. }
  328. // Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
  329. message CreateCertificateRequest {
  330. // Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
  331. // in the format `projects/*/locations/*/caPools/*`.
  332. string parent = 1 [
  333. (google.api.field_behavior) = REQUIRED,
  334. (google.api.resource_reference) = {
  335. type: "privateca.googleapis.com/CaPool"
  336. }
  337. ];
  338. // Optional. It must be unique within a location and match the regular
  339. // expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
  340. // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
  341. // but is optional and its value is ignored otherwise.
  342. string certificate_id = 2 [(google.api.field_behavior) = OPTIONAL];
  343. // Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
  344. Certificate certificate = 3 [(google.api.field_behavior) = REQUIRED];
  345. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  346. // retry your request, the server will know to ignore the request if it has
  347. // already been completed. The server will guarantee that for at least 60
  348. // minutes since the first request.
  349. //
  350. // For example, consider a situation where you make an initial request and t
  351. // he request times out. If you make the request again with the same request
  352. // ID, the server can check if original operation with the same request ID
  353. // was received, and if so, will ignore the second request. This prevents
  354. // clients from accidentally creating duplicate commitments.
  355. //
  356. // The request ID must be a valid UUID with the exception that zero UUID is
  357. // not supported (00000000-0000-0000-0000-000000000000).
  358. string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
  359. // Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
  360. // of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
  361. // will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
  362. bool validate_only = 5 [(google.api.field_behavior) = OPTIONAL];
  363. // Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
  364. // certificate. This optional field will ignore the load-balancing scheme of
  365. // the Pool and directly issue the certificate from the CA with the specified
  366. // ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
  367. // rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
  368. // the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
  369. // a Certificate Authority with resource name
  370. // "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
  371. // you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
  372. // "projects/my-project/locations/us-central1/caPools/my-pool" and the
  373. // [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
  374. string issuing_certificate_authority_id = 6 [(google.api.field_behavior) = OPTIONAL];
  375. }
  376. // Request message for
  377. // [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate].
  378. message GetCertificateRequest {
  379. // Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
  380. string name = 1 [
  381. (google.api.field_behavior) = REQUIRED,
  382. (google.api.resource_reference) = {
  383. type: "privateca.googleapis.com/Certificate"
  384. }
  385. ];
  386. }
  387. // Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
  388. message ListCertificatesRequest {
  389. // Required. The resource name of the location associated with the
  390. // [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
  391. // `projects/*/locations/*/caPools/*`.
  392. string parent = 1 [
  393. (google.api.field_behavior) = REQUIRED,
  394. (google.api.resource_reference) = {
  395. type: "privateca.googleapis.com/CaPool"
  396. }
  397. ];
  398. // Optional. Limit on the number of
  399. // [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
  400. // response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
  401. // by including the
  402. // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
  403. // request. If unspecified, the server will pick an appropriate default.
  404. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
  405. // Optional. Pagination token, returned earlier via
  406. // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
  407. string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
  408. // Optional. Only include resources that match the filter in the response. For details
  409. // on supported filters and syntax, see [Certificates Filtering
  410. // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
  411. string filter = 4 [(google.api.field_behavior) = OPTIONAL];
  412. // Optional. Specify how the results should be sorted. For details on supported fields
  413. // and syntax, see [Certificates Sorting
  414. // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
  415. string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
  416. }
  417. // Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
  418. message ListCertificatesResponse {
  419. // The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
  420. repeated Certificate certificates = 1;
  421. // A token to retrieve next page of results. Pass this value in
  422. // [ListCertificatesRequest.next_page_token][] to retrieve the
  423. // next page of results.
  424. string next_page_token = 2;
  425. // A list of locations (e.g. "us-west1") that could not be reached.
  426. repeated string unreachable = 3;
  427. }
  428. // Request message for
  429. // [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.RevokeCertificate].
  430. message RevokeCertificateRequest {
  431. // Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
  432. // format
  433. // `projects/*/locations/*/caPools/*/certificates/*`.
  434. string name = 1 [
  435. (google.api.field_behavior) = REQUIRED,
  436. (google.api.resource_reference) = {
  437. type: "privateca.googleapis.com/Certificate"
  438. }
  439. ];
  440. // Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
  441. RevocationReason reason = 2 [(google.api.field_behavior) = REQUIRED];
  442. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  443. // retry your request, the server will know to ignore the request if it has
  444. // already been completed. The server will guarantee that for at least 60
  445. // minutes since the first request.
  446. //
  447. // For example, consider a situation where you make an initial request and t
  448. // he request times out. If you make the request again with the same request
  449. // ID, the server can check if original operation with the same request ID
  450. // was received, and if so, will ignore the second request. This prevents
  451. // clients from accidentally creating duplicate commitments.
  452. //
  453. // The request ID must be a valid UUID with the exception that zero UUID is
  454. // not supported (00000000-0000-0000-0000-000000000000).
  455. string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
  456. }
  457. // Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
  458. message UpdateCertificateRequest {
  459. // Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
  460. Certificate certificate = 1 [(google.api.field_behavior) = REQUIRED];
  461. // Required. A list of fields to be updated in this request.
  462. google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
  463. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  464. // retry your request, the server will know to ignore the request if it has
  465. // already been completed. The server will guarantee that for at least 60
  466. // minutes since the first request.
  467. //
  468. // For example, consider a situation where you make an initial request and t
  469. // he request times out. If you make the request again with the same request
  470. // ID, the server can check if original operation with the same request ID
  471. // was received, and if so, will ignore the second request. This prevents
  472. // clients from accidentally creating duplicate commitments.
  473. //
  474. // The request ID must be a valid UUID with the exception that zero UUID is
  475. // not supported (00000000-0000-0000-0000-000000000000).
  476. string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
  477. }
  478. // Request message for
  479. // [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
  480. message ActivateCertificateAuthorityRequest {
  481. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
  482. // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
  483. string name = 1 [
  484. (google.api.field_behavior) = REQUIRED,
  485. (google.api.resource_reference) = {
  486. type: "privateca.googleapis.com/CertificateAuthority"
  487. }
  488. ];
  489. // Required. The signed CA certificate issued from
  490. // [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
  491. string pem_ca_certificate = 2 [(google.api.field_behavior) = REQUIRED];
  492. // Required. Must include information about the issuer of 'pem_ca_certificate', and any
  493. // further issuers until the self-signed CA.
  494. SubordinateConfig subordinate_config = 3 [(google.api.field_behavior) = REQUIRED];
  495. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  496. // retry your request, the server will know to ignore the request if it has
  497. // already been completed. The server will guarantee that for at least 60
  498. // minutes since the first request.
  499. //
  500. // For example, consider a situation where you make an initial request and t
  501. // he request times out. If you make the request again with the same request
  502. // ID, the server can check if original operation with the same request ID
  503. // was received, and if so, will ignore the second request. This prevents
  504. // clients from accidentally creating duplicate commitments.
  505. //
  506. // The request ID must be a valid UUID with the exception that zero UUID is
  507. // not supported (00000000-0000-0000-0000-000000000000).
  508. string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
  509. }
  510. // Request message for
  511. // [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority].
  512. message CreateCertificateAuthorityRequest {
  513. // Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
  514. // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
  515. // `projects/*/locations/*/caPools/*`.
  516. string parent = 1 [
  517. (google.api.field_behavior) = REQUIRED,
  518. (google.api.resource_reference) = {
  519. type: "privateca.googleapis.com/CaPool"
  520. }
  521. ];
  522. // Required. It must be unique within a location and match the regular
  523. // expression `[a-zA-Z0-9_-]{1,63}`
  524. string certificate_authority_id = 2 [(google.api.field_behavior) = REQUIRED];
  525. // Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
  526. CertificateAuthority certificate_authority = 3 [(google.api.field_behavior) = REQUIRED];
  527. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  528. // retry your request, the server will know to ignore the request if it has
  529. // already been completed. The server will guarantee that for at least 60
  530. // minutes since the first request.
  531. //
  532. // For example, consider a situation where you make an initial request and t
  533. // he request times out. If you make the request again with the same request
  534. // ID, the server can check if original operation with the same request ID
  535. // was received, and if so, will ignore the second request. This prevents
  536. // clients from accidentally creating duplicate commitments.
  537. //
  538. // The request ID must be a valid UUID with the exception that zero UUID is
  539. // not supported (00000000-0000-0000-0000-000000000000).
  540. string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
  541. }
  542. // Request message for
  543. // [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority].
  544. message DisableCertificateAuthorityRequest {
  545. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
  546. // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
  547. string name = 1 [
  548. (google.api.field_behavior) = REQUIRED,
  549. (google.api.resource_reference) = {
  550. type: "privateca.googleapis.com/CertificateAuthority"
  551. }
  552. ];
  553. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  554. // retry your request, the server will know to ignore the request if it has
  555. // already been completed. The server will guarantee that for at least 60
  556. // minutes since the first request.
  557. //
  558. // For example, consider a situation where you make an initial request and t
  559. // he request times out. If you make the request again with the same request
  560. // ID, the server can check if original operation with the same request ID
  561. // was received, and if so, will ignore the second request. This prevents
  562. // clients from accidentally creating duplicate commitments.
  563. //
  564. // The request ID must be a valid UUID with the exception that zero UUID is
  565. // not supported (00000000-0000-0000-0000-000000000000).
  566. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  567. }
  568. // Request message for
  569. // [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority].
  570. message EnableCertificateAuthorityRequest {
  571. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
  572. // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
  573. string name = 1 [
  574. (google.api.field_behavior) = REQUIRED,
  575. (google.api.resource_reference) = {
  576. type: "privateca.googleapis.com/CertificateAuthority"
  577. }
  578. ];
  579. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  580. // retry your request, the server will know to ignore the request if it has
  581. // already been completed. The server will guarantee that for at least 60
  582. // minutes since the first request.
  583. //
  584. // For example, consider a situation where you make an initial request and t
  585. // he request times out. If you make the request again with the same request
  586. // ID, the server can check if original operation with the same request ID
  587. // was received, and if so, will ignore the second request. This prevents
  588. // clients from accidentally creating duplicate commitments.
  589. //
  590. // The request ID must be a valid UUID with the exception that zero UUID is
  591. // not supported (00000000-0000-0000-0000-000000000000).
  592. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  593. }
  594. // Request message for
  595. // [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
  596. message FetchCertificateAuthorityCsrRequest {
  597. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
  598. // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
  599. string name = 1 [
  600. (google.api.field_behavior) = REQUIRED,
  601. (google.api.resource_reference) = {
  602. type: "privateca.googleapis.com/CertificateAuthority"
  603. }
  604. ];
  605. }
  606. // Response message for
  607. // [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
  608. message FetchCertificateAuthorityCsrResponse {
  609. // Output only. The PEM-encoded signed certificate signing request (CSR).
  610. string pem_csr = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  611. }
  612. // Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
  613. message GetCertificateAuthorityRequest {
  614. // Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
  615. // get.
  616. string name = 1 [
  617. (google.api.field_behavior) = REQUIRED,
  618. (google.api.resource_reference) = {
  619. type: "privateca.googleapis.com/CertificateAuthority"
  620. }
  621. ];
  622. }
  623. // Request message for
  624. // [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
  625. message ListCertificateAuthoritiesRequest {
  626. // Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
  627. // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
  628. // `projects/*/locations/*/caPools/*`.
  629. string parent = 1 [
  630. (google.api.field_behavior) = REQUIRED,
  631. (google.api.resource_reference) = {
  632. type: "privateca.googleapis.com/CaPool"
  633. }
  634. ];
  635. // Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
  636. // include in the response.
  637. // Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
  638. // obtained by including the
  639. // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
  640. // request. If unspecified, the server will pick an appropriate default.
  641. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
  642. // Optional. Pagination token, returned earlier via
  643. // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
  644. string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
  645. // Optional. Only include resources that match the filter in the response.
  646. string filter = 4 [(google.api.field_behavior) = OPTIONAL];
  647. // Optional. Specify how the results should be sorted.
  648. string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
  649. }
  650. // Response message for
  651. // [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
  652. message ListCertificateAuthoritiesResponse {
  653. // The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
  654. repeated CertificateAuthority certificate_authorities = 1;
  655. // A token to retrieve next page of results. Pass this value in
  656. // [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
  657. // page of results.
  658. string next_page_token = 2;
  659. // A list of locations (e.g. "us-west1") that could not be reached.
  660. repeated string unreachable = 3;
  661. }
  662. // Request message for
  663. // [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority].
  664. message UndeleteCertificateAuthorityRequest {
  665. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
  666. // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
  667. string name = 1 [
  668. (google.api.field_behavior) = REQUIRED,
  669. (google.api.resource_reference) = {
  670. type: "privateca.googleapis.com/CertificateAuthority"
  671. }
  672. ];
  673. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  674. // retry your request, the server will know to ignore the request if it has
  675. // already been completed. The server will guarantee that for at least 60
  676. // minutes since the first request.
  677. //
  678. // For example, consider a situation where you make an initial request and t
  679. // he request times out. If you make the request again with the same request
  680. // ID, the server can check if original operation with the same request ID
  681. // was received, and if so, will ignore the second request. This prevents
  682. // clients from accidentally creating duplicate commitments.
  683. //
  684. // The request ID must be a valid UUID with the exception that zero UUID is
  685. // not supported (00000000-0000-0000-0000-000000000000).
  686. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  687. }
  688. // Request message for
  689. // [CertificateAuthorityService.DeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority].
  690. message DeleteCertificateAuthorityRequest {
  691. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
  692. // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
  693. string name = 1 [
  694. (google.api.field_behavior) = REQUIRED,
  695. (google.api.resource_reference) = {
  696. type: "privateca.googleapis.com/CertificateAuthority"
  697. }
  698. ];
  699. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  700. // retry your request, the server will know to ignore the request if it has
  701. // already been completed. The server will guarantee that for at least 60
  702. // minutes since the first request.
  703. //
  704. // For example, consider a situation where you make an initial request and t
  705. // he request times out. If you make the request again with the same request
  706. // ID, the server can check if original operation with the same request ID
  707. // was received, and if so, will ignore the second request. This prevents
  708. // clients from accidentally creating duplicate commitments.
  709. //
  710. // The request ID must be a valid UUID with the exception that zero UUID is
  711. // not supported (00000000-0000-0000-0000-000000000000).
  712. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  713. // Optional. This field allows the CA to be deleted even if the CA has
  714. // active certs. Active certs include both unrevoked and unexpired certs.
  715. bool ignore_active_certificates = 4 [(google.api.field_behavior) = OPTIONAL];
  716. }
  717. // Request message for
  718. // [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateAuthority].
  719. message UpdateCertificateAuthorityRequest {
  720. // Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
  721. CertificateAuthority certificate_authority = 1 [(google.api.field_behavior) = REQUIRED];
  722. // Required. A list of fields to be updated in this request.
  723. google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
  724. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  725. // retry your request, the server will know to ignore the request if it has
  726. // already been completed. The server will guarantee that for at least 60
  727. // minutes since the first request.
  728. //
  729. // For example, consider a situation where you make an initial request and t
  730. // he request times out. If you make the request again with the same request
  731. // ID, the server can check if original operation with the same request ID
  732. // was received, and if so, will ignore the second request. This prevents
  733. // clients from accidentally creating duplicate commitments.
  734. //
  735. // The request ID must be a valid UUID with the exception that zero UUID is
  736. // not supported (00000000-0000-0000-0000-000000000000).
  737. string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
  738. }
  739. // Request message for
  740. // [CertificateAuthorityService.CreateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool].
  741. message CreateCaPoolRequest {
  742. // Required. The resource name of the location associated with the
  743. // [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
  744. string parent = 1 [
  745. (google.api.field_behavior) = REQUIRED,
  746. (google.api.resource_reference) = {
  747. type: "locations.googleapis.com/Location"
  748. }
  749. ];
  750. // Required. It must be unique within a location and match the regular
  751. // expression `[a-zA-Z0-9_-]{1,63}`
  752. string ca_pool_id = 2 [(google.api.field_behavior) = REQUIRED];
  753. // Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
  754. CaPool ca_pool = 3 [(google.api.field_behavior) = REQUIRED];
  755. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  756. // retry your request, the server will know to ignore the request if it has
  757. // already been completed. The server will guarantee that for at least 60
  758. // minutes since the first request.
  759. //
  760. // For example, consider a situation where you make an initial request and t
  761. // he request times out. If you make the request again with the same request
  762. // ID, the server can check if original operation with the same request ID
  763. // was received, and if so, will ignore the second request. This prevents
  764. // clients from accidentally creating duplicate commitments.
  765. //
  766. // The request ID must be a valid UUID with the exception that zero UUID is
  767. // not supported (00000000-0000-0000-0000-000000000000).
  768. string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
  769. }
  770. // Request message for
  771. // [CertificateAuthorityService.UpdateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCaPool].
  772. message UpdateCaPoolRequest {
  773. // Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
  774. CaPool ca_pool = 1 [(google.api.field_behavior) = REQUIRED];
  775. // Required. A list of fields to be updated in this request.
  776. google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
  777. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  778. // retry your request, the server will know to ignore the request if it has
  779. // already been completed. The server will guarantee that for at least 60
  780. // minutes since the first request.
  781. //
  782. // For example, consider a situation where you make an initial request and t
  783. // he request times out. If you make the request again with the same request
  784. // ID, the server can check if original operation with the same request ID
  785. // was received, and if so, will ignore the second request. This prevents
  786. // clients from accidentally creating duplicate commitments.
  787. //
  788. // The request ID must be a valid UUID with the exception that zero UUID is
  789. // not supported (00000000-0000-0000-0000-000000000000).
  790. string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
  791. }
  792. // Request message for
  793. // [CertificateAuthorityService.DeleteCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool].
  794. message DeleteCaPoolRequest {
  795. // Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
  796. // format `projects/*/locations/*/caPools/*`.
  797. string name = 1 [
  798. (google.api.field_behavior) = REQUIRED,
  799. (google.api.resource_reference) = {
  800. type: "privateca.googleapis.com/CaPool"
  801. }
  802. ];
  803. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  804. // retry your request, the server will know to ignore the request if it has
  805. // already been completed. The server will guarantee that for at least 60
  806. // minutes since the first request.
  807. //
  808. // For example, consider a situation where you make an initial request and t
  809. // he request times out. If you make the request again with the same request
  810. // ID, the server can check if original operation with the same request ID
  811. // was received, and if so, will ignore the second request. This prevents
  812. // clients from accidentally creating duplicate commitments.
  813. //
  814. // The request ID must be a valid UUID with the exception that zero UUID is
  815. // not supported (00000000-0000-0000-0000-000000000000).
  816. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  817. }
  818. // Request message for
  819. // [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
  820. message FetchCaCertsRequest {
  821. // Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
  822. // format `projects/*/locations/*/caPools/*`.
  823. string ca_pool = 1 [
  824. (google.api.field_behavior) = REQUIRED,
  825. (google.api.resource_reference) = {
  826. type: "privateca.googleapis.com/CaPool"
  827. }
  828. ];
  829. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  830. // retry your request, the server will know to ignore the request if it has
  831. // already been completed. The server will guarantee that for at least 60
  832. // minutes since the first request.
  833. //
  834. // For example, consider a situation where you make an initial request and t
  835. // he request times out. If you make the request again with the same request
  836. // ID, the server can check if original operation with the same request ID
  837. // was received, and if so, will ignore the second request. This prevents
  838. // clients from accidentally creating duplicate commitments.
  839. //
  840. // The request ID must be a valid UUID with the exception that zero UUID is
  841. // not supported (00000000-0000-0000-0000-000000000000).
  842. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  843. }
  844. // Response message for
  845. // [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
  846. message FetchCaCertsResponse {
  847. message CertChain {
  848. // The certificates that form the CA chain, from leaf to root order.
  849. repeated string certificates = 1;
  850. }
  851. // The PEM encoded CA certificate chains of all
  852. // [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
  853. // resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
  854. repeated CertChain ca_certs = 1;
  855. }
  856. // Request message for [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
  857. message GetCaPoolRequest {
  858. // Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
  859. string name = 1 [
  860. (google.api.field_behavior) = REQUIRED,
  861. (google.api.resource_reference) = {
  862. type: "privateca.googleapis.com/CaPool"
  863. }
  864. ];
  865. }
  866. // Request message for
  867. // [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
  868. message ListCaPoolsRequest {
  869. // Required. The resource name of the location associated with the
  870. // [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
  871. // `projects/*/locations/*`.
  872. string parent = 1 [
  873. (google.api.field_behavior) = REQUIRED,
  874. (google.api.resource_reference) = {
  875. type: "locations.googleapis.com/Location"
  876. }
  877. ];
  878. // Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
  879. // include in the response.
  880. // Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
  881. // obtained by including the
  882. // [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
  883. // request. If unspecified, the server will pick an appropriate default.
  884. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
  885. // Optional. Pagination token, returned earlier via
  886. // [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
  887. string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
  888. // Optional. Only include resources that match the filter in the response.
  889. string filter = 4 [(google.api.field_behavior) = OPTIONAL];
  890. // Optional. Specify how the results should be sorted.
  891. string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
  892. }
  893. // Response message for
  894. // [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
  895. message ListCaPoolsResponse {
  896. // The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
  897. repeated CaPool ca_pools = 1;
  898. // A token to retrieve next page of results. Pass this value in
  899. // [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
  900. // page of results.
  901. string next_page_token = 2;
  902. // A list of locations (e.g. "us-west1") that could not be reached.
  903. repeated string unreachable = 3;
  904. }
  905. // Request message for
  906. // [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList].
  907. message GetCertificateRevocationListRequest {
  908. // Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
  909. // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
  910. string name = 1 [
  911. (google.api.field_behavior) = REQUIRED,
  912. (google.api.resource_reference) = {
  913. type: "privateca.googleapis.com/CertificateRevocationList"
  914. }
  915. ];
  916. }
  917. // Request message for
  918. // [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
  919. message ListCertificateRevocationListsRequest {
  920. // Required. The resource name of the location associated with the
  921. // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
  922. // `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
  923. string parent = 1 [
  924. (google.api.field_behavior) = REQUIRED,
  925. (google.api.resource_reference) = {
  926. type: "privateca.googleapis.com/CertificateAuthority"
  927. }
  928. ];
  929. // Optional. Limit on the number of
  930. // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
  931. // response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
  932. // can subsequently be obtained by including the
  933. // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
  934. // request. If unspecified, the server will pick an appropriate default.
  935. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
  936. // Optional. Pagination token, returned earlier via
  937. // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
  938. string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
  939. // Optional. Only include resources that match the filter in the response.
  940. string filter = 4 [(google.api.field_behavior) = OPTIONAL];
  941. // Optional. Specify how the results should be sorted.
  942. string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
  943. }
  944. // Response message for
  945. // [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
  946. message ListCertificateRevocationListsResponse {
  947. // The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
  948. repeated CertificateRevocationList certificate_revocation_lists = 1;
  949. // A token to retrieve next page of results. Pass this value in
  950. // [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
  951. // next page of results.
  952. string next_page_token = 2;
  953. // A list of locations (e.g. "us-west1") that could not be reached.
  954. repeated string unreachable = 3;
  955. }
  956. // Request message for
  957. // [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateRevocationList].
  958. message UpdateCertificateRevocationListRequest {
  959. // Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
  960. CertificateRevocationList certificate_revocation_list = 1 [(google.api.field_behavior) = REQUIRED];
  961. // Required. A list of fields to be updated in this request.
  962. google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
  963. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  964. // retry your request, the server will know to ignore the request if it has
  965. // already been completed. The server will guarantee that for at least 60
  966. // minutes since the first request.
  967. //
  968. // For example, consider a situation where you make an initial request and t
  969. // he request times out. If you make the request again with the same request
  970. // ID, the server can check if original operation with the same request ID
  971. // was received, and if so, will ignore the second request. This prevents
  972. // clients from accidentally creating duplicate commitments.
  973. //
  974. // The request ID must be a valid UUID with the exception that zero UUID is
  975. // not supported (00000000-0000-0000-0000-000000000000).
  976. string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
  977. }
  978. // Request message for
  979. // [CertificateAuthorityService.CreateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate].
  980. message CreateCertificateTemplateRequest {
  981. // Required. The resource name of the location associated with the
  982. // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
  983. // `projects/*/locations/*`.
  984. string parent = 1 [
  985. (google.api.field_behavior) = REQUIRED,
  986. (google.api.resource_reference) = {
  987. type: "locations.googleapis.com/Location"
  988. }
  989. ];
  990. // Required. It must be unique within a location and match the regular
  991. // expression `[a-zA-Z0-9_-]{1,63}`
  992. string certificate_template_id = 2 [(google.api.field_behavior) = REQUIRED];
  993. // Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
  994. CertificateTemplate certificate_template = 3 [(google.api.field_behavior) = REQUIRED];
  995. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  996. // retry your request, the server will know to ignore the request if it has
  997. // already been completed. The server will guarantee that for at least 60
  998. // minutes since the first request.
  999. //
  1000. // For example, consider a situation where you make an initial request and t
  1001. // he request times out. If you make the request again with the same request
  1002. // ID, the server can check if original operation with the same request ID
  1003. // was received, and if so, will ignore the second request. This prevents
  1004. // clients from accidentally creating duplicate commitments.
  1005. //
  1006. // The request ID must be a valid UUID with the exception that zero UUID is
  1007. // not supported (00000000-0000-0000-0000-000000000000).
  1008. string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
  1009. }
  1010. // Request message for
  1011. // [CertificateAuthorityService.DeleteCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate].
  1012. message DeleteCertificateTemplateRequest {
  1013. // Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
  1014. // `projects/*/locations/*/certificateTemplates/*`.
  1015. string name = 1 [
  1016. (google.api.field_behavior) = REQUIRED,
  1017. (google.api.resource_reference) = {
  1018. type: "privateca.googleapis.com/CertificateTemplate"
  1019. }
  1020. ];
  1021. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  1022. // retry your request, the server will know to ignore the request if it has
  1023. // already been completed. The server will guarantee that for at least 60
  1024. // minutes since the first request.
  1025. //
  1026. // For example, consider a situation where you make an initial request and t
  1027. // he request times out. If you make the request again with the same request
  1028. // ID, the server can check if original operation with the same request ID
  1029. // was received, and if so, will ignore the second request. This prevents
  1030. // clients from accidentally creating duplicate commitments.
  1031. //
  1032. // The request ID must be a valid UUID with the exception that zero UUID is
  1033. // not supported (00000000-0000-0000-0000-000000000000).
  1034. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  1035. }
  1036. // Request message for
  1037. // [CertificateAuthorityService.GetCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate].
  1038. message GetCertificateTemplateRequest {
  1039. // Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
  1040. // get.
  1041. string name = 1 [
  1042. (google.api.field_behavior) = REQUIRED,
  1043. (google.api.resource_reference) = {
  1044. type: "privateca.googleapis.com/CertificateTemplate"
  1045. }
  1046. ];
  1047. }
  1048. // Request message for
  1049. // [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
  1050. message ListCertificateTemplatesRequest {
  1051. // Required. The resource name of the location associated with the
  1052. // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
  1053. // `projects/*/locations/*`.
  1054. string parent = 1 [
  1055. (google.api.field_behavior) = REQUIRED,
  1056. (google.api.resource_reference) = {
  1057. type: "locations.googleapis.com/Location"
  1058. }
  1059. ];
  1060. // Optional. Limit on the number of
  1061. // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
  1062. // Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
  1063. // obtained by including the
  1064. // [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
  1065. // request. If unspecified, the server will pick an appropriate default.
  1066. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
  1067. // Optional. Pagination token, returned earlier via
  1068. // [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
  1069. string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
  1070. // Optional. Only include resources that match the filter in the response.
  1071. string filter = 4 [(google.api.field_behavior) = OPTIONAL];
  1072. // Optional. Specify how the results should be sorted.
  1073. string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
  1074. }
  1075. // Response message for
  1076. // [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
  1077. message ListCertificateTemplatesResponse {
  1078. // The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
  1079. repeated CertificateTemplate certificate_templates = 1;
  1080. // A token to retrieve next page of results. Pass this value in
  1081. // [ListCertificateTemplatesRequest.next_page_token][] to retrieve
  1082. // the next page of results.
  1083. string next_page_token = 2;
  1084. // A list of locations (e.g. "us-west1") that could not be reached.
  1085. repeated string unreachable = 3;
  1086. }
  1087. // Request message for
  1088. // [CertificateAuthorityService.UpdateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateTemplate].
  1089. message UpdateCertificateTemplateRequest {
  1090. // Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
  1091. CertificateTemplate certificate_template = 1 [(google.api.field_behavior) = REQUIRED];
  1092. // Required. A list of fields to be updated in this request.
  1093. google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
  1094. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  1095. // retry your request, the server will know to ignore the request if it has
  1096. // already been completed. The server will guarantee that for at least 60
  1097. // minutes since the first request.
  1098. //
  1099. // For example, consider a situation where you make an initial request and t
  1100. // he request times out. If you make the request again with the same request
  1101. // ID, the server can check if original operation with the same request ID
  1102. // was received, and if so, will ignore the second request. This prevents
  1103. // clients from accidentally creating duplicate commitments.
  1104. //
  1105. // The request ID must be a valid UUID with the exception that zero UUID is
  1106. // not supported (00000000-0000-0000-0000-000000000000).
  1107. string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
  1108. }
  1109. // Represents the metadata of the long-running operation.
  1110. message OperationMetadata {
  1111. // Output only. The time the operation was created.
  1112. google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  1113. // Output only. The time the operation finished running.
  1114. google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
  1115. // Output only. Server-defined resource path for the target of the operation.
  1116. string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  1117. // Output only. Name of the verb executed by the operation.
  1118. string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
  1119. // Output only. Human-readable status of the operation, if any.
  1120. string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
  1121. // Output only. Identifies whether the user has requested cancellation
  1122. // of the operation. Operations that have successfully been cancelled
  1123. // have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
  1124. // corresponding to `Code.CANCELLED`.
  1125. bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
  1126. // Output only. API version used to start the operation.
  1127. string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
  1128. }