service.proto 44 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871
  1. // Copyright 2020 Google LLC
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. syntax = "proto3";
  15. package google.cloud.security.privateca.v1beta1;
  16. import "google/api/annotations.proto";
  17. import "google/api/client.proto";
  18. import "google/api/field_behavior.proto";
  19. import "google/api/resource.proto";
  20. import "google/cloud/security/privateca/v1beta1/resources.proto";
  21. import "google/longrunning/operations.proto";
  22. import "google/protobuf/duration.proto";
  23. import "google/protobuf/field_mask.proto";
  24. import "google/protobuf/timestamp.proto";
  25. option cc_enable_arenas = true;
  26. option csharp_namespace = "Google.Cloud.Security.PrivateCA.V1Beta1";
  27. option go_package = "google.golang.org/genproto/googleapis/cloud/security/privateca/v1beta1;privateca";
  28. option java_multiple_files = true;
  29. option java_outer_classname = "PrivateCaProto";
  30. option java_package = "com.google.cloud.security.privateca.v1beta1";
  31. option php_namespace = "Google\\Cloud\\Security\\PrivateCA\\V1beta1";
  32. option ruby_package = "Google::Cloud::Security::PrivateCA::V1beta1";
  33. // [Certificate Authority Service][google.cloud.security.privateca.v1beta1.CertificateAuthorityService] manages private
  34. // certificate authorities and issued certificates.
  35. service CertificateAuthorityService {
  36. option (google.api.default_host) = "privateca.googleapis.com";
  37. option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
  38. // Create a new [Certificate][google.cloud.security.privateca.v1beta1.Certificate] in a given Project, Location from a particular
  39. // [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
  40. rpc CreateCertificate(CreateCertificateRequest) returns (Certificate) {
  41. option (google.api.http) = {
  42. post: "/v1beta1/{parent=projects/*/locations/*/certificateAuthorities/*}/certificates"
  43. body: "certificate"
  44. };
  45. option (google.api.method_signature) = "parent,certificate,certificate_id";
  46. }
  47. // Returns a [Certificate][google.cloud.security.privateca.v1beta1.Certificate].
  48. rpc GetCertificate(GetCertificateRequest) returns (Certificate) {
  49. option (google.api.http) = {
  50. get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*/certificates/*}"
  51. };
  52. option (google.api.method_signature) = "name";
  53. }
  54. // Lists [Certificates][google.cloud.security.privateca.v1beta1.Certificate].
  55. rpc ListCertificates(ListCertificatesRequest) returns (ListCertificatesResponse) {
  56. option (google.api.http) = {
  57. get: "/v1beta1/{parent=projects/*/locations/*/certificateAuthorities/*}/certificates"
  58. };
  59. option (google.api.method_signature) = "parent";
  60. }
  61. // Revoke a [Certificate][google.cloud.security.privateca.v1beta1.Certificate].
  62. rpc RevokeCertificate(RevokeCertificateRequest) returns (Certificate) {
  63. option (google.api.http) = {
  64. post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*/certificates/*}:revoke"
  65. body: "*"
  66. };
  67. option (google.api.method_signature) = "name";
  68. }
  69. // Update a [Certificate][google.cloud.security.privateca.v1beta1.Certificate]. Currently, the only field you can update is the
  70. // [labels][google.cloud.security.privateca.v1beta1.Certificate.labels] field.
  71. rpc UpdateCertificate(UpdateCertificateRequest) returns (Certificate) {
  72. option (google.api.http) = {
  73. patch: "/v1beta1/{certificate.name=projects/*/locations/*/certificateAuthorities/*/certificates/*}"
  74. body: "certificate"
  75. };
  76. option (google.api.method_signature) = "certificate,update_mask";
  77. }
  78. // Activate a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] that is in state
  79. // [PENDING_ACTIVATION][google.cloud.security.privateca.v1beta1.CertificateAuthority.State.PENDING_ACTIVATION] and is
  80. // of type [SUBORDINATE][google.cloud.security.privateca.v1beta1.CertificateAuthority.Type.SUBORDINATE]. After the
  81. // parent Certificate Authority signs a certificate signing request from
  82. // [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
  83. // process.
  84. rpc ActivateCertificateAuthority(ActivateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  85. option (google.api.http) = {
  86. post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:activate"
  87. body: "*"
  88. };
  89. option (google.api.method_signature) = "name";
  90. option (google.longrunning.operation_info) = {
  91. response_type: "CertificateAuthority"
  92. metadata_type: "OperationMetadata"
  93. };
  94. }
  95. // Create a new [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in a given Project and Location.
  96. rpc CreateCertificateAuthority(CreateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  97. option (google.api.http) = {
  98. post: "/v1beta1/{parent=projects/*/locations/*}/certificateAuthorities"
  99. body: "certificate_authority"
  100. };
  101. option (google.api.method_signature) = "parent,certificate_authority,certificate_authority_id";
  102. option (google.longrunning.operation_info) = {
  103. response_type: "CertificateAuthority"
  104. metadata_type: "OperationMetadata"
  105. };
  106. }
  107. // Disable a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
  108. rpc DisableCertificateAuthority(DisableCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  109. option (google.api.http) = {
  110. post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:disable"
  111. body: "*"
  112. };
  113. option (google.api.method_signature) = "name";
  114. option (google.longrunning.operation_info) = {
  115. response_type: "CertificateAuthority"
  116. metadata_type: "OperationMetadata"
  117. };
  118. }
  119. // Enable a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
  120. rpc EnableCertificateAuthority(EnableCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  121. option (google.api.http) = {
  122. post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:enable"
  123. body: "*"
  124. };
  125. option (google.api.method_signature) = "name";
  126. option (google.longrunning.operation_info) = {
  127. response_type: "CertificateAuthority"
  128. metadata_type: "OperationMetadata"
  129. };
  130. }
  131. // Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]
  132. // that is in state
  133. // [PENDING_ACTIVATION][google.cloud.security.privateca.v1beta1.CertificateAuthority.State.PENDING_ACTIVATION] and is
  134. // of type [SUBORDINATE][google.cloud.security.privateca.v1beta1.CertificateAuthority.Type.SUBORDINATE]. The CSR must
  135. // then be signed by the desired parent Certificate Authority, which could be
  136. // another [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] resource, or could be an on-prem
  137. // certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ActivateCertificateAuthority].
  138. rpc FetchCertificateAuthorityCsr(FetchCertificateAuthorityCsrRequest) returns (FetchCertificateAuthorityCsrResponse) {
  139. option (google.api.http) = {
  140. get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:fetch"
  141. };
  142. option (google.api.method_signature) = "name";
  143. }
  144. // Returns a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
  145. rpc GetCertificateAuthority(GetCertificateAuthorityRequest) returns (CertificateAuthority) {
  146. option (google.api.http) = {
  147. get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}"
  148. };
  149. option (google.api.method_signature) = "name";
  150. }
  151. // Lists [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority].
  152. rpc ListCertificateAuthorities(ListCertificateAuthoritiesRequest) returns (ListCertificateAuthoritiesResponse) {
  153. option (google.api.http) = {
  154. get: "/v1beta1/{parent=projects/*/locations/*}/certificateAuthorities"
  155. };
  156. option (google.api.method_signature) = "parent";
  157. }
  158. // Restore a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] that is scheduled for deletion.
  159. rpc RestoreCertificateAuthority(RestoreCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  160. option (google.api.http) = {
  161. post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:restore"
  162. body: "*"
  163. };
  164. option (google.api.method_signature) = "name";
  165. option (google.longrunning.operation_info) = {
  166. response_type: "CertificateAuthority"
  167. metadata_type: "OperationMetadata"
  168. };
  169. }
  170. // Schedule a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] for deletion.
  171. rpc ScheduleDeleteCertificateAuthority(ScheduleDeleteCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  172. option (google.api.http) = {
  173. post: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*}:scheduleDelete"
  174. body: "*"
  175. };
  176. option (google.api.method_signature) = "name";
  177. option (google.longrunning.operation_info) = {
  178. response_type: "CertificateAuthority"
  179. metadata_type: "OperationMetadata"
  180. };
  181. }
  182. // Update a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
  183. rpc UpdateCertificateAuthority(UpdateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
  184. option (google.api.http) = {
  185. patch: "/v1beta1/{certificate_authority.name=projects/*/locations/*/certificateAuthorities/*}"
  186. body: "certificate_authority"
  187. };
  188. option (google.api.method_signature) = "certificate_authority,update_mask";
  189. option (google.longrunning.operation_info) = {
  190. response_type: "CertificateAuthority"
  191. metadata_type: "OperationMetadata"
  192. };
  193. }
  194. // Returns a [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList].
  195. rpc GetCertificateRevocationList(GetCertificateRevocationListRequest) returns (CertificateRevocationList) {
  196. option (google.api.http) = {
  197. get: "/v1beta1/{name=projects/*/locations/*/certificateAuthorities/*/certificateRevocationLists/*}"
  198. };
  199. option (google.api.method_signature) = "name";
  200. }
  201. // Lists [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList].
  202. rpc ListCertificateRevocationLists(ListCertificateRevocationListsRequest) returns (ListCertificateRevocationListsResponse) {
  203. option (google.api.http) = {
  204. get: "/v1beta1/{parent=projects/*/locations/*/certificateAuthorities/*}/certificateRevocationLists"
  205. };
  206. option (google.api.method_signature) = "parent";
  207. }
  208. // Update a [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList].
  209. rpc UpdateCertificateRevocationList(UpdateCertificateRevocationListRequest) returns (google.longrunning.Operation) {
  210. option (google.api.http) = {
  211. patch: "/v1beta1/{certificate_revocation_list.name=projects/*/locations/*/certificateAuthorities/*/certificateRevocationLists/*}"
  212. body: "certificate_revocation_list"
  213. };
  214. option (google.api.method_signature) = "certificate_revocation_list,update_mask";
  215. option (google.longrunning.operation_info) = {
  216. response_type: "CertificateRevocationList"
  217. metadata_type: "OperationMetadata"
  218. };
  219. }
  220. // Returns a [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig].
  221. rpc GetReusableConfig(GetReusableConfigRequest) returns (ReusableConfig) {
  222. option (google.api.http) = {
  223. get: "/v1beta1/{name=projects/*/locations/*/reusableConfigs/*}"
  224. };
  225. option (google.api.method_signature) = "name";
  226. }
  227. // Lists [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig].
  228. rpc ListReusableConfigs(ListReusableConfigsRequest) returns (ListReusableConfigsResponse) {
  229. option (google.api.http) = {
  230. get: "/v1beta1/{parent=projects/*/locations/*}/reusableConfigs"
  231. };
  232. option (google.api.method_signature) = "parent";
  233. }
  234. }
  235. // Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.CreateCertificate].
  236. message CreateCertificateRequest {
  237. // Required. The resource name of the location and [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]
  238. // associated with the [Certificate][google.cloud.security.privateca.v1beta1.Certificate], in the format
  239. // `projects/*/locations/*/certificateAuthorities/*`.
  240. string parent = 1 [
  241. (google.api.field_behavior) = REQUIRED,
  242. (google.api.resource_reference) = {
  243. type: "privateca.googleapis.com/CertificateAuthority"
  244. }
  245. ];
  246. // Optional. It must be unique within a location and match the regular
  247. // expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
  248. // [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][google.cloud.security.privateca.v1beta1.CertificateAuthority.Tier],
  249. // but is optional and its value is ignored otherwise.
  250. string certificate_id = 2 [(google.api.field_behavior) = OPTIONAL];
  251. // Required. A [Certificate][google.cloud.security.privateca.v1beta1.Certificate] with initial field values.
  252. Certificate certificate = 3 [(google.api.field_behavior) = REQUIRED];
  253. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  254. // retry your request, the server will know to ignore the request if it has
  255. // already been completed. The server will guarantee that for at least 60
  256. // minutes since the first request.
  257. //
  258. // For example, consider a situation where you make an initial request and t
  259. // he request times out. If you make the request again with the same request
  260. // ID, the server can check if original operation with the same request ID
  261. // was received, and if so, will ignore the second request. This prevents
  262. // clients from accidentally creating duplicate commitments.
  263. //
  264. // The request ID must be a valid UUID with the exception that zero UUID is
  265. // not supported (00000000-0000-0000-0000-000000000000).
  266. string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
  267. }
  268. // Request message for
  269. // [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificate].
  270. message GetCertificateRequest {
  271. // Required. The [name][google.cloud.security.privateca.v1beta1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1beta1.Certificate] to get.
  272. string name = 1 [
  273. (google.api.field_behavior) = REQUIRED,
  274. (google.api.resource_reference) = {
  275. type: "privateca.googleapis.com/Certificate"
  276. }
  277. ];
  278. }
  279. // Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificates].
  280. message ListCertificatesRequest {
  281. // Required. The resource name of the location associated with the
  282. // [Certificates][google.cloud.security.privateca.v1beta1.Certificate], in the format
  283. // `projects/*/locations/*/certificateauthorities/*`.
  284. string parent = 1 [
  285. (google.api.field_behavior) = REQUIRED,
  286. (google.api.resource_reference) = {
  287. type: "privateca.googleapis.com/CertificateAuthority"
  288. }
  289. ];
  290. // Optional. Limit on the number of
  291. // [Certificates][google.cloud.security.privateca.v1beta1.Certificate] to include in the
  292. // response. Further [Certificates][google.cloud.security.privateca.v1beta1.Certificate] can subsequently be obtained
  293. // by including the
  294. // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificatesResponse.next_page_token] in a subsequent
  295. // request. If unspecified, the server will pick an appropriate default.
  296. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
  297. // Optional. Pagination token, returned earlier via
  298. // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificatesResponse.next_page_token].
  299. string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
  300. // Optional. Only include resources that match the filter in the response. For details
  301. // on supported filters and syntax, see [Certificates Filtering
  302. // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
  303. string filter = 4 [(google.api.field_behavior) = OPTIONAL];
  304. // Optional. Specify how the results should be sorted. For details on supported fields
  305. // and syntax, see [Certificates Sorting
  306. // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
  307. string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
  308. }
  309. // Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificates].
  310. message ListCertificatesResponse {
  311. // The list of [Certificates][google.cloud.security.privateca.v1beta1.Certificate].
  312. repeated Certificate certificates = 1;
  313. // A token to retrieve next page of results. Pass this value in
  314. // [ListCertificatesRequest.next_page_token][] to retrieve the
  315. // next page of results.
  316. string next_page_token = 2;
  317. // A list of locations (e.g. "us-west1") that could not be reached.
  318. repeated string unreachable = 3;
  319. }
  320. // Request message for
  321. // [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.RevokeCertificate].
  322. message RevokeCertificateRequest {
  323. // Required. The resource name for this [Certificate][google.cloud.security.privateca.v1beta1.Certificate] in the
  324. // format `projects/*/locations/*/certificateAuthorities/*/certificates/*`.
  325. string name = 1 [
  326. (google.api.field_behavior) = REQUIRED,
  327. (google.api.resource_reference) = {
  328. type: "privateca.googleapis.com/Certificate"
  329. }
  330. ];
  331. // Required. The [RevocationReason][google.cloud.security.privateca.v1beta1.RevocationReason] for revoking this certificate.
  332. RevocationReason reason = 2 [(google.api.field_behavior) = REQUIRED];
  333. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  334. // retry your request, the server will know to ignore the request if it has
  335. // already been completed. The server will guarantee that for at least 60
  336. // minutes since the first request.
  337. //
  338. // For example, consider a situation where you make an initial request and t
  339. // he request times out. If you make the request again with the same request
  340. // ID, the server can check if original operation with the same request ID
  341. // was received, and if so, will ignore the second request. This prevents
  342. // clients from accidentally creating duplicate commitments.
  343. //
  344. // The request ID must be a valid UUID with the exception that zero UUID is
  345. // not supported (00000000-0000-0000-0000-000000000000).
  346. string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
  347. }
  348. // Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.UpdateCertificate].
  349. message UpdateCertificateRequest {
  350. // Required. [Certificate][google.cloud.security.privateca.v1beta1.Certificate] with updated values.
  351. Certificate certificate = 1 [(google.api.field_behavior) = REQUIRED];
  352. // Required. A list of fields to be updated in this request.
  353. google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
  354. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  355. // retry your request, the server will know to ignore the request if it has
  356. // already been completed. The server will guarantee that for at least 60
  357. // minutes since the first request.
  358. //
  359. // For example, consider a situation where you make an initial request and t
  360. // he request times out. If you make the request again with the same request
  361. // ID, the server can check if original operation with the same request ID
  362. // was received, and if so, will ignore the second request. This prevents
  363. // clients from accidentally creating duplicate commitments.
  364. //
  365. // The request ID must be a valid UUID with the exception that zero UUID is
  366. // not supported (00000000-0000-0000-0000-000000000000).
  367. string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
  368. }
  369. // Request message for
  370. // [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ActivateCertificateAuthority].
  371. message ActivateCertificateAuthorityRequest {
  372. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
  373. // format `projects/*/locations/*/certificateAuthorities/*`.
  374. string name = 1 [
  375. (google.api.field_behavior) = REQUIRED,
  376. (google.api.resource_reference) = {
  377. type: "privateca.googleapis.com/CertificateAuthority"
  378. }
  379. ];
  380. // Required. The signed CA certificate issued from
  381. // [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1beta1.FetchCertificateAuthorityCsrResponse.pem_csr].
  382. string pem_ca_certificate = 2 [(google.api.field_behavior) = REQUIRED];
  383. // Required. Must include information about the issuer of 'pem_ca_certificate', and any
  384. // further issuers until the self-signed CA.
  385. SubordinateConfig subordinate_config = 3 [(google.api.field_behavior) = REQUIRED];
  386. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  387. // retry your request, the server will know to ignore the request if it has
  388. // already been completed. The server will guarantee that for at least 60
  389. // minutes since the first request.
  390. //
  391. // For example, consider a situation where you make an initial request and t
  392. // he request times out. If you make the request again with the same request
  393. // ID, the server can check if original operation with the same request ID
  394. // was received, and if so, will ignore the second request. This prevents
  395. // clients from accidentally creating duplicate commitments.
  396. //
  397. // The request ID must be a valid UUID with the exception that zero UUID is
  398. // not supported (00000000-0000-0000-0000-000000000000).
  399. string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
  400. }
  401. // Request message for
  402. // [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.CreateCertificateAuthority].
  403. message CreateCertificateAuthorityRequest {
  404. // Required. The resource name of the location associated with the
  405. // [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority], in the format
  406. // `projects/*/locations/*`.
  407. string parent = 1 [
  408. (google.api.field_behavior) = REQUIRED,
  409. (google.api.resource_reference) = {
  410. type: "locations.googleapis.com/Location"
  411. }
  412. ];
  413. // Required. It must be unique within a location and match the regular
  414. // expression `[a-zA-Z0-9_-]{1,63}`
  415. string certificate_authority_id = 2 [(google.api.field_behavior) = REQUIRED];
  416. // Required. A [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] with initial field values.
  417. CertificateAuthority certificate_authority = 3 [(google.api.field_behavior) = REQUIRED];
  418. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  419. // retry your request, the server will know to ignore the request if it has
  420. // already been completed. The server will guarantee that for at least 60
  421. // minutes since the first request.
  422. //
  423. // For example, consider a situation where you make an initial request and t
  424. // he request times out. If you make the request again with the same request
  425. // ID, the server can check if original operation with the same request ID
  426. // was received, and if so, will ignore the second request. This prevents
  427. // clients from accidentally creating duplicate commitments.
  428. //
  429. // The request ID must be a valid UUID with the exception that zero UUID is
  430. // not supported (00000000-0000-0000-0000-000000000000).
  431. string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
  432. }
  433. // Request message for
  434. // [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.DisableCertificateAuthority].
  435. message DisableCertificateAuthorityRequest {
  436. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
  437. // format `projects/*/locations/*/certificateAuthorities/*`.
  438. string name = 1 [
  439. (google.api.field_behavior) = REQUIRED,
  440. (google.api.resource_reference) = {
  441. type: "privateca.googleapis.com/CertificateAuthority"
  442. }
  443. ];
  444. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  445. // retry your request, the server will know to ignore the request if it has
  446. // already been completed. The server will guarantee that for at least 60
  447. // minutes since the first request.
  448. //
  449. // For example, consider a situation where you make an initial request and t
  450. // he request times out. If you make the request again with the same request
  451. // ID, the server can check if original operation with the same request ID
  452. // was received, and if so, will ignore the second request. This prevents
  453. // clients from accidentally creating duplicate commitments.
  454. //
  455. // The request ID must be a valid UUID with the exception that zero UUID is
  456. // not supported (00000000-0000-0000-0000-000000000000).
  457. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  458. }
  459. // Request message for
  460. // [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.EnableCertificateAuthority].
  461. message EnableCertificateAuthorityRequest {
  462. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
  463. // format `projects/*/locations/*/certificateAuthorities/*`.
  464. string name = 1 [
  465. (google.api.field_behavior) = REQUIRED,
  466. (google.api.resource_reference) = {
  467. type: "privateca.googleapis.com/CertificateAuthority"
  468. }
  469. ];
  470. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  471. // retry your request, the server will know to ignore the request if it has
  472. // already been completed. The server will guarantee that for at least 60
  473. // minutes since the first request.
  474. //
  475. // For example, consider a situation where you make an initial request and t
  476. // he request times out. If you make the request again with the same request
  477. // ID, the server can check if original operation with the same request ID
  478. // was received, and if so, will ignore the second request. This prevents
  479. // clients from accidentally creating duplicate commitments.
  480. //
  481. // The request ID must be a valid UUID with the exception that zero UUID is
  482. // not supported (00000000-0000-0000-0000-000000000000).
  483. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  484. }
  485. // Request message for
  486. // [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
  487. message FetchCertificateAuthorityCsrRequest {
  488. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
  489. // format `projects/*/locations/*/certificateAuthorities/*`.
  490. string name = 1 [
  491. (google.api.field_behavior) = REQUIRED,
  492. (google.api.resource_reference) = {
  493. type: "privateca.googleapis.com/CertificateAuthority"
  494. }
  495. ];
  496. }
  497. // Response message for
  498. // [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
  499. message FetchCertificateAuthorityCsrResponse {
  500. // Output only. The PEM-encoded signed certificate signing request (CSR).
  501. string pem_csr = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  502. }
  503. // Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificateAuthority].
  504. message GetCertificateAuthorityRequest {
  505. // Required. The [name][google.cloud.security.privateca.v1beta1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] to
  506. // get.
  507. string name = 1 [
  508. (google.api.field_behavior) = REQUIRED,
  509. (google.api.resource_reference) = {
  510. type: "privateca.googleapis.com/CertificateAuthority"
  511. }
  512. ];
  513. }
  514. // Request message for
  515. // [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateAuthorities].
  516. message ListCertificateAuthoritiesRequest {
  517. // Required. The resource name of the location associated with the
  518. // [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority], in the format
  519. // `projects/*/locations/*`.
  520. string parent = 1 [
  521. (google.api.field_behavior) = REQUIRED,
  522. (google.api.resource_reference) = {
  523. type: "locations.googleapis.com/Location"
  524. }
  525. ];
  526. // Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority] to
  527. // include in the response.
  528. // Further [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority] can subsequently be
  529. // obtained by including the
  530. // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
  531. // request. If unspecified, the server will pick an appropriate default.
  532. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
  533. // Optional. Pagination token, returned earlier via
  534. // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateAuthoritiesResponse.next_page_token].
  535. string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
  536. // Optional. Only include resources that match the filter in the response.
  537. string filter = 4 [(google.api.field_behavior) = OPTIONAL];
  538. // Optional. Specify how the results should be sorted.
  539. string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
  540. }
  541. // Response message for
  542. // [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateAuthorities].
  543. message ListCertificateAuthoritiesResponse {
  544. // The list of [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority].
  545. repeated CertificateAuthority certificate_authorities = 1;
  546. // A token to retrieve next page of results. Pass this value in
  547. // [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
  548. // page of results.
  549. string next_page_token = 2;
  550. // A list of locations (e.g. "us-west1") that could not be reached.
  551. repeated string unreachable = 3;
  552. }
  553. // Request message for
  554. // [CertificateAuthorityService.RestoreCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.RestoreCertificateAuthority].
  555. message RestoreCertificateAuthorityRequest {
  556. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
  557. // format `projects/*/locations/*/certificateAuthorities/*`.
  558. string name = 1 [
  559. (google.api.field_behavior) = REQUIRED,
  560. (google.api.resource_reference) = {
  561. type: "privateca.googleapis.com/CertificateAuthority"
  562. }
  563. ];
  564. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  565. // retry your request, the server will know to ignore the request if it has
  566. // already been completed. The server will guarantee that for at least 60
  567. // minutes since the first request.
  568. //
  569. // For example, consider a situation where you make an initial request and t
  570. // he request times out. If you make the request again with the same request
  571. // ID, the server can check if original operation with the same request ID
  572. // was received, and if so, will ignore the second request. This prevents
  573. // clients from accidentally creating duplicate commitments.
  574. //
  575. // The request ID must be a valid UUID with the exception that zero UUID is
  576. // not supported (00000000-0000-0000-0000-000000000000).
  577. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  578. }
  579. // Request message for
  580. // [CertificateAuthorityService.ScheduleDeleteCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ScheduleDeleteCertificateAuthority].
  581. message ScheduleDeleteCertificateAuthorityRequest {
  582. // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
  583. // format `projects/*/locations/*/certificateAuthorities/*`.
  584. string name = 1 [
  585. (google.api.field_behavior) = REQUIRED,
  586. (google.api.resource_reference) = {
  587. type: "privateca.googleapis.com/CertificateAuthority"
  588. }
  589. ];
  590. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  591. // retry your request, the server will know to ignore the request if it has
  592. // already been completed. The server will guarantee that for at least 60
  593. // minutes since the first request.
  594. //
  595. // For example, consider a situation where you make an initial request and t
  596. // he request times out. If you make the request again with the same request
  597. // ID, the server can check if original operation with the same request ID
  598. // was received, and if so, will ignore the second request. This prevents
  599. // clients from accidentally creating duplicate commitments.
  600. //
  601. // The request ID must be a valid UUID with the exception that zero UUID is
  602. // not supported (00000000-0000-0000-0000-000000000000).
  603. string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
  604. }
  605. // Request message for
  606. // [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.UpdateCertificateAuthority].
  607. message UpdateCertificateAuthorityRequest {
  608. // Required. [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] with updated values.
  609. CertificateAuthority certificate_authority = 1 [(google.api.field_behavior) = REQUIRED];
  610. // Required. A list of fields to be updated in this request.
  611. google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
  612. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  613. // retry your request, the server will know to ignore the request if it has
  614. // already been completed. The server will guarantee that for at least 60
  615. // minutes since the first request.
  616. //
  617. // For example, consider a situation where you make an initial request and t
  618. // he request times out. If you make the request again with the same request
  619. // ID, the server can check if original operation with the same request ID
  620. // was received, and if so, will ignore the second request. This prevents
  621. // clients from accidentally creating duplicate commitments.
  622. //
  623. // The request ID must be a valid UUID with the exception that zero UUID is
  624. // not supported (00000000-0000-0000-0000-000000000000).
  625. string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
  626. }
  627. // Request message for
  628. // [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetCertificateRevocationList].
  629. message GetCertificateRevocationListRequest {
  630. // Required. The [name][google.cloud.security.privateca.v1beta1.CertificateRevocationList.name] of the
  631. // [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] to get.
  632. string name = 1 [
  633. (google.api.field_behavior) = REQUIRED,
  634. (google.api.resource_reference) = {
  635. type: "privateca.googleapis.com/CertificateRevocationList"
  636. }
  637. ];
  638. }
  639. // Request message for
  640. // [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateRevocationLists].
  641. message ListCertificateRevocationListsRequest {
  642. // Required. The resource name of the location associated with the
  643. // [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList], in the format
  644. // `projects/*/locations/*/certificateauthorities/*`.
  645. string parent = 1 [
  646. (google.api.field_behavior) = REQUIRED,
  647. (google.api.resource_reference) = {
  648. type: "privateca.googleapis.com/CertificateAuthority"
  649. }
  650. ];
  651. // Optional. Limit on the number of
  652. // [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList] to include in the
  653. // response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList]
  654. // can subsequently be obtained by including the
  655. // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
  656. // request. If unspecified, the server will pick an appropriate default.
  657. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
  658. // Optional. Pagination token, returned earlier via
  659. // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListCertificateRevocationListsResponse.next_page_token].
  660. string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
  661. // Optional. Only include resources that match the filter in the response.
  662. string filter = 4 [(google.api.field_behavior) = OPTIONAL];
  663. // Optional. Specify how the results should be sorted.
  664. string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
  665. }
  666. // Response message for
  667. // [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListCertificateRevocationLists].
  668. message ListCertificateRevocationListsResponse {
  669. // The list of [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList].
  670. repeated CertificateRevocationList certificate_revocation_lists = 1;
  671. // A token to retrieve next page of results. Pass this value in
  672. // [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
  673. // next page of results.
  674. string next_page_token = 2;
  675. // A list of locations (e.g. "us-west1") that could not be reached.
  676. repeated string unreachable = 3;
  677. }
  678. // Request message for
  679. // [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.UpdateCertificateRevocationList].
  680. message UpdateCertificateRevocationListRequest {
  681. // Required. [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] with updated values.
  682. CertificateRevocationList certificate_revocation_list = 1 [(google.api.field_behavior) = REQUIRED];
  683. // Required. A list of fields to be updated in this request.
  684. google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
  685. // Optional. An ID to identify requests. Specify a unique request ID so that if you must
  686. // retry your request, the server will know to ignore the request if it has
  687. // already been completed. The server will guarantee that for at least 60
  688. // minutes since the first request.
  689. //
  690. // For example, consider a situation where you make an initial request and t
  691. // he request times out. If you make the request again with the same request
  692. // ID, the server can check if original operation with the same request ID
  693. // was received, and if so, will ignore the second request. This prevents
  694. // clients from accidentally creating duplicate commitments.
  695. //
  696. // The request ID must be a valid UUID with the exception that zero UUID is
  697. // not supported (00000000-0000-0000-0000-000000000000).
  698. string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
  699. }
  700. // Request message for
  701. // [CertificateAuthorityService.GetReusableConfig][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.GetReusableConfig].
  702. message GetReusableConfigRequest {
  703. // Required. The [name][ReusableConfigs.name] of the [ReusableConfigs][] to get.
  704. string name = 1 [
  705. (google.api.field_behavior) = REQUIRED,
  706. (google.api.resource_reference) = {
  707. type: "privateca.googleapis.com/ReusableConfig"
  708. }
  709. ];
  710. }
  711. // Request message for
  712. // [CertificateAuthorityService.ListReusableConfigs][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListReusableConfigs].
  713. message ListReusableConfigsRequest {
  714. // Required. The resource name of the location associated with the
  715. // [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig], in the format
  716. // `projects/*/locations/*`.
  717. string parent = 1 [
  718. (google.api.field_behavior) = REQUIRED,
  719. (google.api.resource_reference) = {
  720. type: "locations.googleapis.com/Location"
  721. }
  722. ];
  723. // Optional. Limit on the number of
  724. // [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig] to include in the response.
  725. // Further [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig] can subsequently be
  726. // obtained by including the
  727. // [ListReusableConfigsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListReusableConfigsResponse.next_page_token] in a subsequent request. If
  728. // unspecified, the server will pick an appropriate default.
  729. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
  730. // Optional. Pagination token, returned earlier via
  731. // [ListReusableConfigsResponse.next_page_token][google.cloud.security.privateca.v1beta1.ListReusableConfigsResponse.next_page_token].
  732. string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
  733. // Optional. Only include resources that match the filter in the response.
  734. string filter = 4 [(google.api.field_behavior) = OPTIONAL];
  735. // Optional. Specify how the results should be sorted.
  736. string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
  737. }
  738. // Response message for
  739. // [CertificateAuthorityService.ListReusableConfigs][google.cloud.security.privateca.v1beta1.CertificateAuthorityService.ListReusableConfigs].
  740. message ListReusableConfigsResponse {
  741. // The list of [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig].
  742. repeated ReusableConfig reusable_configs = 1;
  743. // A token to retrieve next page of results. Pass this value in
  744. // [ListReusableConfigsRequest.next_page_token][] to retrieve
  745. // the next page of results.
  746. string next_page_token = 2;
  747. // A list of locations (e.g. "us-west1") that could not be reached.
  748. repeated string unreachable = 3;
  749. }
  750. // Represents the metadata of the long-running operation.
  751. message OperationMetadata {
  752. // Output only. The time the operation was created.
  753. google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  754. // Output only. The time the operation finished running.
  755. google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
  756. // Output only. Server-defined resource path for the target of the operation.
  757. string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  758. // Output only. Name of the verb executed by the operation.
  759. string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
  760. // Output only. Human-readable status of the operation, if any.
  761. string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
  762. // Output only. Identifies whether the user has requested cancellation
  763. // of the operation. Operations that have successfully been cancelled
  764. // have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
  765. // corresponding to `Code.CANCELLED`.
  766. bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
  767. // Output only. API version used to start the operation.
  768. string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
  769. }