feat(certificatemanager): update the api

#### certificatemanager:v1

The following keys were added:
- resources.projects.resources.locations.resources.certificateIssuanceConfigs.methods.create (Total Keys: 14)
- resources.projects.resources.locations.resources.certificateIssuanceConfigs.methods.delete (Total Keys: 11)
- resources.projects.resources.locations.resources.certificateIssuanceConfigs.methods.get (Total Keys: 11)
- resources.projects.resources.locations.resources.certificateIssuanceConfigs.methods.list (Total Keys: 20)
- schemas.CertificateAuthorityConfig (Total Keys: 3)
- schemas.CertificateAuthorityServiceConfig (Total Keys: 3)
- schemas.CertificateIssuanceConfig (Total Keys: 17)
- schemas.ListCertificateIssuanceConfigsResponse (Total Keys: 7)
- schemas.ManagedCertificate.properties.issuanceConfig.type (Total Keys: 1)

Author: yoshi-automation

docs/dyn/certificatemanager_v1.projects.locations.certificateIssuanceConfigs.html

@@ -0,0 +1,285 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+  margin: 0;
+  padding: 0;
+  border: 0;
+  font-weight: inherit;
+  font-style: inherit;
+  font-size: 100%;
+  font-family: inherit;
+  vertical-align: baseline;
+}
+
+body {
+  font-size: 13px;
+  padding: 1em;
+}
+
+h1 {
+  font-size: 26px;
+  margin-bottom: 1em;
+}
+
+h2 {
+  font-size: 24px;
+  margin-bottom: 1em;
+}
+
+h3 {
+  font-size: 20px;
+  margin-bottom: 1em;
+  margin-top: 1em;
+}
+
+pre, code {
+  line-height: 1.5;
+  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+  margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+  font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+  border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+  margin-top: 0.5em;
+}
+
+.firstline {
+  margin-left: 2 em;
+}
+
+.method  {
+  margin-top: 1em;
+  border: solid 1px #CCC;
+  padding: 1em;
+  background: #EEE;
+}
+
+.details {
+  font-weight: bold;
+  font-size: 14px;
+}
+
+</style>
+
+<h1><a href="certificatemanager_v1.html">Certificate Manager API</a> . <a href="certificatemanager_v1.projects.html">projects</a> . <a href="certificatemanager_v1.projects.locations.html">locations</a> . <a href="certificatemanager_v1.projects.locations.certificateIssuanceConfigs.html">certificateIssuanceConfigs</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+  <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+  <code><a href="#create">create(parent, body=None, certificateIssuanceConfigId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new CertificateIssuanceConfig in a given project and location.</p>
+<p class="toc_element">
+  <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single CertificateIssuanceConfig.</p>
+<p class="toc_element">
+  <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single CertificateIssuanceConfig.</p>
+<p class="toc_element">
+  <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists CertificateIssuanceConfigs in a given project and location.</p>
+<p class="toc_element">
+  <code><a href="#list_next">list_next()</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+    <code class="details" id="close">close()</code>
+  <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+    <code class="details" id="create">create(parent, body=None, certificateIssuanceConfigId=None, x__xgafv=None)</code>
+  <pre>Creates a new CertificateIssuanceConfig in a given project and location.
+
+Args:
+  parent: string, Required. The parent resource of the certificate issuance config. Must be in the format `projects/*/locations/*`. (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # CertificateIssuanceConfig specifies how to issue and manage a certificate.
+  &quot;certificateAuthorityConfig&quot;: { # The CA that issues the workload certificate. It includes CA address, type, authentication to CA service, etc. # Required. The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc.
+    &quot;certificateAuthorityServiceConfig&quot;: { # Contains information required to contact CA service. # Defines a CertificateAuthorityServiceConfig.
+      &quot;caPool&quot;: &quot;A String&quot;, # Required. A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form &quot;projects/{project}/locations/{location}/caPools/{ca_pool}&quot;.
+    },
+  },
+  &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of a CertificateIssuanceConfig.
+  &quot;description&quot;: &quot;A String&quot;, # One or more paragraphs of text description of a CertificateIssuanceConfig.
+  &quot;keyAlgorithm&quot;: &quot;A String&quot;, # Required. The key algorithm to use when generating the private key.
+  &quot;labels&quot;: { # Set of labels associated with a CertificateIssuanceConfig.
+    &quot;a_key&quot;: &quot;A String&quot;,
+  },
+  &quot;lifetime&quot;: &quot;A String&quot;, # Required. Workload certificate lifetime requested.
+  &quot;name&quot;: &quot;A String&quot;, # A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally and match pattern `projects/*/locations/*/certificateIssuanceConfigs/*`.
+  &quot;rotationWindowPercentage&quot;: 42, # Required. Specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive.
+  &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of a CertificateIssuanceConfig.
+}
+
+  certificateIssuanceConfigId: string, Required. A user-provided name of the certificate config.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
+    &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+  },
+  &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  &quot;response&quot;: { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+  },
+}</pre>
+</div>
+
+<div class="method">
+    <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+  <pre>Deletes a single CertificateIssuanceConfig.
+
+Args:
+  name: string, Required. A name of the certificate issuance config to delete. Must be in the format `projects/*/locations/*/certificateIssuanceConfigs/*`. (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
+    &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+  },
+  &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  &quot;response&quot;: { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+  },
+}</pre>
+</div>
+
+<div class="method">
+    <code class="details" id="get">get(name, x__xgafv=None)</code>
+  <pre>Gets details of a single CertificateIssuanceConfig.
+
+Args:
+  name: string, Required. A name of the certificate issuance config to describe. Must be in the format `projects/*/locations/*/certificateIssuanceConfigs/*`. (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # CertificateIssuanceConfig specifies how to issue and manage a certificate.
+  &quot;certificateAuthorityConfig&quot;: { # The CA that issues the workload certificate. It includes CA address, type, authentication to CA service, etc. # Required. The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc.
+    &quot;certificateAuthorityServiceConfig&quot;: { # Contains information required to contact CA service. # Defines a CertificateAuthorityServiceConfig.
+      &quot;caPool&quot;: &quot;A String&quot;, # Required. A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form &quot;projects/{project}/locations/{location}/caPools/{ca_pool}&quot;.
+    },
+  },
+  &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of a CertificateIssuanceConfig.
+  &quot;description&quot;: &quot;A String&quot;, # One or more paragraphs of text description of a CertificateIssuanceConfig.
+  &quot;keyAlgorithm&quot;: &quot;A String&quot;, # Required. The key algorithm to use when generating the private key.
+  &quot;labels&quot;: { # Set of labels associated with a CertificateIssuanceConfig.
+    &quot;a_key&quot;: &quot;A String&quot;,
+  },
+  &quot;lifetime&quot;: &quot;A String&quot;, # Required. Workload certificate lifetime requested.
+  &quot;name&quot;: &quot;A String&quot;, # A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally and match pattern `projects/*/locations/*/certificateIssuanceConfigs/*`.
+  &quot;rotationWindowPercentage&quot;: 42, # Required. Specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive.
+  &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of a CertificateIssuanceConfig.
+}</pre>
+</div>
+
+<div class="method">
+    <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+  <pre>Lists CertificateIssuanceConfigs in a given project and location.
+
+Args:
+  parent: string, Required. The project and location from which the certificate should be listed, specified in the format `projects/*/locations/*`. (required)
+  filter: string, Filter expression to restrict the Certificates Configs returned.
+  orderBy: string, A list of Certificate Config field names used to specify the order of the returned results. The default sorting order is ascending. To specify descending order for a field, add a suffix &quot; desc&quot;.
+  pageSize: integer, Maximum number of certificate configs to return per call.
+  pageToken: string, The value returned by the last `ListCertificateIssuanceConfigsResponse`. Indicates that this is a continuation of a prior `ListCertificateIssuanceConfigs` call, and that the system should return the next page of data.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Response for the `ListCertificateIssuanceConfigs` method.
+  &quot;certificateIssuanceConfigs&quot;: [ # A list of certificate configs for the parent resource.
+    { # CertificateIssuanceConfig specifies how to issue and manage a certificate.
+      &quot;certificateAuthorityConfig&quot;: { # The CA that issues the workload certificate. It includes CA address, type, authentication to CA service, etc. # Required. The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc.
+        &quot;certificateAuthorityServiceConfig&quot;: { # Contains information required to contact CA service. # Defines a CertificateAuthorityServiceConfig.
+          &quot;caPool&quot;: &quot;A String&quot;, # Required. A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form &quot;projects/{project}/locations/{location}/caPools/{ca_pool}&quot;.
+        },
+      },
+      &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of a CertificateIssuanceConfig.
+      &quot;description&quot;: &quot;A String&quot;, # One or more paragraphs of text description of a CertificateIssuanceConfig.
+      &quot;keyAlgorithm&quot;: &quot;A String&quot;, # Required. The key algorithm to use when generating the private key.
+      &quot;labels&quot;: { # Set of labels associated with a CertificateIssuanceConfig.
+        &quot;a_key&quot;: &quot;A String&quot;,
+      },
+      &quot;lifetime&quot;: &quot;A String&quot;, # Required. Workload certificate lifetime requested.
+      &quot;name&quot;: &quot;A String&quot;, # A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally and match pattern `projects/*/locations/*/certificateIssuanceConfigs/*`.
+      &quot;rotationWindowPercentage&quot;: 42, # Required. Specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive.
+      &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of a CertificateIssuanceConfig.
+    },
+  ],
+  &quot;nextPageToken&quot;: &quot;A String&quot;, # If there might be more results than those appearing in this response, then `next_page_token` is included. To get the next set of results, call this method again using the value of `next_page_token` as `page_token`.
+  &quot;unreachable&quot;: [ # Locations that could not be reached.
+    &quot;A String&quot;,
+  ],
+}</pre>
+</div>
+
+<div class="method">
+    <code class="details" id="list_next">list_next()</code>
+  <pre>Retrieves the next page of results.
+
+        Args:
+          previous_request: The request for the previous page. (required)
+          previous_response: The response from the request for the previous page. (required)
+
+        Returns:
+          A request object that you can call &#x27;execute()&#x27; on to request the next
+          page. Returns None if there are no more items in the collection.
+        </pre>
+</div>
+
+</body></html>

docs/dyn/certificatemanager_v1.projects.locations.certificates.html

@@ -132,6 +132,7 @@ <h3>Method Details</h3>
     &quot;domains&quot;: [ # Immutable. The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution.
       &quot;A String&quot;,
     ],
+    &quot;issuanceConfig&quot;: &quot;A String&quot;, # Immutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format `projects/*/locations/*/certificateIssuanceConfigs/*`. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.
     &quot;provisioningIssue&quot;: { # Information about issues with provisioning a Managed Certificate. # Output only. Information about issues with provisioning a Managed Certificate.
       &quot;details&quot;: &quot;A String&quot;, # Output only. Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use Reason enum.
       &quot;reason&quot;: &quot;A String&quot;, # Output only. Reason for provisioning failures.
@@ -252,6 +253,7 @@ <h3>Method Details</h3>
     &quot;domains&quot;: [ # Immutable. The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution.
       &quot;A String&quot;,
     ],
+    &quot;issuanceConfig&quot;: &quot;A String&quot;, # Immutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format `projects/*/locations/*/certificateIssuanceConfigs/*`. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.
     &quot;provisioningIssue&quot;: { # Information about issues with provisioning a Managed Certificate. # Output only. Information about issues with provisioning a Managed Certificate.
       &quot;details&quot;: &quot;A String&quot;, # Output only. Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use Reason enum.
       &quot;reason&quot;: &quot;A String&quot;, # Output only. Reason for provisioning failures.
@@ -314,6 +316,7 @@ <h3>Method Details</h3>
         &quot;domains&quot;: [ # Immutable. The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution.
           &quot;A String&quot;,
         ],
+        &quot;issuanceConfig&quot;: &quot;A String&quot;, # Immutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format `projects/*/locations/*/certificateIssuanceConfigs/*`. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.
         &quot;provisioningIssue&quot;: { # Information about issues with provisioning a Managed Certificate. # Output only. Information about issues with provisioning a Managed Certificate.
           &quot;details&quot;: &quot;A String&quot;, # Output only. Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use Reason enum.
           &quot;reason&quot;: &quot;A String&quot;, # Output only. Reason for provisioning failures.
@@ -385,6 +388,7 @@ <h3>Method Details</h3>
     &quot;domains&quot;: [ # Immutable. The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution.
       &quot;A String&quot;,
     ],
+    &quot;issuanceConfig&quot;: &quot;A String&quot;, # Immutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format `projects/*/locations/*/certificateIssuanceConfigs/*`. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.
     &quot;provisioningIssue&quot;: { # Information about issues with provisioning a Managed Certificate. # Output only. Information about issues with provisioning a Managed Certificate.
       &quot;details&quot;: &quot;A String&quot;, # Output only. Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use Reason enum.
       &quot;reason&quot;: &quot;A String&quot;, # Output only. Reason for provisioning failures.

docs/dyn/certificatemanager_v1.projects.locations.html

@@ -74,6 +74,11 @@
 
 <h1><a href="certificatemanager_v1.html">Certificate Manager API</a> . <a href="certificatemanager_v1.projects.html">projects</a> . <a href="certificatemanager_v1.projects.locations.html">locations</a></h1>
 <h2>Instance Methods</h2>
+<p class="toc_element">
+  <code><a href="certificatemanager_v1.projects.locations.certificateIssuanceConfigs.html">certificateIssuanceConfigs()</a></code>
+</p>
+<p class="firstline">Returns the certificateIssuanceConfigs Resource.</p>
+
 <p class="toc_element">
   <code><a href="certificatemanager_v1.projects.locations.certificateMaps.html">certificateMaps()</a></code>
 </p>

googleapiclient/discovery_cache/documents/certificatemanager.v1.json

@@ -177,6 +177,139 @@
             }
           },
           "resources": {
+            "certificateIssuanceConfigs": {
+              "methods": {
+                "create": {
+                  "description": "Creates a new CertificateIssuanceConfig in a given project and location.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/certificateIssuanceConfigs",
+                  "httpMethod": "POST",
+                  "id": "certificatemanager.projects.locations.certificateIssuanceConfigs.create",
+                  "parameterOrder": [
+                    "parent"
+                  ],
+                  "parameters": {
+                    "certificateIssuanceConfigId": {
+                      "description": "Required. A user-provided name of the certificate config.",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "parent": {
+                      "description": "Required. The parent resource of the certificate issuance config. Must be in the format `projects/*/locations/*`.",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+parent}/certificateIssuanceConfigs",
+                  "request": {
+                    "$ref": "CertificateIssuanceConfig"
+                  },
+                  "response": {
+                    "$ref": "Operation"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "delete": {
+                  "description": "Deletes a single CertificateIssuanceConfig.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/certificateIssuanceConfigs/{certificateIssuanceConfigsId}",
+                  "httpMethod": "DELETE",
+                  "id": "certificatemanager.projects.locations.certificateIssuanceConfigs.delete",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. A name of the certificate issuance config to delete. Must be in the format `projects/*/locations/*/certificateIssuanceConfigs/*`.",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/certificateIssuanceConfigs/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}",
+                  "response": {
+                    "$ref": "Operation"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "get": {
+                  "description": "Gets details of a single CertificateIssuanceConfig.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/certificateIssuanceConfigs/{certificateIssuanceConfigsId}",
+                  "httpMethod": "GET",
+                  "id": "certificatemanager.projects.locations.certificateIssuanceConfigs.get",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. A name of the certificate issuance config to describe. Must be in the format `projects/*/locations/*/certificateIssuanceConfigs/*`.",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/certificateIssuanceConfigs/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}",
+                  "response": {
+                    "$ref": "CertificateIssuanceConfig"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "list": {
+                  "description": "Lists CertificateIssuanceConfigs in a given project and location.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/certificateIssuanceConfigs",
+                  "httpMethod": "GET",
+                  "id": "certificatemanager.projects.locations.certificateIssuanceConfigs.list",
+                  "parameterOrder": [
+                    "parent"
+                  ],
+                  "parameters": {
+                    "filter": {
+                      "description": "Filter expression to restrict the Certificates Configs returned.",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "orderBy": {
+                      "description": "A list of Certificate Config field names used to specify the order of the returned results. The default sorting order is ascending. To specify descending order for a field, add a suffix \" desc\".",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "pageSize": {
+                      "description": "Maximum number of certificate configs to return per call.",
+                      "format": "int32",
+                      "location": "query",
+                      "type": "integer"
+                    },
+                    "pageToken": {
+                      "description": "The value returned by the last `ListCertificateIssuanceConfigsResponse`. Indicates that this is a continuation of a prior `ListCertificateIssuanceConfigs` call, and that the system should return the next page of data.",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "parent": {
+                      "description": "Required. The project and location from which the certificate should be listed, specified in the format `projects/*/locations/*`.",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+parent}/certificateIssuanceConfigs",
+                  "response": {
+                    "$ref": "ListCertificateIssuanceConfigsResponse"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                }
+              }
+            },
             "certificateMaps": {
               "methods": {
                 "create": {
@@ -975,7 +1108,7 @@
       }
     }
   },
-  "revision": "20220914",
+  "revision": "20220927",
   "rootUrl": "https://certificatemanager.googleapis.com/",
   "schemas": {
     "AuthorizationAttemptInfo": {
@@ -1107,6 +1240,90 @@
       },
       "type": "object"
     },
+    "CertificateAuthorityConfig": {
+      "description": "The CA that issues the workload certificate. It includes CA address, type, authentication to CA service, etc.",
+      "id": "CertificateAuthorityConfig",
+      "properties": {
+        "certificateAuthorityServiceConfig": {
+          "$ref": "CertificateAuthorityServiceConfig",
+          "description": "Defines a CertificateAuthorityServiceConfig."
+        }
+      },
+      "type": "object"
+    },
+    "CertificateAuthorityServiceConfig": {
+      "description": "Contains information required to contact CA service.",
+      "id": "CertificateAuthorityServiceConfig",
+      "properties": {
+        "caPool": {
+          "description": "Required. A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form \"projects/{project}/locations/{location}/caPools/{ca_pool}\".",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CertificateIssuanceConfig": {
+      "description": "CertificateIssuanceConfig specifies how to issue and manage a certificate.",
+      "id": "CertificateIssuanceConfig",
+      "properties": {
+        "certificateAuthorityConfig": {
+          "$ref": "CertificateAuthorityConfig",
+          "description": "Required. The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc."
+        },
+        "createTime": {
+          "description": "Output only. The creation timestamp of a CertificateIssuanceConfig.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "description": {
+          "description": "One or more paragraphs of text description of a CertificateIssuanceConfig.",
+          "type": "string"
+        },
+        "keyAlgorithm": {
+          "description": "Required. The key algorithm to use when generating the private key.",
+          "enum": [
+            "KEY_ALGORITHM_UNSPECIFIED",
+            "RSA_2048",
+            "ECDSA_P256"
+          ],
+          "enumDescriptions": [
+            "Unspecified key algorithm.",
+            "Specifies RSA with a 2048-bit modulus.",
+            "Specifies ECDSA with curve P256."
+          ],
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Set of labels associated with a CertificateIssuanceConfig.",
+          "type": "object"
+        },
+        "lifetime": {
+          "description": "Required. Workload certificate lifetime requested.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "name": {
+          "description": "A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally and match pattern `projects/*/locations/*/certificateIssuanceConfigs/*`.",
+          "type": "string"
+        },
+        "rotationWindowPercentage": {
+          "description": "Required. Specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "updateTime": {
+          "description": "Output only. The last update timestamp of a CertificateIssuanceConfig.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "CertificateMap": {
       "description": "Defines a collection of certificate configurations.",
       "id": "CertificateMap",
@@ -1338,6 +1555,31 @@
       },
       "type": "object"
     },
+    "ListCertificateIssuanceConfigsResponse": {
+      "description": "Response for the `ListCertificateIssuanceConfigs` method.",
+      "id": "ListCertificateIssuanceConfigsResponse",
+      "properties": {
+        "certificateIssuanceConfigs": {
+          "description": "A list of certificate configs for the parent resource.",
+          "items": {
+            "$ref": "CertificateIssuanceConfig"
+          },
+          "type": "array"
+        },
+        "nextPageToken": {
+          "description": "If there might be more results than those appearing in this response, then `next_page_token` is included. To get the next set of results, call this method again using the value of `next_page_token` as `page_token`.",
+          "type": "string"
+        },
+        "unreachable": {
+          "description": "Locations that could not be reached.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "ListCertificateMapEntriesResponse": {
       "description": "Response for the `ListCertificateMapEntries` method.",
       "id": "ListCertificateMapEntriesResponse",
@@ -1534,6 +1776,10 @@
           },
           "type": "array"
         },
+        "issuanceConfig": {
+          "description": "Immutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format `projects/*/locations/*/certificateIssuanceConfigs/*`. If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.",
+          "type": "string"
+        },
         "provisioningIssue": {
           "$ref": "ProvisioningIssue",
           "description": "Output only. Information about issues with provisioning a Managed Certificate.",