/
certificate_issuance_config.proto
200 lines (168 loc) · 7.59 KB
/
certificate_issuance_config.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.cloud.certificatemanager.v1;
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/timestamp.proto";
option csharp_namespace = "Google.Cloud.CertificateManager.V1";
option go_package = "cloud.google.com/go/certificatemanager/apiv1/certificatemanagerpb;certificatemanagerpb";
option java_multiple_files = true;
option java_outer_classname = "CertificateIssuanceConfigProto";
option java_package = "com.google.cloud.certificatemanager.v1";
option php_namespace = "Google\\Cloud\\CertificateManager\\V1";
option ruby_package = "Google::Cloud::CertificateManager::V1";
option (google.api.resource_definition) = {
type: "privateca.googleapis.com/CaPool"
pattern: "projects/{project}/locations/{location}/caPools/{ca_pool}"
};
// Request for the `ListCertificateIssuanceConfigs` method.
message ListCertificateIssuanceConfigsRequest {
// Required. The project and location from which the certificate should be
// listed, specified in the format `projects/*/locations/*`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "locations.googleapis.com/Location"
}
];
// Maximum number of certificate configs to return per call.
int32 page_size = 2;
// The value returned by the last `ListCertificateIssuanceConfigsResponse`.
// Indicates that this is a continuation of a prior
// `ListCertificateIssuanceConfigs` call, and that the system should return
// the next page of data.
string page_token = 3;
// Filter expression to restrict the Certificates Configs returned.
string filter = 4;
// A list of Certificate Config field names used to specify the order of the
// returned results. The default sorting order is ascending. To specify
// descending order for a field, add a suffix `" desc"`.
string order_by = 5;
}
// Response for the `ListCertificateIssuanceConfigs` method.
message ListCertificateIssuanceConfigsResponse {
// A list of certificate configs for the parent resource.
repeated CertificateIssuanceConfig certificate_issuance_configs = 1;
// If there might be more results than those appearing in this response, then
// `next_page_token` is included. To get the next set of results, call this
// method again using the value of `next_page_token` as `page_token`.
string next_page_token = 2;
// Locations that could not be reached.
repeated string unreachable = 3;
}
// Request for the `GetCertificateIssuanceConfig` method.
message GetCertificateIssuanceConfigRequest {
// Required. A name of the certificate issuance config to describe. Must be in
// the format `projects/*/locations/*/certificateIssuanceConfigs/*`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "certificatemanager.googleapis.com/CertificateIssuanceConfig"
}
];
}
// Request for the `CreateCertificateIssuanceConfig` method.
message CreateCertificateIssuanceConfigRequest {
// Required. The parent resource of the certificate issuance config. Must be
// in the format `projects/*/locations/*`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "locations.googleapis.com/Location"
}
];
// Required. A user-provided name of the certificate config.
string certificate_issuance_config_id = 2
[(google.api.field_behavior) = REQUIRED];
// Required. A definition of the certificate issuance config to create.
CertificateIssuanceConfig certificate_issuance_config = 3
[(google.api.field_behavior) = REQUIRED];
}
// Request for the `DeleteCertificateIssuanceConfig` method.
message DeleteCertificateIssuanceConfigRequest {
// Required. A name of the certificate issuance config to delete. Must be in
// the format `projects/*/locations/*/certificateIssuanceConfigs/*`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "certificatemanager.googleapis.com/CertificateIssuanceConfig"
}
];
}
// CertificateIssuanceConfig specifies how to issue and manage a certificate.
message CertificateIssuanceConfig {
option (google.api.resource) = {
type: "certificatemanager.googleapis.com/CertificateIssuanceConfig"
pattern: "projects/{project}/locations/{location}/certificateIssuanceConfigs/{certificate_issuance_config}"
};
// The CA that issues the workload certificate. It includes CA address, type,
// authentication to CA service, etc.
message CertificateAuthorityConfig {
// Contains information required to contact CA service.
message CertificateAuthorityServiceConfig {
// Required. A CA pool resource used to issue a certificate.
// The CA pool string has a relative resource path following the form
// "projects/{project}/locations/{location}/caPools/{ca_pool}".
string ca_pool = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "privateca.googleapis.com/CaPool"
}
];
}
oneof kind {
// Defines a CertificateAuthorityServiceConfig.
CertificateAuthorityServiceConfig certificate_authority_service_config =
1;
}
}
// The type of keypair to generate.
enum KeyAlgorithm {
// Unspecified key algorithm.
KEY_ALGORITHM_UNSPECIFIED = 0;
// Specifies RSA with a 2048-bit modulus.
RSA_2048 = 1;
// Specifies ECDSA with curve P256.
ECDSA_P256 = 4;
}
// A user-defined name of the certificate issuance config.
// CertificateIssuanceConfig names must be unique globally and match pattern
// `projects/*/locations/*/certificateIssuanceConfigs/*`.
string name = 1;
// Output only. The creation timestamp of a CertificateIssuanceConfig.
google.protobuf.Timestamp create_time = 2
[(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last update timestamp of a CertificateIssuanceConfig.
google.protobuf.Timestamp update_time = 3
[(google.api.field_behavior) = OUTPUT_ONLY];
// Set of labels associated with a CertificateIssuanceConfig.
map<string, string> labels = 4;
// One or more paragraphs of text description of a CertificateIssuanceConfig.
string description = 5;
// Required. The CA that issues the workload certificate. It includes the CA
// address, type, authentication to CA service, etc.
CertificateAuthorityConfig certificate_authority_config = 6
[(google.api.field_behavior) = REQUIRED];
// Required. Workload certificate lifetime requested.
google.protobuf.Duration lifetime = 7
[(google.api.field_behavior) = REQUIRED];
// Required. Specifies the percentage of elapsed time of the certificate
// lifetime to wait before renewing the certificate. Must be a number between
// 1-99, inclusive.
int32 rotation_window_percentage = 8 [(google.api.field_behavior) = REQUIRED];
// Required. The key algorithm to use when generating the private key.
KeyAlgorithm key_algorithm = 9 [(google.api.field_behavior) = REQUIRED];
}