feat: Added Trust Configs and DnsAuthorization.Type to Certificate Ma…

…nager

PiperOrigin-RevId: 616824423

google/cloud/certificatemanager/v1/BUILD.bazel

@@ -9,20 +9,24 @@
 #    * extra_protoc_file_parameters
 # The complete list of preserved parameters can be found in the source code.
 
+# buildifier: disable=load-on-top
+
 # This is an API workspace, having public visibility by default makes perfect sense.
 package(default_visibility = ["//visibility:public"])
 
 ##############################################################################
 # Common
 ##############################################################################
-load("@rules_proto//proto:defs.bzl", "proto_library")
+# buildifier: disable=same-origin-load
 load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info")
+load("@rules_proto//proto:defs.bzl", "proto_library")
 
 proto_library(
     name = "certificatemanager_proto",
     srcs = [
         "certificate_issuance_config.proto",
         "certificate_manager.proto",
+        "trust_config.proto",
     ],
     deps = [
         "//google/api:annotations_proto",
@@ -49,6 +53,7 @@ proto_library_with_info(
 ##############################################################################
 # Java
 ##############################################################################
+# buildifier: disable=same-origin-load
 load(
     "@com_google_googleapis_imports//:imports.bzl",
     "java_gapic_assembly_gradle_pkg",
@@ -113,6 +118,7 @@ java_gapic_assembly_gradle_pkg(
 ##############################################################################
 # Go
 ##############################################################################
+# buildifier: disable=same-origin-load
 load(
     "@com_google_googleapis_imports//:imports.bzl",
     "go_gapic_assembly_pkg",
@@ -166,6 +172,7 @@ go_gapic_assembly_pkg(
 ##############################################################################
 # Python
 ##############################################################################
+# buildifier: disable=same-origin-load
 load(
     "@com_google_googleapis_imports//:imports.bzl",
     "py_gapic_assembly_pkg",
@@ -210,6 +217,7 @@ py_gapic_assembly_pkg(
 ##############################################################################
 # PHP
 ##############################################################################
+# buildifier: disable=same-origin-load
 load(
     "@com_google_googleapis_imports//:imports.bzl",
     "php_gapic_assembly_pkg",
@@ -230,7 +238,9 @@ php_gapic_library(
     rest_numeric_enums = True,
     service_yaml = "certificatemanager_v1.yaml",
     transport = "grpc+rest",
-    deps = [":certificatemanager_php_proto"],
+    deps = [
+        ":certificatemanager_php_proto",
+    ],
 )
 
 # Open Source Packages
@@ -245,6 +255,7 @@ php_gapic_assembly_pkg(
 ##############################################################################
 # Node.js
 ##############################################################################
+# buildifier: disable=same-origin-load
 load(
     "@com_google_googleapis_imports//:imports.bzl",
     "nodejs_gapic_assembly_pkg",
@@ -275,6 +286,7 @@ nodejs_gapic_assembly_pkg(
 ##############################################################################
 # Ruby
 ##############################################################################
+# buildifier: disable=same-origin-load
 load(
     "@com_google_googleapis_imports//:imports.bzl",
     "ruby_cloud_gapic_library",
@@ -328,6 +340,7 @@ ruby_gapic_assembly_pkg(
 ##############################################################################
 # C#
 ##############################################################################
+# buildifier: disable=same-origin-load
 load(
     "@com_google_googleapis_imports//:imports.bzl",
     "csharp_gapic_assembly_pkg",
@@ -374,6 +387,7 @@ csharp_gapic_assembly_pkg(
 ##############################################################################
 # C++
 ##############################################################################
+# buildifier: disable=same-origin-load
 load(
     "@com_google_googleapis_imports//:imports.bzl",
     "cc_grpc_library",

google/cloud/certificatemanager/v1/certificate_issuance_config.proto

@@ -1,4 +1,4 @@
-// Copyright 2022 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -58,7 +58,7 @@ message ListCertificateIssuanceConfigsRequest {
 
   // A list of Certificate Config field names used to specify the order of the
   // returned results. The default sorting order is ascending. To specify
-  // descending order for a field, add a suffix " desc".
+  // descending order for a field, add a suffix `" desc"`.
   string order_by = 5;
 }
 

google/cloud/certificatemanager/v1/certificate_manager.proto

@@ -1,4 +1,4 @@
-// Copyright 2022 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ import "google/api/client.proto";
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/cloud/certificatemanager/v1/certificate_issuance_config.proto";
+import "google/cloud/certificatemanager/v1/trust_config.proto";
 import "google/longrunning/operations.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/field_mask.proto";
@@ -349,6 +350,65 @@ service CertificateManager {
       metadata_type: "OperationMetadata"
     };
   }
+
+  // Lists TrustConfigs in a given project and location.
+  rpc ListTrustConfigs(ListTrustConfigsRequest)
+      returns (ListTrustConfigsResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*/locations/*}/trustConfigs"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Gets details of a single TrustConfig.
+  rpc GetTrustConfig(GetTrustConfigRequest) returns (TrustConfig) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/locations/*/trustConfigs/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Creates a new TrustConfig in a given project and location.
+  rpc CreateTrustConfig(CreateTrustConfigRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=projects/*/locations/*}/trustConfigs"
+      body: "trust_config"
+    };
+    option (google.api.method_signature) =
+        "parent,trust_config,trust_config_id";
+    option (google.longrunning.operation_info) = {
+      response_type: "TrustConfig"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Updates a TrustConfig.
+  rpc UpdateTrustConfig(UpdateTrustConfigRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      patch: "/v1/{trust_config.name=projects/*/locations/*/trustConfigs/*}"
+      body: "trust_config"
+    };
+    option (google.api.method_signature) = "trust_config,update_mask";
+    option (google.longrunning.operation_info) = {
+      response_type: "TrustConfig"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Deletes a single TrustConfig.
+  rpc DeleteTrustConfig(DeleteTrustConfigRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/{name=projects/*/locations/*/trustConfigs/*}"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "google.protobuf.Empty"
+      metadata_type: "OperationMetadata"
+    };
+  }
 }
 
 // Request for the `ListCertificates` method.
@@ -375,7 +435,7 @@ message ListCertificatesRequest {
 
   // A list of Certificate field names used to specify the order of the returned
   // results. The default sorting order is ascending. To specify descending
-  // order for a field, add a suffix " desc".
+  // order for a field, add a suffix `" desc"`.
   string order_by = 5;
 }
 
@@ -471,7 +531,7 @@ message ListCertificateMapsRequest {
 
   // A list of Certificate Map field names used to specify the order of the
   // returned results. The default sorting order is ascending. To specify
-  // descending order for a field, add a suffix " desc".
+  // descending order for a field, add a suffix `" desc"`.
   string order_by = 5;
 }
 
@@ -572,7 +632,7 @@ message ListCertificateMapEntriesRequest {
 
   // A list of Certificate Map Entry field names used to specify
   // the order of the returned results. The default sorting order is ascending.
-  // To specify descending order for a field, add a suffix " desc".
+  // To specify descending order for a field, add a suffix `" desc"`.
   string order_by = 5;
 }
 
@@ -670,7 +730,7 @@ message ListDnsAuthorizationsRequest {
 
   // A list of Dns Authorization field names used to specify the order of the
   // returned results. The default sorting order is ascending. To specify
-  // descending order for a field, add a suffix " desc".
+  // descending order for a field, add a suffix `" desc"`.
   string order_by = 5;
 }
 
@@ -851,8 +911,8 @@ message Certificate {
         // State is unspecified.
         STATE_UNSPECIFIED = 0;
 
-        // Certificate provisioning for this domain is under way. GCP will
-        // attempt to authorize the domain.
+        // Certificate provisioning for this domain is under way. Google Cloud
+        // will attempt to authorize the domain.
         AUTHORIZING = 1;
 
         // A managed certificate can be provisioned, no issues for this domain.
@@ -948,8 +1008,13 @@ message Certificate {
     DEFAULT = 0;
 
     // Certificates with scope EDGE_CACHE are special-purposed certificates,
-    // served from non-core Google data centers.
+    // served from Edge Points of Presence.
+    // See https://cloud.google.com/vpc/docs/edge-locations.
     EDGE_CACHE = 1;
+
+    // Certificates with ALL_REGIONS scope are served from all Google Cloud
+    // regions. See https://cloud.google.com/compute/docs/regions-zones.
+    ALL_REGIONS = 2;
   }
 
   // A user-defined name of the certificate. Certificate names must be unique
@@ -1140,6 +1205,20 @@ message DnsAuthorization {
     string data = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
   }
 
+  // DnsAuthorization type.
+  enum Type {
+    // Type is unspecified.
+    TYPE_UNSPECIFIED = 0;
+
+    // FIXED_RECORD DNS authorization uses DNS-01 validation method.
+    FIXED_RECORD = 1;
+
+    // PER_PROJECT_RECORD DNS authorization allows for independent management
+    // of Google-managed certificates with DNS authorization across multiple
+    // projects.
+    PER_PROJECT_RECORD = 2;
+  }
+
   // A user-defined name of the dns authorization. DnsAuthorization names must
   // be unique globally and match pattern
   // `projects/*/locations/*/dnsAuthorizations/*`.
@@ -1172,6 +1251,11 @@ message DnsAuthorization {
   // configuration.
   DnsResourceRecord dns_resource_record = 10
       [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Immutable. Type of DnsAuthorization. If unset during resource creation the
+  // following default will be used:
+  // - in location global: FIXED_RECORD.
+  Type type = 11 [(google.api.field_behavior) = IMMUTABLE];
 }
 
 // Defines set of serving states associated with a resource.

google/cloud/certificatemanager/v1/certificatemanager_v1.yaml

@@ -19,19 +19,6 @@ documentation:
   - selector: google.cloud.location.Locations.ListLocations
     description: Lists information about the supported locations for this service.
 
-backend:
-  rules:
-  - selector: 'google.cloud.certificatemanager.v1.CertificateManager.*'
-    deadline: 60.0
-  - selector: google.cloud.location.Locations.GetLocation
-    deadline: 60.0
-  - selector: google.cloud.location.Locations.ListLocations
-    deadline: 60.0
-  - selector: 'google.longrunning.Operations.*'
-    deadline: 60.0
-  - selector: google.longrunning.Operations.GetOperation
-    deadline: 5.0
-
 http:
   rules:
   - selector: google.cloud.location.Locations.GetLocation