diff --git a/google/cloud/certificatemanager/v1/BUILD.bazel b/google/cloud/certificatemanager/v1/BUILD.bazel index 2b6c8f6cd05a3..2e6e38fae2298 100644 --- a/google/cloud/certificatemanager/v1/BUILD.bazel +++ b/google/cloud/certificatemanager/v1/BUILD.bazel @@ -9,20 +9,24 @@ # * extra_protoc_file_parameters # The complete list of preserved parameters can be found in the source code. +# buildifier: disable=load-on-top + # This is an API workspace, having public visibility by default makes perfect sense. package(default_visibility = ["//visibility:public"]) ############################################################################## # Common ############################################################################## -load("@rules_proto//proto:defs.bzl", "proto_library") +# buildifier: disable=same-origin-load load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") +load("@rules_proto//proto:defs.bzl", "proto_library") proto_library( name = "certificatemanager_proto", srcs = [ "certificate_issuance_config.proto", "certificate_manager.proto", + "trust_config.proto", ], deps = [ "//google/api:annotations_proto", @@ -49,6 +53,7 @@ proto_library_with_info( ############################################################################## # Java ############################################################################## +# buildifier: disable=same-origin-load load( "@com_google_googleapis_imports//:imports.bzl", "java_gapic_assembly_gradle_pkg", @@ -113,6 +118,7 @@ java_gapic_assembly_gradle_pkg( ############################################################################## # Go ############################################################################## +# buildifier: disable=same-origin-load load( "@com_google_googleapis_imports//:imports.bzl", "go_gapic_assembly_pkg", @@ -166,6 +172,7 @@ go_gapic_assembly_pkg( ############################################################################## # Python ############################################################################## +# buildifier: disable=same-origin-load load( "@com_google_googleapis_imports//:imports.bzl", "py_gapic_assembly_pkg", @@ -210,6 +217,7 @@ py_gapic_assembly_pkg( ############################################################################## # PHP ############################################################################## +# buildifier: disable=same-origin-load load( "@com_google_googleapis_imports//:imports.bzl", "php_gapic_assembly_pkg", @@ -230,7 +238,9 @@ php_gapic_library( rest_numeric_enums = True, service_yaml = "certificatemanager_v1.yaml", transport = "grpc+rest", - deps = [":certificatemanager_php_proto"], + deps = [ + ":certificatemanager_php_proto", + ], ) # Open Source Packages @@ -245,6 +255,7 @@ php_gapic_assembly_pkg( ############################################################################## # Node.js ############################################################################## +# buildifier: disable=same-origin-load load( "@com_google_googleapis_imports//:imports.bzl", "nodejs_gapic_assembly_pkg", @@ -275,6 +286,7 @@ nodejs_gapic_assembly_pkg( ############################################################################## # Ruby ############################################################################## +# buildifier: disable=same-origin-load load( "@com_google_googleapis_imports//:imports.bzl", "ruby_cloud_gapic_library", @@ -328,6 +340,7 @@ ruby_gapic_assembly_pkg( ############################################################################## # C# ############################################################################## +# buildifier: disable=same-origin-load load( "@com_google_googleapis_imports//:imports.bzl", "csharp_gapic_assembly_pkg", @@ -374,6 +387,7 @@ csharp_gapic_assembly_pkg( ############################################################################## # C++ ############################################################################## +# buildifier: disable=same-origin-load load( "@com_google_googleapis_imports//:imports.bzl", "cc_grpc_library", diff --git a/google/cloud/certificatemanager/v1/certificate_issuance_config.proto b/google/cloud/certificatemanager/v1/certificate_issuance_config.proto index 3d20aa0b8f6f4..1ed19852ea7f2 100644 --- a/google/cloud/certificatemanager/v1/certificate_issuance_config.proto +++ b/google/cloud/certificatemanager/v1/certificate_issuance_config.proto @@ -1,4 +1,4 @@ -// Copyright 2022 Google LLC +// Copyright 2023 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -58,7 +58,7 @@ message ListCertificateIssuanceConfigsRequest { // A list of Certificate Config field names used to specify the order of the // returned results. The default sorting order is ascending. To specify - // descending order for a field, add a suffix " desc". + // descending order for a field, add a suffix `" desc"`. string order_by = 5; } diff --git a/google/cloud/certificatemanager/v1/certificate_manager.proto b/google/cloud/certificatemanager/v1/certificate_manager.proto index 6cfbf6ac0c881..78f9244448b2f 100644 --- a/google/cloud/certificatemanager/v1/certificate_manager.proto +++ b/google/cloud/certificatemanager/v1/certificate_manager.proto @@ -1,4 +1,4 @@ -// Copyright 2022 Google LLC +// Copyright 2023 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -21,6 +21,7 @@ import "google/api/client.proto"; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/cloud/certificatemanager/v1/certificate_issuance_config.proto"; +import "google/cloud/certificatemanager/v1/trust_config.proto"; import "google/longrunning/operations.proto"; import "google/protobuf/empty.proto"; import "google/protobuf/field_mask.proto"; @@ -349,6 +350,65 @@ service CertificateManager { metadata_type: "OperationMetadata" }; } + + // Lists TrustConfigs in a given project and location. + rpc ListTrustConfigs(ListTrustConfigsRequest) + returns (ListTrustConfigsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*}/trustConfigs" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets details of a single TrustConfig. + rpc GetTrustConfig(GetTrustConfigRequest) returns (TrustConfig) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/trustConfigs/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Creates a new TrustConfig in a given project and location. + rpc CreateTrustConfig(CreateTrustConfigRequest) + returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*}/trustConfigs" + body: "trust_config" + }; + option (google.api.method_signature) = + "parent,trust_config,trust_config_id"; + option (google.longrunning.operation_info) = { + response_type: "TrustConfig" + metadata_type: "OperationMetadata" + }; + } + + // Updates a TrustConfig. + rpc UpdateTrustConfig(UpdateTrustConfigRequest) + returns (google.longrunning.Operation) { + option (google.api.http) = { + patch: "/v1/{trust_config.name=projects/*/locations/*/trustConfigs/*}" + body: "trust_config" + }; + option (google.api.method_signature) = "trust_config,update_mask"; + option (google.longrunning.operation_info) = { + response_type: "TrustConfig" + metadata_type: "OperationMetadata" + }; + } + + // Deletes a single TrustConfig. + rpc DeleteTrustConfig(DeleteTrustConfigRequest) + returns (google.longrunning.Operation) { + option (google.api.http) = { + delete: "/v1/{name=projects/*/locations/*/trustConfigs/*}" + }; + option (google.api.method_signature) = "name"; + option (google.longrunning.operation_info) = { + response_type: "google.protobuf.Empty" + metadata_type: "OperationMetadata" + }; + } } // Request for the `ListCertificates` method. @@ -375,7 +435,7 @@ message ListCertificatesRequest { // A list of Certificate field names used to specify the order of the returned // results. The default sorting order is ascending. To specify descending - // order for a field, add a suffix " desc". + // order for a field, add a suffix `" desc"`. string order_by = 5; } @@ -471,7 +531,7 @@ message ListCertificateMapsRequest { // A list of Certificate Map field names used to specify the order of the // returned results. The default sorting order is ascending. To specify - // descending order for a field, add a suffix " desc". + // descending order for a field, add a suffix `" desc"`. string order_by = 5; } @@ -572,7 +632,7 @@ message ListCertificateMapEntriesRequest { // A list of Certificate Map Entry field names used to specify // the order of the returned results. The default sorting order is ascending. - // To specify descending order for a field, add a suffix " desc". + // To specify descending order for a field, add a suffix `" desc"`. string order_by = 5; } @@ -670,7 +730,7 @@ message ListDnsAuthorizationsRequest { // A list of Dns Authorization field names used to specify the order of the // returned results. The default sorting order is ascending. To specify - // descending order for a field, add a suffix " desc". + // descending order for a field, add a suffix `" desc"`. string order_by = 5; } @@ -851,8 +911,8 @@ message Certificate { // State is unspecified. STATE_UNSPECIFIED = 0; - // Certificate provisioning for this domain is under way. GCP will - // attempt to authorize the domain. + // Certificate provisioning for this domain is under way. Google Cloud + // will attempt to authorize the domain. AUTHORIZING = 1; // A managed certificate can be provisioned, no issues for this domain. @@ -948,8 +1008,13 @@ message Certificate { DEFAULT = 0; // Certificates with scope EDGE_CACHE are special-purposed certificates, - // served from non-core Google data centers. + // served from Edge Points of Presence. + // See https://cloud.google.com/vpc/docs/edge-locations. EDGE_CACHE = 1; + + // Certificates with ALL_REGIONS scope are served from all Google Cloud + // regions. See https://cloud.google.com/compute/docs/regions-zones. + ALL_REGIONS = 2; } // A user-defined name of the certificate. Certificate names must be unique @@ -1140,6 +1205,20 @@ message DnsAuthorization { string data = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; } + // DnsAuthorization type. + enum Type { + // Type is unspecified. + TYPE_UNSPECIFIED = 0; + + // FIXED_RECORD DNS authorization uses DNS-01 validation method. + FIXED_RECORD = 1; + + // PER_PROJECT_RECORD DNS authorization allows for independent management + // of Google-managed certificates with DNS authorization across multiple + // projects. + PER_PROJECT_RECORD = 2; + } + // A user-defined name of the dns authorization. DnsAuthorization names must // be unique globally and match pattern // `projects/*/locations/*/dnsAuthorizations/*`. @@ -1172,6 +1251,11 @@ message DnsAuthorization { // configuration. DnsResourceRecord dns_resource_record = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Immutable. Type of DnsAuthorization. If unset during resource creation the + // following default will be used: + // - in location global: FIXED_RECORD. + Type type = 11 [(google.api.field_behavior) = IMMUTABLE]; } // Defines set of serving states associated with a resource. diff --git a/google/cloud/certificatemanager/v1/certificatemanager_v1.yaml b/google/cloud/certificatemanager/v1/certificatemanager_v1.yaml index 17731a66f6795..a4df96872b757 100644 --- a/google/cloud/certificatemanager/v1/certificatemanager_v1.yaml +++ b/google/cloud/certificatemanager/v1/certificatemanager_v1.yaml @@ -19,19 +19,6 @@ documentation: - selector: google.cloud.location.Locations.ListLocations description: Lists information about the supported locations for this service. -backend: - rules: - - selector: 'google.cloud.certificatemanager.v1.CertificateManager.*' - deadline: 60.0 - - selector: google.cloud.location.Locations.GetLocation - deadline: 60.0 - - selector: google.cloud.location.Locations.ListLocations - deadline: 60.0 - - selector: 'google.longrunning.Operations.*' - deadline: 60.0 - - selector: google.longrunning.Operations.GetOperation - deadline: 5.0 - http: rules: - selector: google.cloud.location.Locations.GetLocation diff --git a/google/cloud/certificatemanager/v1/trust_config.proto b/google/cloud/certificatemanager/v1/trust_config.proto new file mode 100644 index 0000000000000..185ae2d86e2ca --- /dev/null +++ b/google/cloud/certificatemanager/v1/trust_config.proto @@ -0,0 +1,207 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.certificatemanager.v1; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.CertificateManager.V1"; +option go_package = "cloud.google.com/go/certificatemanager/apiv1/certificatemanagerpb;certificatemanagerpb"; +option java_multiple_files = true; +option java_outer_classname = "TrustConifgProto"; +option java_package = "com.google.cloud.certificatemanager.v1"; +option php_namespace = "Google\\Cloud\\CertificateManager\\V1"; +option ruby_package = "Google::Cloud::CertificateManager::V1"; + +// Request for the `ListTrustConfigs` method. +message ListTrustConfigsRequest { + // Required. The project and location from which the TrustConfigs should be + // listed, specified in the format `projects/*/locations/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Maximum number of TrustConfigs to return per call. + int32 page_size = 2; + + // The value returned by the last `ListTrustConfigsResponse`. Indicates + // that this is a continuation of a prior `ListTrustConfigs` call, and that + // the system should return the next page of data. + string page_token = 3; + + // Filter expression to restrict the TrustConfigs returned. + string filter = 4; + + // A list of TrustConfig field names used to specify the order of the + // returned results. The default sorting order is ascending. To specify + // descending order for a field, add a suffix `" desc"`. + string order_by = 5; +} + +// Response for the `ListTrustConfigs` method. +message ListTrustConfigsResponse { + // A list of TrustConfigs for the parent resource. + repeated TrustConfig trust_configs = 1; + + // If there might be more results than those appearing in this response, then + // `next_page_token` is included. To get the next set of results, call this + // method again using the value of `next_page_token` as `page_token`. + string next_page_token = 2; + + // Locations that could not be reached. + repeated string unreachable = 3; +} + +// Request for the `GetTrustConfig` method. +message GetTrustConfigRequest { + // Required. A name of the TrustConfig to describe. Must be in the format + // `projects/*/locations/*/trustConfigs/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "certificatemanager.googleapis.com/TrustConfig" + } + ]; +} + +// Request for the `CreateTrustConfig` method. +message CreateTrustConfigRequest { + // Required. The parent resource of the TrustConfig. Must be in the format + // `projects/*/locations/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Required. A user-provided name of the TrustConfig. Must match the regexp + // `[a-z0-9-]{1,63}`. + string trust_config_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. A definition of the TrustConfig to create. + TrustConfig trust_config = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request for the `UpdateTrustConfig` method. +message UpdateTrustConfigRequest { + // Required. A definition of the TrustConfig to update. + TrustConfig trust_config = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The update mask applies to the resource. For the `FieldMask` + // definition, see + // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. + google.protobuf.FieldMask update_mask = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request for the `DeleteTrustConfig` method. +message DeleteTrustConfigRequest { + // Required. A name of the TrustConfig to delete. Must be in the format + // `projects/*/locations/*/trustConfigs/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "certificatemanager.googleapis.com/TrustConfig" + } + ]; + + // The current etag of the TrustConfig. + // If an etag is provided and does not match the current etag of the resource, + // deletion will be blocked and an ABORTED error will be returned. + string etag = 2; +} + +// Defines a trust config. +message TrustConfig { + option (google.api.resource) = { + type: "certificatemanager.googleapis.com/TrustConfig" + pattern: "projects/{project}/locations/{location}/trustConfigs/{trust_config}" + }; + + // Defines a trust anchor. + message TrustAnchor { + oneof kind { + // PEM root certificate of the PKI used for validation. + // + // Each certificate provided in PEM format may occupy up to 5kB. + string pem_certificate = 1; + } + } + + // Defines an intermediate CA. + message IntermediateCA { + oneof kind { + // PEM intermediate certificate used for building up paths + // for validation. + // + // Each certificate provided in PEM format may occupy up to 5kB. + string pem_certificate = 1; + } + } + + // Defines a trust store. + message TrustStore { + // List of Trust Anchors to be used while performing validation + // against a given TrustStore. + repeated TrustAnchor trust_anchors = 1; + + // Set of intermediate CA certificates used for the path building + // phase of chain validation. + // + // The field is currently not supported if TrustConfig is used for the + // workload certificate feature. + repeated IntermediateCA intermediate_cas = 2; + } + + // A user-defined name of the trust config. TrustConfig names must be + // unique globally and match pattern + // `projects/*/locations/*/trustConfigs/*`. + string name = 1; + + // Output only. The creation timestamp of a TrustConfig. + google.protobuf.Timestamp create_time = 2 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The last update timestamp of a TrustConfig. + google.protobuf.Timestamp update_time = 3 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Set of labels associated with a TrustConfig. + map labels = 4; + + // One or more paragraphs of text description of a TrustConfig. + string description = 5; + + // This checksum is computed by the server based on the value of other + // fields, and may be sent on update and delete requests to ensure the + // client has an up-to-date value before proceeding. + string etag = 6; + + // Set of trust stores to perform validation against. + // + // This field is supported when TrustConfig is configured with Load Balancers, + // currently not supported for SPIFFE certificate validation. + // + // Only one TrustStore specified is currently allowed. + repeated TrustStore trust_stores = 8; +}