Constants
CertificateAuthorityService_CreateCertificate_FullMethodName, CertificateAuthorityService_GetCertificate_FullMethodName, CertificateAuthorityService_ListCertificates_FullMethodName, CertificateAuthorityService_RevokeCertificate_FullMethodName, CertificateAuthorityService_UpdateCertificate_FullMethodName, CertificateAuthorityService_ActivateCertificateAuthority_FullMethodName, CertificateAuthorityService_CreateCertificateAuthority_FullMethodName, CertificateAuthorityService_DisableCertificateAuthority_FullMethodName, CertificateAuthorityService_EnableCertificateAuthority_FullMethodName, CertificateAuthorityService_FetchCertificateAuthorityCsr_FullMethodName, CertificateAuthorityService_GetCertificateAuthority_FullMethodName, CertificateAuthorityService_ListCertificateAuthorities_FullMethodName, CertificateAuthorityService_UndeleteCertificateAuthority_FullMethodName, CertificateAuthorityService_DeleteCertificateAuthority_FullMethodName, CertificateAuthorityService_UpdateCertificateAuthority_FullMethodName, CertificateAuthorityService_CreateCaPool_FullMethodName, CertificateAuthorityService_UpdateCaPool_FullMethodName, CertificateAuthorityService_GetCaPool_FullMethodName, CertificateAuthorityService_ListCaPools_FullMethodName, CertificateAuthorityService_DeleteCaPool_FullMethodName, CertificateAuthorityService_FetchCaCerts_FullMethodName, CertificateAuthorityService_GetCertificateRevocationList_FullMethodName, CertificateAuthorityService_ListCertificateRevocationLists_FullMethodName, CertificateAuthorityService_UpdateCertificateRevocationList_FullMethodName, CertificateAuthorityService_CreateCertificateTemplate_FullMethodName, CertificateAuthorityService_DeleteCertificateTemplate_FullMethodName, CertificateAuthorityService_GetCertificateTemplate_FullMethodName, CertificateAuthorityService_ListCertificateTemplates_FullMethodName, CertificateAuthorityService_UpdateCertificateTemplate_FullMethodName
const (
CertificateAuthorityService_CreateCertificate_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCertificate"
CertificateAuthorityService_GetCertificate_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificate"
CertificateAuthorityService_ListCertificates_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificates"
CertificateAuthorityService_RevokeCertificate_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/RevokeCertificate"
CertificateAuthorityService_UpdateCertificate_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificate"
CertificateAuthorityService_ActivateCertificateAuthority_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/ActivateCertificateAuthority"
CertificateAuthorityService_CreateCertificateAuthority_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCertificateAuthority"
CertificateAuthorityService_DisableCertificateAuthority_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/DisableCertificateAuthority"
CertificateAuthorityService_EnableCertificateAuthority_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/EnableCertificateAuthority"
CertificateAuthorityService_FetchCertificateAuthorityCsr_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/FetchCertificateAuthorityCsr"
CertificateAuthorityService_GetCertificateAuthority_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificateAuthority"
CertificateAuthorityService_ListCertificateAuthorities_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificateAuthorities"
CertificateAuthorityService_UndeleteCertificateAuthority_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/UndeleteCertificateAuthority"
CertificateAuthorityService_DeleteCertificateAuthority_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/DeleteCertificateAuthority"
CertificateAuthorityService_UpdateCertificateAuthority_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificateAuthority"
CertificateAuthorityService_CreateCaPool_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCaPool"
CertificateAuthorityService_UpdateCaPool_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCaPool"
CertificateAuthorityService_GetCaPool_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/GetCaPool"
CertificateAuthorityService_ListCaPools_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/ListCaPools"
CertificateAuthorityService_DeleteCaPool_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/DeleteCaPool"
CertificateAuthorityService_FetchCaCerts_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/FetchCaCerts"
CertificateAuthorityService_GetCertificateRevocationList_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificateRevocationList"
CertificateAuthorityService_ListCertificateRevocationLists_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificateRevocationLists"
CertificateAuthorityService_UpdateCertificateRevocationList_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificateRevocationList"
CertificateAuthorityService_CreateCertificateTemplate_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCertificateTemplate"
CertificateAuthorityService_DeleteCertificateTemplate_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/DeleteCertificateTemplate"
CertificateAuthorityService_GetCertificateTemplate_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificateTemplate"
CertificateAuthorityService_ListCertificateTemplates_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificateTemplates"
CertificateAuthorityService_UpdateCertificateTemplate_FullMethodName = "/google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificateTemplate"
)Variables
AttributeType_name, AttributeType_value
var (
AttributeType_name = map[int32]string{
0: "ATTRIBUTE_TYPE_UNSPECIFIED",
1: "COMMON_NAME",
2: "COUNTRY_CODE",
3: "ORGANIZATION",
4: "ORGANIZATIONAL_UNIT",
5: "LOCALITY",
6: "PROVINCE",
7: "STREET_ADDRESS",
8: "POSTAL_CODE",
}
AttributeType_value = map[string]int32{
"ATTRIBUTE_TYPE_UNSPECIFIED": 0,
"COMMON_NAME": 1,
"COUNTRY_CODE": 2,
"ORGANIZATION": 3,
"ORGANIZATIONAL_UNIT": 4,
"LOCALITY": 5,
"PROVINCE": 6,
"STREET_ADDRESS": 7,
"POSTAL_CODE": 8,
}
)Enum value maps for AttributeType.
RevocationReason_name, RevocationReason_value
var (
RevocationReason_name = map[int32]string{
0: "REVOCATION_REASON_UNSPECIFIED",
1: "KEY_COMPROMISE",
2: "CERTIFICATE_AUTHORITY_COMPROMISE",
3: "AFFILIATION_CHANGED",
4: "SUPERSEDED",
5: "CESSATION_OF_OPERATION",
6: "CERTIFICATE_HOLD",
7: "PRIVILEGE_WITHDRAWN",
8: "ATTRIBUTE_AUTHORITY_COMPROMISE",
}
RevocationReason_value = map[string]int32{
"REVOCATION_REASON_UNSPECIFIED": 0,
"KEY_COMPROMISE": 1,
"CERTIFICATE_AUTHORITY_COMPROMISE": 2,
"AFFILIATION_CHANGED": 3,
"SUPERSEDED": 4,
"CESSATION_OF_OPERATION": 5,
"CERTIFICATE_HOLD": 6,
"PRIVILEGE_WITHDRAWN": 7,
"ATTRIBUTE_AUTHORITY_COMPROMISE": 8,
}
)Enum value maps for RevocationReason.
SubjectRequestMode_name, SubjectRequestMode_value
var (
SubjectRequestMode_name = map[int32]string{
0: "SUBJECT_REQUEST_MODE_UNSPECIFIED",
1: "DEFAULT",
3: "RDN_SEQUENCE",
2: "REFLECTED_SPIFFE",
}
SubjectRequestMode_value = map[string]int32{
"SUBJECT_REQUEST_MODE_UNSPECIFIED": 0,
"DEFAULT": 1,
"RDN_SEQUENCE": 3,
"REFLECTED_SPIFFE": 2,
}
)Enum value maps for SubjectRequestMode.
CertificateAuthority_Type_name, CertificateAuthority_Type_value
var (
CertificateAuthority_Type_name = map[int32]string{
0: "TYPE_UNSPECIFIED",
1: "SELF_SIGNED",
2: "SUBORDINATE",
}
CertificateAuthority_Type_value = map[string]int32{
"TYPE_UNSPECIFIED": 0,
"SELF_SIGNED": 1,
"SUBORDINATE": 2,
}
)Enum value maps for CertificateAuthority_Type.
CertificateAuthority_State_name, CertificateAuthority_State_value
var (
CertificateAuthority_State_name = map[int32]string{
0: "STATE_UNSPECIFIED",
1: "ENABLED",
2: "DISABLED",
3: "STAGED",
4: "AWAITING_USER_ACTIVATION",
5: "DELETED",
}
CertificateAuthority_State_value = map[string]int32{
"STATE_UNSPECIFIED": 0,
"ENABLED": 1,
"DISABLED": 2,
"STAGED": 3,
"AWAITING_USER_ACTIVATION": 4,
"DELETED": 5,
}
)Enum value maps for CertificateAuthority_State.
CertificateAuthority_SignHashAlgorithm_name, CertificateAuthority_SignHashAlgorithm_value
var (
CertificateAuthority_SignHashAlgorithm_name = map[int32]string{
0: "SIGN_HASH_ALGORITHM_UNSPECIFIED",
1: "RSA_PSS_2048_SHA256",
2: "RSA_PSS_3072_SHA256",
3: "RSA_PSS_4096_SHA256",
6: "RSA_PKCS1_2048_SHA256",
7: "RSA_PKCS1_3072_SHA256",
8: "RSA_PKCS1_4096_SHA256",
4: "EC_P256_SHA256",
5: "EC_P384_SHA384",
}
CertificateAuthority_SignHashAlgorithm_value = map[string]int32{
"SIGN_HASH_ALGORITHM_UNSPECIFIED": 0,
"RSA_PSS_2048_SHA256": 1,
"RSA_PSS_3072_SHA256": 2,
"RSA_PSS_4096_SHA256": 3,
"RSA_PKCS1_2048_SHA256": 6,
"RSA_PKCS1_3072_SHA256": 7,
"RSA_PKCS1_4096_SHA256": 8,
"EC_P256_SHA256": 4,
"EC_P384_SHA384": 5,
}
)Enum value maps for CertificateAuthority_SignHashAlgorithm.
CaPool_Tier_name, CaPool_Tier_value
var (
CaPool_Tier_name = map[int32]string{
0: "TIER_UNSPECIFIED",
1: "ENTERPRISE",
2: "DEVOPS",
}
CaPool_Tier_value = map[string]int32{
"TIER_UNSPECIFIED": 0,
"ENTERPRISE": 1,
"DEVOPS": 2,
}
)Enum value maps for CaPool_Tier.
CaPool_PublishingOptions_EncodingFormat_name, CaPool_PublishingOptions_EncodingFormat_value
var (
CaPool_PublishingOptions_EncodingFormat_name = map[int32]string{
0: "ENCODING_FORMAT_UNSPECIFIED",
1: "PEM",
2: "DER",
}
CaPool_PublishingOptions_EncodingFormat_value = map[string]int32{
"ENCODING_FORMAT_UNSPECIFIED": 0,
"PEM": 1,
"DER": 2,
}
)Enum value maps for CaPool_PublishingOptions_EncodingFormat.
CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_name, CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_value
var (
CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_name = map[int32]string{
0: "EC_SIGNATURE_ALGORITHM_UNSPECIFIED",
1: "ECDSA_P256",
2: "ECDSA_P384",
3: "EDDSA_25519",
}
CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_value = map[string]int32{
"EC_SIGNATURE_ALGORITHM_UNSPECIFIED": 0,
"ECDSA_P256": 1,
"ECDSA_P384": 2,
"EDDSA_25519": 3,
}
)Enum value maps for CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm.
CertificateRevocationList_State_name, CertificateRevocationList_State_value
var (
CertificateRevocationList_State_name = map[int32]string{
0: "STATE_UNSPECIFIED",
1: "ACTIVE",
2: "SUPERSEDED",
}
CertificateRevocationList_State_value = map[string]int32{
"STATE_UNSPECIFIED": 0,
"ACTIVE": 1,
"SUPERSEDED": 2,
}
)Enum value maps for CertificateRevocationList_State.
PublicKey_KeyFormat_name, PublicKey_KeyFormat_value
var (
PublicKey_KeyFormat_name = map[int32]string{
0: "KEY_FORMAT_UNSPECIFIED",
1: "PEM",
}
PublicKey_KeyFormat_value = map[string]int32{
"KEY_FORMAT_UNSPECIFIED": 0,
"PEM": 1,
}
)Enum value maps for PublicKey_KeyFormat.
CertificateExtensionConstraints_KnownCertificateExtension_name, CertificateExtensionConstraints_KnownCertificateExtension_value
var (
CertificateExtensionConstraints_KnownCertificateExtension_name = map[int32]string{
0: "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED",
1: "BASE_KEY_USAGE",
2: "EXTENDED_KEY_USAGE",
3: "CA_OPTIONS",
4: "POLICY_IDS",
5: "AIA_OCSP_SERVERS",
6: "NAME_CONSTRAINTS",
}
CertificateExtensionConstraints_KnownCertificateExtension_value = map[string]int32{
"KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED": 0,
"BASE_KEY_USAGE": 1,
"EXTENDED_KEY_USAGE": 2,
"CA_OPTIONS": 3,
"POLICY_IDS": 4,
"AIA_OCSP_SERVERS": 5,
"NAME_CONSTRAINTS": 6,
}
)Enum value maps for CertificateExtensionConstraints_KnownCertificateExtension.
CertificateAuthorityService_ServiceDesc
var CertificateAuthorityService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "google.cloud.security.privateca.v1.CertificateAuthorityService",
HandlerType: (*CertificateAuthorityServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "CreateCertificate",
Handler: _CertificateAuthorityService_CreateCertificate_Handler,
},
{
MethodName: "GetCertificate",
Handler: _CertificateAuthorityService_GetCertificate_Handler,
},
{
MethodName: "ListCertificates",
Handler: _CertificateAuthorityService_ListCertificates_Handler,
},
{
MethodName: "RevokeCertificate",
Handler: _CertificateAuthorityService_RevokeCertificate_Handler,
},
{
MethodName: "UpdateCertificate",
Handler: _CertificateAuthorityService_UpdateCertificate_Handler,
},
{
MethodName: "ActivateCertificateAuthority",
Handler: _CertificateAuthorityService_ActivateCertificateAuthority_Handler,
},
{
MethodName: "CreateCertificateAuthority",
Handler: _CertificateAuthorityService_CreateCertificateAuthority_Handler,
},
{
MethodName: "DisableCertificateAuthority",
Handler: _CertificateAuthorityService_DisableCertificateAuthority_Handler,
},
{
MethodName: "EnableCertificateAuthority",
Handler: _CertificateAuthorityService_EnableCertificateAuthority_Handler,
},
{
MethodName: "FetchCertificateAuthorityCsr",
Handler: _CertificateAuthorityService_FetchCertificateAuthorityCsr_Handler,
},
{
MethodName: "GetCertificateAuthority",
Handler: _CertificateAuthorityService_GetCertificateAuthority_Handler,
},
{
MethodName: "ListCertificateAuthorities",
Handler: _CertificateAuthorityService_ListCertificateAuthorities_Handler,
},
{
MethodName: "UndeleteCertificateAuthority",
Handler: _CertificateAuthorityService_UndeleteCertificateAuthority_Handler,
},
{
MethodName: "DeleteCertificateAuthority",
Handler: _CertificateAuthorityService_DeleteCertificateAuthority_Handler,
},
{
MethodName: "UpdateCertificateAuthority",
Handler: _CertificateAuthorityService_UpdateCertificateAuthority_Handler,
},
{
MethodName: "CreateCaPool",
Handler: _CertificateAuthorityService_CreateCaPool_Handler,
},
{
MethodName: "UpdateCaPool",
Handler: _CertificateAuthorityService_UpdateCaPool_Handler,
},
{
MethodName: "GetCaPool",
Handler: _CertificateAuthorityService_GetCaPool_Handler,
},
{
MethodName: "ListCaPools",
Handler: _CertificateAuthorityService_ListCaPools_Handler,
},
{
MethodName: "DeleteCaPool",
Handler: _CertificateAuthorityService_DeleteCaPool_Handler,
},
{
MethodName: "FetchCaCerts",
Handler: _CertificateAuthorityService_FetchCaCerts_Handler,
},
{
MethodName: "GetCertificateRevocationList",
Handler: _CertificateAuthorityService_GetCertificateRevocationList_Handler,
},
{
MethodName: "ListCertificateRevocationLists",
Handler: _CertificateAuthorityService_ListCertificateRevocationLists_Handler,
},
{
MethodName: "UpdateCertificateRevocationList",
Handler: _CertificateAuthorityService_UpdateCertificateRevocationList_Handler,
},
{
MethodName: "CreateCertificateTemplate",
Handler: _CertificateAuthorityService_CreateCertificateTemplate_Handler,
},
{
MethodName: "DeleteCertificateTemplate",
Handler: _CertificateAuthorityService_DeleteCertificateTemplate_Handler,
},
{
MethodName: "GetCertificateTemplate",
Handler: _CertificateAuthorityService_GetCertificateTemplate_Handler,
},
{
MethodName: "ListCertificateTemplates",
Handler: _CertificateAuthorityService_ListCertificateTemplates_Handler,
},
{
MethodName: "UpdateCertificateTemplate",
Handler: _CertificateAuthorityService_UpdateCertificateTemplate_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "google/cloud/security/privateca/v1/service.proto",
}CertificateAuthorityService_ServiceDesc is the grpc.ServiceDesc for CertificateAuthorityService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
File_google_cloud_security_privateca_v1_resources_proto
var File_google_cloud_security_privateca_v1_resources_proto protoreflect.FileDescriptorFile_google_cloud_security_privateca_v1_service_proto
var File_google_cloud_security_privateca_v1_service_proto protoreflect.FileDescriptorFunctions
func RegisterCertificateAuthorityServiceServer
func RegisterCertificateAuthorityServiceServer(s grpc.ServiceRegistrar, srv CertificateAuthorityServiceServer)ActivateCertificateAuthorityRequest
type ActivateCertificateAuthorityRequest struct {
// Required. The resource name for this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. The signed CA certificate issued from
// [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
PemCaCertificate string `protobuf:"bytes,2,opt,name=pem_ca_certificate,json=pemCaCertificate,proto3" json:"pem_ca_certificate,omitempty"`
// Required. Must include information about the issuer of
// 'pem_ca_certificate', and any further issuers until the self-signed CA.
SubordinateConfig *SubordinateConfig `protobuf:"bytes,3,opt,name=subordinate_config,json=subordinateConfig,proto3" json:"subordinate_config,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
func (*ActivateCertificateAuthorityRequest) Descriptor
func (*ActivateCertificateAuthorityRequest) Descriptor() ([]byte, []int)Deprecated: Use ActivateCertificateAuthorityRequest.ProtoReflect.Descriptor instead.
func (*ActivateCertificateAuthorityRequest) GetName
func (x *ActivateCertificateAuthorityRequest) GetName() stringfunc (*ActivateCertificateAuthorityRequest) GetPemCaCertificate
func (x *ActivateCertificateAuthorityRequest) GetPemCaCertificate() stringfunc (*ActivateCertificateAuthorityRequest) GetRequestId
func (x *ActivateCertificateAuthorityRequest) GetRequestId() stringfunc (*ActivateCertificateAuthorityRequest) GetSubordinateConfig
func (x *ActivateCertificateAuthorityRequest) GetSubordinateConfig() *SubordinateConfigfunc (*ActivateCertificateAuthorityRequest) ProtoMessage
func (*ActivateCertificateAuthorityRequest) ProtoMessage()func (*ActivateCertificateAuthorityRequest) ProtoReflect
func (x *ActivateCertificateAuthorityRequest) ProtoReflect() protoreflect.Messagefunc (*ActivateCertificateAuthorityRequest) Reset
func (x *ActivateCertificateAuthorityRequest) Reset()func (*ActivateCertificateAuthorityRequest) String
func (x *ActivateCertificateAuthorityRequest) String() stringAttributeType
type AttributeType int32[AttributeType][google.cloud.security.privateca.v1.AttributeType] specifies the type of Attribute in a relative distinguished name.
AttributeType_ATTRIBUTE_TYPE_UNSPECIFIED, AttributeType_COMMON_NAME, AttributeType_COUNTRY_CODE, AttributeType_ORGANIZATION, AttributeType_ORGANIZATIONAL_UNIT, AttributeType_LOCALITY, AttributeType_PROVINCE, AttributeType_STREET_ADDRESS, AttributeType_POSTAL_CODE
const (
// Attribute type is unspecified.
AttributeType_ATTRIBUTE_TYPE_UNSPECIFIED AttributeType = 0
// The "common name" of the subject.
AttributeType_COMMON_NAME AttributeType = 1
// The country code of the subject.
AttributeType_COUNTRY_CODE AttributeType = 2
// The organization of the subject.
AttributeType_ORGANIZATION AttributeType = 3
// The organizational unit of the subject.
AttributeType_ORGANIZATIONAL_UNIT AttributeType = 4
// The locality or city of the subject.
AttributeType_LOCALITY AttributeType = 5
// The province, territory, or regional state of the subject.
AttributeType_PROVINCE AttributeType = 6
// The street address of the subject.
AttributeType_STREET_ADDRESS AttributeType = 7
// The postal code of the subject.
AttributeType_POSTAL_CODE AttributeType = 8
)func (AttributeType) Descriptor
func (AttributeType) Descriptor() protoreflect.EnumDescriptorfunc (AttributeType) Enum
func (x AttributeType) Enum() *AttributeTypefunc (AttributeType) EnumDescriptor
func (AttributeType) EnumDescriptor() ([]byte, []int)Deprecated: Use AttributeType.Descriptor instead.
func (AttributeType) Number
func (x AttributeType) Number() protoreflect.EnumNumberfunc (AttributeType) String
func (x AttributeType) String() stringfunc (AttributeType) Type
func (AttributeType) Type() protoreflect.EnumTypeAttributeTypeAndValue
type AttributeTypeAndValue struct {
// The attribute type for the attribute and value pair.
//
// Types that are assignable to AttributeType:
//
// *AttributeTypeAndValue_Type
// *AttributeTypeAndValue_ObjectId
AttributeType isAttributeTypeAndValue_AttributeType `protobuf_oneof:"attribute_type"`
// The value for the attribute type.
Value string `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
// contains filtered or unexported fields
}[AttributeTypeAndValue][google.cloud.security.privateca.v1.AttributeTypeAndValue] specifies an attribute type and value. It can use either a OID or enum value to specify the attribute type.
func (*AttributeTypeAndValue) Descriptor
func (*AttributeTypeAndValue) Descriptor() ([]byte, []int)Deprecated: Use AttributeTypeAndValue.ProtoReflect.Descriptor instead.
func (*AttributeTypeAndValue) GetAttributeType
func (m *AttributeTypeAndValue) GetAttributeType() isAttributeTypeAndValue_AttributeTypefunc (*AttributeTypeAndValue) GetObjectId
func (x *AttributeTypeAndValue) GetObjectId() *ObjectIdfunc (*AttributeTypeAndValue) GetType
func (x *AttributeTypeAndValue) GetType() AttributeTypefunc (*AttributeTypeAndValue) GetValue
func (x *AttributeTypeAndValue) GetValue() stringfunc (*AttributeTypeAndValue) ProtoMessage
func (*AttributeTypeAndValue) ProtoMessage()func (*AttributeTypeAndValue) ProtoReflect
func (x *AttributeTypeAndValue) ProtoReflect() protoreflect.Messagefunc (*AttributeTypeAndValue) Reset
func (x *AttributeTypeAndValue) Reset()func (*AttributeTypeAndValue) String
func (x *AttributeTypeAndValue) String() stringAttributeTypeAndValue_ObjectId
type AttributeTypeAndValue_ObjectId struct {
// Object ID for an attribute type of an attribute and value pair.
ObjectId *ObjectId `protobuf:"bytes,2,opt,name=object_id,json=objectId,proto3,oneof"`
}AttributeTypeAndValue_Type
type AttributeTypeAndValue_Type struct {
// The attribute type of the attribute and value pair.
Type AttributeType `protobuf:"varint,1,opt,name=type,proto3,enum=google.cloud.security.privateca.v1.AttributeType,oneof"`
}CaPool
type CaPool struct {
// Identifier. The resource name for this
// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
// `projects/*/locations/*/caPools/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. Immutable. The
// [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
// [CaPool][google.cloud.security.privateca.v1.CaPool].
Tier CaPool_Tier `protobuf:"varint,2,opt,name=tier,proto3,enum=google.cloud.security.privateca.v1.CaPool_Tier" json:"tier,omitempty"`
// Optional. The
// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
// to control how
// [Certificates][google.cloud.security.privateca.v1.Certificate] will be
// issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
IssuancePolicy *CaPool_IssuancePolicy `protobuf:"bytes,3,opt,name=issuance_policy,json=issuancePolicy,proto3" json:"issuance_policy,omitempty"`
// Optional. The
// [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions]
// to follow when issuing
// [Certificates][google.cloud.security.privateca.v1.Certificate] from any
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in this [CaPool][google.cloud.security.privateca.v1.CaPool].
PublishingOptions *CaPool_PublishingOptions `protobuf:"bytes,4,opt,name=publishing_options,json=publishingOptions,proto3" json:"publishing_options,omitempty"`
// Optional. Labels with user-defined metadata.
Labels map[string]string `protobuf:"bytes,5,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// contains filtered or unexported fields
}A [CaPool][google.cloud.security.privateca.v1.CaPool] represents a group of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] that form a trust anchor. A [CaPool][google.cloud.security.privateca.v1.CaPool] can be used to manage issuance policies for one or more [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resources and to rotate CA certificates in and out of the trust anchor.
func (*CaPool) Descriptor
Deprecated: Use CaPool.ProtoReflect.Descriptor instead.
func (*CaPool) GetIssuancePolicy
func (x *CaPool) GetIssuancePolicy() *CaPool_IssuancePolicyfunc (*CaPool) GetLabels
func (*CaPool) GetName
func (*CaPool) GetPublishingOptions
func (x *CaPool) GetPublishingOptions() *CaPool_PublishingOptionsfunc (*CaPool) GetTier
func (x *CaPool) GetTier() CaPool_Tierfunc (*CaPool) ProtoMessage
func (*CaPool) ProtoMessage()func (*CaPool) ProtoReflect
func (x *CaPool) ProtoReflect() protoreflect.Messagefunc (*CaPool) Reset
func (x *CaPool) Reset()func (*CaPool) String
CaPool_IssuancePolicy
type CaPool_IssuancePolicy struct {
// Optional. If any
// [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
// is specified, then the certificate request's public key must match one of
// the key types listed here. Otherwise, any key may be used.
AllowedKeyTypes []*CaPool_IssuancePolicy_AllowedKeyType `protobuf:"bytes,1,rep,name=allowed_key_types,json=allowedKeyTypes,proto3" json:"allowed_key_types,omitempty"`
// Optional. The duration to backdate all certificates issued from this
// [CaPool][google.cloud.security.privateca.v1.CaPool]. If not set, the
// certificates will be issued with a not_before_time of the issuance time
// (i.e. the current time). If set, the certificates will be issued with a
// not_before_time of the issuance time minus the backdate_duration. The
// not_after_time will be adjusted to preserve the requested lifetime. The
// backdate_duration must be less than or equal to 48 hours.
BackdateDuration *durationpb.Duration `protobuf:"bytes,7,opt,name=backdate_duration,json=backdateDuration,proto3" json:"backdate_duration,omitempty"`
// Optional. The maximum lifetime allowed for issued
// [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
// if the issuing
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// expires before a
// [Certificate][google.cloud.security.privateca.v1.Certificate] resource's
// requested maximum_lifetime, the effective lifetime will be explicitly
// truncated to match it.
MaximumLifetime *durationpb.Duration `protobuf:"bytes,2,opt,name=maximum_lifetime,json=maximumLifetime,proto3" json:"maximum_lifetime,omitempty"`
// Optional. If specified, then only methods allowed in the
// [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
// may be used to issue
// [Certificates][google.cloud.security.privateca.v1.Certificate].
AllowedIssuanceModes *CaPool_IssuancePolicy_IssuanceModes `protobuf:"bytes,3,opt,name=allowed_issuance_modes,json=allowedIssuanceModes,proto3" json:"allowed_issuance_modes,omitempty"`
// Optional. A set of X.509 values that will be applied to all certificates
// issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
// If a certificate request includes conflicting values for the same
// properties, they will be overwritten by the values defined here. If a
// certificate request uses a
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// that defines conflicting
// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
// for the same properties, the certificate issuance request will fail.
BaselineValues *X509Parameters `protobuf:"bytes,4,opt,name=baseline_values,json=baselineValues,proto3" json:"baseline_values,omitempty"`
// Optional. Describes constraints on identities that may appear in
// [Certificates][google.cloud.security.privateca.v1.Certificate] issued
// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
// is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
// will not add restrictions on a certificate's identity.
IdentityConstraints *CertificateIdentityConstraints `protobuf:"bytes,5,opt,name=identity_constraints,json=identityConstraints,proto3" json:"identity_constraints,omitempty"`
// Optional. Describes the set of X.509 extensions that may appear in a
// [Certificate][google.cloud.security.privateca.v1.Certificate] issued
// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
// certificate request sets extensions that don't appear in the
// [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
// those extensions will be dropped. If a certificate request uses a
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// with
// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
// that don't appear here, the certificate issuance request will fail. If
// this is omitted, then this
// [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
// restrictions on a certificate's X.509 extensions. These constraints do
// not apply to X.509 extensions set in this
// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
PassthroughExtensions *CertificateExtensionConstraints `protobuf:"bytes,6,opt,name=passthrough_extensions,json=passthroughExtensions,proto3" json:"passthrough_extensions,omitempty"`
// contains filtered or unexported fields
}Defines controls over all certificate issuance within a [CaPool][google.cloud.security.privateca.v1.CaPool].
func (*CaPool_IssuancePolicy) Descriptor
func (*CaPool_IssuancePolicy) Descriptor() ([]byte, []int)Deprecated: Use CaPool_IssuancePolicy.ProtoReflect.Descriptor instead.
func (*CaPool_IssuancePolicy) GetAllowedIssuanceModes
func (x *CaPool_IssuancePolicy) GetAllowedIssuanceModes() *CaPool_IssuancePolicy_IssuanceModesfunc (*CaPool_IssuancePolicy) GetAllowedKeyTypes
func (x *CaPool_IssuancePolicy) GetAllowedKeyTypes() []*CaPool_IssuancePolicy_AllowedKeyTypefunc (*CaPool_IssuancePolicy) GetBackdateDuration
func (x *CaPool_IssuancePolicy) GetBackdateDuration() *durationpb.Durationfunc (*CaPool_IssuancePolicy) GetBaselineValues
func (x *CaPool_IssuancePolicy) GetBaselineValues() *X509Parametersfunc (*CaPool_IssuancePolicy) GetIdentityConstraints
func (x *CaPool_IssuancePolicy) GetIdentityConstraints() *CertificateIdentityConstraintsfunc (*CaPool_IssuancePolicy) GetMaximumLifetime
func (x *CaPool_IssuancePolicy) GetMaximumLifetime() *durationpb.Durationfunc (*CaPool_IssuancePolicy) GetPassthroughExtensions
func (x *CaPool_IssuancePolicy) GetPassthroughExtensions() *CertificateExtensionConstraintsfunc (*CaPool_IssuancePolicy) ProtoMessage
func (*CaPool_IssuancePolicy) ProtoMessage()func (*CaPool_IssuancePolicy) ProtoReflect
func (x *CaPool_IssuancePolicy) ProtoReflect() protoreflect.Messagefunc (*CaPool_IssuancePolicy) Reset
func (x *CaPool_IssuancePolicy) Reset()func (*CaPool_IssuancePolicy) String
func (x *CaPool_IssuancePolicy) String() stringCaPool_IssuancePolicy_AllowedKeyType
type CaPool_IssuancePolicy_AllowedKeyType struct {
// Types that are assignable to KeyType:
//
// *CaPool_IssuancePolicy_AllowedKeyType_Rsa
// *CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve
KeyType isCaPool_IssuancePolicy_AllowedKeyType_KeyType `protobuf_oneof:"key_type"`
// contains filtered or unexported fields
}Describes a "type" of key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool]. Note that a single [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] may refer to either a fully-qualified key algorithm, such as RSA 4096, or a family of key algorithms, such as any RSA key.
func (*CaPool_IssuancePolicy_AllowedKeyType) Descriptor
func (*CaPool_IssuancePolicy_AllowedKeyType) Descriptor() ([]byte, []int)Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType.ProtoReflect.Descriptor instead.
func (*CaPool_IssuancePolicy_AllowedKeyType) GetEllipticCurve
func (x *CaPool_IssuancePolicy_AllowedKeyType) GetEllipticCurve() *CaPool_IssuancePolicy_AllowedKeyType_EcKeyTypefunc (*CaPool_IssuancePolicy_AllowedKeyType) GetKeyType
func (m *CaPool_IssuancePolicy_AllowedKeyType) GetKeyType() isCaPool_IssuancePolicy_AllowedKeyType_KeyTypefunc (*CaPool_IssuancePolicy_AllowedKeyType) GetRsa
func (x *CaPool_IssuancePolicy_AllowedKeyType) GetRsa() *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyTypefunc (*CaPool_IssuancePolicy_AllowedKeyType) ProtoMessage
func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoMessage()func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoReflect
func (x *CaPool_IssuancePolicy_AllowedKeyType) ProtoReflect() protoreflect.Messagefunc (*CaPool_IssuancePolicy_AllowedKeyType) Reset
func (x *CaPool_IssuancePolicy_AllowedKeyType) Reset()func (*CaPool_IssuancePolicy_AllowedKeyType) String
func (x *CaPool_IssuancePolicy_AllowedKeyType) String() stringCaPool_IssuancePolicy_AllowedKeyType_EcKeyType
type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType struct {
// Optional. A signature algorithm that must be used. If this is
// omitted, any EC-based signature algorithm will be allowed.
SignatureAlgorithm CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm `protobuf:"varint,1,opt,name=signature_algorithm,json=signatureAlgorithm,proto3,enum=google.cloud.security.privateca.v1.CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm" json:"signature_algorithm,omitempty"`
// contains filtered or unexported fields
}Describes an Elliptic Curve key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Descriptor
func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Descriptor() ([]byte, []int)Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_EcKeyType.ProtoReflect.Descriptor instead.
func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) GetSignatureAlgorithm
func (x *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) GetSignatureAlgorithm() CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithmfunc (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoMessage
func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoMessage()func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoReflect
func (x *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoReflect() protoreflect.Messagefunc (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Reset
func (x *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Reset()func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) String
func (x *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) String() stringCaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm
type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm int32Describes an elliptic curve-based signature algorithm that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EC_SIGNATURE_ALGORITHM_UNSPECIFIED, CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P256, CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P384, CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EDDSA_25519
const (
// Not specified. Signifies that any signature algorithm may be used.
CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EC_SIGNATURE_ALGORITHM_UNSPECIFIED CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 0
// Refers to the Elliptic Curve Digital Signature Algorithm over the
// NIST P-256 curve.
CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P256 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 1
// Refers to the Elliptic Curve Digital Signature Algorithm over the
// NIST P-384 curve.
CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P384 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 2
// Refers to the Edwards-curve Digital Signature Algorithm over curve
// 25519, as described in RFC 8410.
CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EDDSA_25519 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 3
)func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Descriptor
func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Descriptor() protoreflect.EnumDescriptorfunc (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Enum
func (x CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Enum() *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithmfunc (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) EnumDescriptor
func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) EnumDescriptor() ([]byte, []int)Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm.Descriptor instead.
func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Number
func (x CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Number() protoreflect.EnumNumberfunc (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) String
func (x CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) String() stringfunc (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Type
func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Type() protoreflect.EnumTypeCaPool_IssuancePolicy_AllowedKeyType_EllipticCurve
type CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve struct {
// Represents an allowed Elliptic Curve key type.
EllipticCurve *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType `protobuf:"bytes,2,opt,name=elliptic_curve,json=ellipticCurve,proto3,oneof"`
}CaPool_IssuancePolicy_AllowedKeyType_Rsa
type CaPool_IssuancePolicy_AllowedKeyType_Rsa struct {
// Represents an allowed RSA key type.
Rsa *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType `protobuf:"bytes,1,opt,name=rsa,proto3,oneof"`
}CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType
type CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType struct {
// Optional. The minimum allowed RSA modulus size (inclusive), in bits.
// If this is not set, or if set to zero, the service-level min RSA
// modulus size will continue to apply.
MinModulusSize int64 `protobuf:"varint,1,opt,name=min_modulus_size,json=minModulusSize,proto3" json:"min_modulus_size,omitempty"`
// Optional. The maximum allowed RSA modulus size (inclusive), in bits.
// If this is not set, or if set to zero, the service will not enforce
// an explicit upper bound on RSA modulus sizes.
MaxModulusSize int64 `protobuf:"varint,2,opt,name=max_modulus_size,json=maxModulusSize,proto3" json:"max_modulus_size,omitempty"`
// contains filtered or unexported fields
}Describes an RSA key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Descriptor
func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Descriptor() ([]byte, []int)Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType.ProtoReflect.Descriptor instead.
func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMaxModulusSize
func (x *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMaxModulusSize() int64func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMinModulusSize
func (x *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMinModulusSize() int64func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoMessage
func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoMessage()func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoReflect
func (x *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoReflect() protoreflect.Messagefunc (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Reset
func (x *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Reset()func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) String
func (x *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) String() stringCaPool_IssuancePolicy_IssuanceModes
type CaPool_IssuancePolicy_IssuanceModes struct {
// Optional. When true, allows callers to create
// [Certificates][google.cloud.security.privateca.v1.Certificate] by
// specifying a CSR.
AllowCsrBasedIssuance bool `protobuf:"varint,1,opt,name=allow_csr_based_issuance,json=allowCsrBasedIssuance,proto3" json:"allow_csr_based_issuance,omitempty"`
// Optional. When true, allows callers to create
// [Certificates][google.cloud.security.privateca.v1.Certificate] by
// specifying a
// [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
AllowConfigBasedIssuance bool `protobuf:"varint,2,opt,name=allow_config_based_issuance,json=allowConfigBasedIssuance,proto3" json:"allow_config_based_issuance,omitempty"`
// contains filtered or unexported fields
}[IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] specifies the allowed ways in which [Certificates][google.cloud.security.privateca.v1.Certificate] may be requested from this [CaPool][google.cloud.security.privateca.v1.CaPool].
func (*CaPool_IssuancePolicy_IssuanceModes) Descriptor
func (*CaPool_IssuancePolicy_IssuanceModes) Descriptor() ([]byte, []int)Deprecated: Use CaPool_IssuancePolicy_IssuanceModes.ProtoReflect.Descriptor instead.
func (*CaPool_IssuancePolicy_IssuanceModes) GetAllowConfigBasedIssuance
func (x *CaPool_IssuancePolicy_IssuanceModes) GetAllowConfigBasedIssuance() boolfunc (*CaPool_IssuancePolicy_IssuanceModes) GetAllowCsrBasedIssuance
func (x *CaPool_IssuancePolicy_IssuanceModes) GetAllowCsrBasedIssuance() boolfunc (*CaPool_IssuancePolicy_IssuanceModes) ProtoMessage
func (*CaPool_IssuancePolicy_IssuanceModes) ProtoMessage()func (*CaPool_IssuancePolicy_IssuanceModes) ProtoReflect
func (x *CaPool_IssuancePolicy_IssuanceModes) ProtoReflect() protoreflect.Messagefunc (*CaPool_IssuancePolicy_IssuanceModes) Reset
func (x *CaPool_IssuancePolicy_IssuanceModes) Reset()func (*CaPool_IssuancePolicy_IssuanceModes) String
func (x *CaPool_IssuancePolicy_IssuanceModes) String() stringCaPool_PublishingOptions
type CaPool_PublishingOptions struct {
// Optional. When true, publishes each
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
// CA certificate and includes its URL in the "Authority Information Access"
// X.509 extension in all issued
// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
// is false, the CA certificate will not be published and the corresponding
// X.509 extension will not be written in issued certificates.
PublishCaCert bool `protobuf:"varint,1,opt,name=publish_ca_cert,json=publishCaCert,proto3" json:"publish_ca_cert,omitempty"`
// Optional. When true, publishes each
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
// CRL and includes its URL in the "CRL Distribution Points" X.509 extension
// in all issued
// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
// is false, CRLs will not be published and the corresponding X.509
// extension will not be written in issued certificates. CRLs will expire 7
// days from their creation. However, we will rebuild daily. CRLs are also
// rebuilt shortly after a certificate is revoked.
PublishCrl bool `protobuf:"varint,2,opt,name=publish_crl,json=publishCrl,proto3" json:"publish_crl,omitempty"`
// Optional. Specifies the encoding format of each
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// resource's CA certificate and CRLs. If this is omitted, CA certificates
// and CRLs will be published in PEM.
EncodingFormat CaPool_PublishingOptions_EncodingFormat `protobuf:"varint,3,opt,name=encoding_format,json=encodingFormat,proto3,enum=google.cloud.security.privateca.v1.CaPool_PublishingOptions_EncodingFormat" json:"encoding_format,omitempty"`
// contains filtered or unexported fields
}Options relating to the publication of each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and CRLs and their inclusion as extensions in issued [Certificates][google.cloud.security.privateca.v1.Certificate]. The options set here apply to certificates issued by any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the [CaPool][google.cloud.security.privateca.v1.CaPool].
func (*CaPool_PublishingOptions) Descriptor
func (*CaPool_PublishingOptions) Descriptor() ([]byte, []int)Deprecated: Use CaPool_PublishingOptions.ProtoReflect.Descriptor instead.
func (*CaPool_PublishingOptions) GetEncodingFormat
func (x *CaPool_PublishingOptions) GetEncodingFormat() CaPool_PublishingOptions_EncodingFormatfunc (*CaPool_PublishingOptions) GetPublishCaCert
func (x *CaPool_PublishingOptions) GetPublishCaCert() boolfunc (*CaPool_PublishingOptions) GetPublishCrl
func (x *CaPool_PublishingOptions) GetPublishCrl() boolfunc (*CaPool_PublishingOptions) ProtoMessage
func (*CaPool_PublishingOptions) ProtoMessage()func (*CaPool_PublishingOptions) ProtoReflect
func (x *CaPool_PublishingOptions) ProtoReflect() protoreflect.Messagefunc (*CaPool_PublishingOptions) Reset
func (x *CaPool_PublishingOptions) Reset()func (*CaPool_PublishingOptions) String
func (x *CaPool_PublishingOptions) String() stringCaPool_PublishingOptions_EncodingFormat
type CaPool_PublishingOptions_EncodingFormat int32Supported encoding formats for publishing.
CaPool_PublishingOptions_ENCODING_FORMAT_UNSPECIFIED, CaPool_PublishingOptions_PEM, CaPool_PublishingOptions_DER
const (
// Not specified. By default, PEM format will be used.
CaPool_PublishingOptions_ENCODING_FORMAT_UNSPECIFIED CaPool_PublishingOptions_EncodingFormat = 0
// The
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
// CA certificate and CRLs will be published in PEM format.
CaPool_PublishingOptions_PEM CaPool_PublishingOptions_EncodingFormat = 1
// The
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
// CA certificate and CRLs will be published in DER format.
CaPool_PublishingOptions_DER CaPool_PublishingOptions_EncodingFormat = 2
)func (CaPool_PublishingOptions_EncodingFormat) Descriptor
func (CaPool_PublishingOptions_EncodingFormat) Descriptor() protoreflect.EnumDescriptorfunc (CaPool_PublishingOptions_EncodingFormat) Enum
func (CaPool_PublishingOptions_EncodingFormat) EnumDescriptor
func (CaPool_PublishingOptions_EncodingFormat) EnumDescriptor() ([]byte, []int)Deprecated: Use CaPool_PublishingOptions_EncodingFormat.Descriptor instead.
func (CaPool_PublishingOptions_EncodingFormat) Number
func (x CaPool_PublishingOptions_EncodingFormat) Number() protoreflect.EnumNumberfunc (CaPool_PublishingOptions_EncodingFormat) String
func (x CaPool_PublishingOptions_EncodingFormat) String() stringfunc (CaPool_PublishingOptions_EncodingFormat) Type
func (CaPool_PublishingOptions_EncodingFormat) Type() protoreflect.EnumTypeCaPool_Tier
type CaPool_Tier int32The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool], indicating its supported functionality and/or billing SKU.
CaPool_TIER_UNSPECIFIED, CaPool_ENTERPRISE, CaPool_DEVOPS
const (
// Not specified.
CaPool_TIER_UNSPECIFIED CaPool_Tier = 0
// Enterprise tier.
CaPool_ENTERPRISE CaPool_Tier = 1
// DevOps tier.
CaPool_DEVOPS CaPool_Tier = 2
)func (CaPool_Tier) Descriptor
func (CaPool_Tier) Descriptor() protoreflect.EnumDescriptorfunc (CaPool_Tier) Enum
func (x CaPool_Tier) Enum() *CaPool_Tierfunc (CaPool_Tier) EnumDescriptor
func (CaPool_Tier) EnumDescriptor() ([]byte, []int)Deprecated: Use CaPool_Tier.Descriptor instead.
func (CaPool_Tier) Number
func (x CaPool_Tier) Number() protoreflect.EnumNumberfunc (CaPool_Tier) String
func (x CaPool_Tier) String() stringfunc (CaPool_Tier) Type
func (CaPool_Tier) Type() protoreflect.EnumTypeCertificate
type Certificate struct {
// Identifier. The resource name for this
// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
// `projects/*/locations/*/caPools/*/certificates/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The config used to create a signed X.509 certificate.
//
// Types that are assignable to CertificateConfig:
//
// *Certificate_PemCsr
// *Certificate_Config
CertificateConfig isCertificate_CertificateConfig `protobuf_oneof:"certificate_config"`
// Output only. The resource name of the issuing
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
IssuerCertificateAuthority string `protobuf:"bytes,4,opt,name=issuer_certificate_authority,json=issuerCertificateAuthority,proto3" json:"issuer_certificate_authority,omitempty"`
// Required. Immutable. The desired lifetime of a certificate. Used to create
// the "not_before_time" and "not_after_time" fields inside an X.509
// certificate. Note that the lifetime may be truncated if it would extend
// past the life of any certificate authority in the issuing chain.
Lifetime *durationpb.Duration `protobuf:"bytes,5,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
// Immutable. The resource name for a
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// used to issue this certificate, in the format
// `projects/*/locations/*/certificateTemplates/*`.
// If this is specified, the caller must have the necessary permission to
// use this template. If this is omitted, no template will be used.
// This template must be in the same location as the
// [Certificate][google.cloud.security.privateca.v1.Certificate].
CertificateTemplate string `protobuf:"bytes,6,opt,name=certificate_template,json=certificateTemplate,proto3" json:"certificate_template,omitempty"`
// Immutable. Specifies how the
// [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity
// fields are to be decided. If this is omitted, the `DEFAULT` subject mode
// will be used.
SubjectMode SubjectRequestMode `protobuf:"varint,7,opt,name=subject_mode,json=subjectMode,proto3,enum=google.cloud.security.privateca.v1.SubjectRequestMode" json:"subject_mode,omitempty"`
// Output only. Details regarding the revocation of this
// [Certificate][google.cloud.security.privateca.v1.Certificate]. This
// [Certificate][google.cloud.security.privateca.v1.Certificate] is considered
// revoked if and only if this field is present.
RevocationDetails *Certificate_RevocationDetails `protobuf:"bytes,8,opt,name=revocation_details,json=revocationDetails,proto3" json:"revocation_details,omitempty"`
// Output only. The pem-encoded, signed X.509 certificate.
PemCertificate string `protobuf:"bytes,9,opt,name=pem_certificate,json=pemCertificate,proto3" json:"pem_certificate,omitempty"`
// Output only. A structured description of the issued X.509 certificate.
CertificateDescription *CertificateDescription `protobuf:"bytes,10,opt,name=certificate_description,json=certificateDescription,proto3" json:"certificate_description,omitempty"`
// Output only. The chain that may be used to verify the X.509 certificate.
// Expected to be in issuer-to-root order according to RFC 5246.
PemCertificateChain []string `protobuf:"bytes,11,rep,name=pem_certificate_chain,json=pemCertificateChain,proto3" json:"pem_certificate_chain,omitempty"`
// Output only. The time at which this
// [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,12,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. The time at which this
// [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// Optional. Labels with user-defined metadata.
Labels map[string]string `protobuf:"bytes,14,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// contains filtered or unexported fields
}A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds to a signed X.509 certificate issued by a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
func (*Certificate) Descriptor
func (*Certificate) Descriptor() ([]byte, []int)Deprecated: Use Certificate.ProtoReflect.Descriptor instead.
func (*Certificate) GetCertificateConfig
func (m *Certificate) GetCertificateConfig() isCertificate_CertificateConfigfunc (*Certificate) GetCertificateDescription
func (x *Certificate) GetCertificateDescription() *CertificateDescriptionfunc (*Certificate) GetCertificateTemplate
func (x *Certificate) GetCertificateTemplate() stringfunc (*Certificate) GetConfig
func (x *Certificate) GetConfig() *CertificateConfigfunc (*Certificate) GetCreateTime
func (x *Certificate) GetCreateTime() *timestamppb.Timestampfunc (*Certificate) GetIssuerCertificateAuthority
func (x *Certificate) GetIssuerCertificateAuthority() stringfunc (*Certificate) GetLabels
func (x *Certificate) GetLabels() map[string]stringfunc (*Certificate) GetLifetime
func (x *Certificate) GetLifetime() *durationpb.Durationfunc (*Certificate) GetName
func (x *Certificate) GetName() stringfunc (*Certificate) GetPemCertificate
func (x *Certificate) GetPemCertificate() stringfunc (*Certificate) GetPemCertificateChain
func (x *Certificate) GetPemCertificateChain() []stringfunc (*Certificate) GetPemCsr
func (x *Certificate) GetPemCsr() stringfunc (*Certificate) GetRevocationDetails
func (x *Certificate) GetRevocationDetails() *Certificate_RevocationDetailsfunc (*Certificate) GetSubjectMode
func (x *Certificate) GetSubjectMode() SubjectRequestModefunc (*Certificate) GetUpdateTime
func (x *Certificate) GetUpdateTime() *timestamppb.Timestampfunc (*Certificate) ProtoMessage
func (*Certificate) ProtoMessage()func (*Certificate) ProtoReflect
func (x *Certificate) ProtoReflect() protoreflect.Messagefunc (*Certificate) Reset
func (x *Certificate) Reset()func (*Certificate) String
func (x *Certificate) String() stringCertificateAuthority
type CertificateAuthority struct {
// Identifier. The resource name for this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. Immutable. The
// [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
// this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
Type CertificateAuthority_Type `protobuf:"varint,2,opt,name=type,proto3,enum=google.cloud.security.privateca.v1.CertificateAuthority_Type" json:"type,omitempty"`
// Required. Immutable. The config used to create a self-signed X.509
// certificate or CSR.
Config *CertificateConfig `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
// Required. Immutable. The desired lifetime of the CA certificate. Used to
// create the "not_before_time" and "not_after_time" fields inside an X.509
// certificate.
Lifetime *durationpb.Duration `protobuf:"bytes,4,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
// Required. Immutable. Used when issuing certificates for this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
// If this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// is a self-signed CertificateAuthority, this key is also used to sign the
// self-signed CA certificate. Otherwise, it is used to sign a CSR.
KeySpec *CertificateAuthority_KeyVersionSpec `protobuf:"bytes,5,opt,name=key_spec,json=keySpec,proto3" json:"key_spec,omitempty"`
// Optional. If this is a subordinate
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
// this field will be set with the subordinate configuration, which describes
// its issuers. This may be updated, but this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// must continue to validate.
SubordinateConfig *SubordinateConfig `protobuf:"bytes,6,opt,name=subordinate_config,json=subordinateConfig,proto3" json:"subordinate_config,omitempty"`
// Output only. The
// [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the
// [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
Tier CaPool_Tier `protobuf:"varint,7,opt,name=tier,proto3,enum=google.cloud.security.privateca.v1.CaPool_Tier" json:"tier,omitempty"`
// Output only. The
// [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for
// this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
State CertificateAuthority_State `protobuf:"varint,8,opt,name=state,proto3,enum=google.cloud.security.privateca.v1.CertificateAuthority_State" json:"state,omitempty"`
// Output only. This
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
// certificate chain, including the current
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
// certificate. Ordered such that the root issuer is the final element
// (consistent with RFC 5246). For a self-signed CA, this will only list the
// current
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
// certificate.
PemCaCertificates []string `protobuf:"bytes,9,rep,name=pem_ca_certificates,json=pemCaCertificates,proto3" json:"pem_ca_certificates,omitempty"`
// Output only. A structured description of this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
// CA certificate and its issuers. Ordered as self-to-root.
CaCertificateDescriptions []*CertificateDescription `protobuf:"bytes,10,rep,name=ca_certificate_descriptions,json=caCertificateDescriptions,proto3" json:"ca_certificate_descriptions,omitempty"`
// Immutable. The name of a Cloud Storage bucket where this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// will publish content, such as the CA certificate and CRLs. This must be a
// bucket name, without any prefixes (such as `gs://`) or suffixes (such as
// `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
// would simply specify `my-bucket`. If not specified, a managed bucket will
// be created.
GcsBucket string `protobuf:"bytes,11,opt,name=gcs_bucket,json=gcsBucket,proto3" json:"gcs_bucket,omitempty"`
// Output only. URLs for accessing content published by this CA, such as the
// CA certificate and CRLs.
AccessUrls *CertificateAuthority_AccessUrls `protobuf:"bytes,12,opt,name=access_urls,json=accessUrls,proto3" json:"access_urls,omitempty"`
// Output only. The time at which this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// was created.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. The time at which this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// was last updated.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,14,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// Output only. The time at which this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// was soft deleted, if it is in the
// [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
// state.
DeleteTime *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=delete_time,json=deleteTime,proto3" json:"delete_time,omitempty"`
// Output only. The time at which this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// will be permanently purged, if it is in the
// [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
// state.
ExpireTime *timestamppb.Timestamp `protobuf:"bytes,16,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
// Optional. Labels with user-defined metadata.
Labels map[string]string `protobuf:"bytes,17,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// Optional. User-defined URLs for CA certificate and CRLs. The service does
// not publish content to these URLs. It is up to the user to mirror content
// to these URLs.
UserDefinedAccessUrls *CertificateAuthority_UserDefinedAccessUrls `protobuf:"bytes,18,opt,name=user_defined_access_urls,json=userDefinedAccessUrls,proto3" json:"user_defined_access_urls,omitempty"`
// Output only. Reserved for future use.
SatisfiesPzs bool `protobuf:"varint,19,opt,name=satisfies_pzs,json=satisfiesPzs,proto3" json:"satisfies_pzs,omitempty"`
// Output only. Reserved for future use.
SatisfiesPzi bool `protobuf:"varint,20,opt,name=satisfies_pzi,json=satisfiesPzi,proto3" json:"satisfies_pzi,omitempty"`
// contains filtered or unexported fields
}A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] represents an individual Certificate Authority. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] can be used to create [Certificates][google.cloud.security.privateca.v1.Certificate].
func (*CertificateAuthority) Descriptor
func (*CertificateAuthority) Descriptor() ([]byte, []int)Deprecated: Use CertificateAuthority.ProtoReflect.Descriptor instead.
func (*CertificateAuthority) GetAccessUrls
func (x *CertificateAuthority) GetAccessUrls() *CertificateAuthority_AccessUrlsfunc (*CertificateAuthority) GetCaCertificateDescriptions
func (x *CertificateAuthority) GetCaCertificateDescriptions() []*CertificateDescriptionfunc (*CertificateAuthority) GetConfig
func (x *CertificateAuthority) GetConfig() *CertificateConfigfunc (*CertificateAuthority) GetCreateTime
func (x *CertificateAuthority) GetCreateTime() *timestamppb.Timestampfunc (*CertificateAuthority) GetDeleteTime
func (x *CertificateAuthority) GetDeleteTime() *timestamppb.Timestampfunc (*CertificateAuthority) GetExpireTime
func (x *CertificateAuthority) GetExpireTime() *timestamppb.Timestampfunc (*CertificateAuthority) GetGcsBucket
func (x *CertificateAuthority) GetGcsBucket() stringfunc (*CertificateAuthority) GetKeySpec
func (x *CertificateAuthority) GetKeySpec() *CertificateAuthority_KeyVersionSpecfunc (*CertificateAuthority) GetLabels
func (x *CertificateAuthority) GetLabels() map[string]stringfunc (*CertificateAuthority) GetLifetime
func (x *CertificateAuthority) GetLifetime() *durationpb.Durationfunc (*CertificateAuthority) GetName
func (x *CertificateAuthority) GetName() stringfunc (*CertificateAuthority) GetPemCaCertificates
func (x *CertificateAuthority) GetPemCaCertificates() []stringfunc (*CertificateAuthority) GetSatisfiesPzi
func (x *CertificateAuthority) GetSatisfiesPzi() boolfunc (*CertificateAuthority) GetSatisfiesPzs
func (x *CertificateAuthority) GetSatisfiesPzs() boolfunc (*CertificateAuthority) GetState
func (x *CertificateAuthority) GetState() CertificateAuthority_Statefunc (*CertificateAuthority) GetSubordinateConfig
func (x *CertificateAuthority) GetSubordinateConfig() *SubordinateConfigfunc (*CertificateAuthority) GetTier
func (x *CertificateAuthority) GetTier() CaPool_Tierfunc (*CertificateAuthority) GetType
func (x *CertificateAuthority) GetType() CertificateAuthority_Typefunc (*CertificateAuthority) GetUpdateTime
func (x *CertificateAuthority) GetUpdateTime() *timestamppb.Timestampfunc (*CertificateAuthority) GetUserDefinedAccessUrls
func (x *CertificateAuthority) GetUserDefinedAccessUrls() *CertificateAuthority_UserDefinedAccessUrlsfunc (*CertificateAuthority) ProtoMessage
func (*CertificateAuthority) ProtoMessage()func (*CertificateAuthority) ProtoReflect
func (x *CertificateAuthority) ProtoReflect() protoreflect.Messagefunc (*CertificateAuthority) Reset
func (x *CertificateAuthority) Reset()func (*CertificateAuthority) String
func (x *CertificateAuthority) String() stringCertificateAuthorityServiceClient
type CertificateAuthorityServiceClient interface {
// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
// in a given Project, Location from a particular
// [CaPool][google.cloud.security.privateca.v1.CaPool].
CreateCertificate(ctx context.Context, in *CreateCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
GetCertificate(ctx context.Context, in *GetCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
// Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
ListCertificates(ctx context.Context, in *ListCertificatesRequest, opts ...grpc.CallOption) (*ListCertificatesResponse, error)
// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
// Currently, the only field you can update is the
// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
UpdateCertificate(ctx context.Context, in *UpdateCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
// Activate a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// that is in state
// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
// and is of type
// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
// After the parent Certificate Authority signs a certificate signing request
// from
// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
// this method can complete the activation process.
ActivateCertificateAuthority(ctx context.Context, in *ActivateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Create a new
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in a given Project and Location.
CreateCertificateAuthority(ctx context.Context, in *CreateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Disable a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
DisableCertificateAuthority(ctx context.Context, in *DisableCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Enable a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
EnableCertificateAuthority(ctx context.Context, in *EnableCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Fetch a certificate signing request (CSR) from a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// that is in state
// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
// and is of type
// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
// The CSR must then be signed by the desired parent Certificate Authority,
// which could be another
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// resource, or could be an on-prem certificate authority. See also
// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
FetchCertificateAuthorityCsr(ctx context.Context, in *FetchCertificateAuthorityCsrRequest, opts ...grpc.CallOption) (*FetchCertificateAuthorityCsrResponse, error)
// Returns a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
GetCertificateAuthority(ctx context.Context, in *GetCertificateAuthorityRequest, opts ...grpc.CallOption) (*CertificateAuthority, error)
// Lists
// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
ListCertificateAuthorities(ctx context.Context, in *ListCertificateAuthoritiesRequest, opts ...grpc.CallOption) (*ListCertificateAuthoritiesResponse, error)
// Undelete a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// that has been deleted.
UndeleteCertificateAuthority(ctx context.Context, in *UndeleteCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Delete a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
DeleteCertificateAuthority(ctx context.Context, in *DeleteCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Update a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
UpdateCertificateAuthority(ctx context.Context, in *UpdateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
CreateCaPool(ctx context.Context, in *CreateCaPoolRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
UpdateCaPool(ctx context.Context, in *UpdateCaPoolRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
GetCaPool(ctx context.Context, in *GetCaPoolRequest, opts ...grpc.CallOption) (*CaPool, error)
// Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
ListCaPools(ctx context.Context, in *ListCaPoolsRequest, opts ...grpc.CallOption) (*ListCaPoolsResponse, error)
// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
DeleteCaPool(ctx context.Context, in *DeleteCaPoolRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// FetchCaCerts returns the current trust anchor for the
// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
// certificate chains for all certificate authorities in the ENABLED,
// DISABLED, or STAGED states.
FetchCaCerts(ctx context.Context, in *FetchCaCertsRequest, opts ...grpc.CallOption) (*FetchCaCertsResponse, error)
// Returns a
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
GetCertificateRevocationList(ctx context.Context, in *GetCertificateRevocationListRequest, opts ...grpc.CallOption) (*CertificateRevocationList, error)
// Lists
// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
ListCertificateRevocationLists(ctx context.Context, in *ListCertificateRevocationListsRequest, opts ...grpc.CallOption) (*ListCertificateRevocationListsResponse, error)
// Update a
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
UpdateCertificateRevocationList(ctx context.Context, in *UpdateCertificateRevocationListRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Create a new
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// in a given Project and Location.
CreateCertificateTemplate(ctx context.Context, in *CreateCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// DeleteCertificateTemplate deletes a
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
DeleteCertificateTemplate(ctx context.Context, in *DeleteCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Returns a
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
GetCertificateTemplate(ctx context.Context, in *GetCertificateTemplateRequest, opts ...grpc.CallOption) (*CertificateTemplate, error)
// Lists
// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
ListCertificateTemplates(ctx context.Context, in *ListCertificateTemplatesRequest, opts ...grpc.CallOption) (*ListCertificateTemplatesResponse, error)
// Update a
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
UpdateCertificateTemplate(ctx context.Context, in *UpdateCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
}CertificateAuthorityServiceClient is the client API for CertificateAuthorityService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewCertificateAuthorityServiceClient
func NewCertificateAuthorityServiceClient(cc grpc.ClientConnInterface) CertificateAuthorityServiceClientCertificateAuthorityServiceServer
type CertificateAuthorityServiceServer interface {
// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
// in a given Project, Location from a particular
// [CaPool][google.cloud.security.privateca.v1.CaPool].
CreateCertificate(context.Context, *CreateCertificateRequest) (*Certificate, error)
// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
GetCertificate(context.Context, *GetCertificateRequest) (*Certificate, error)
// Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
ListCertificates(context.Context, *ListCertificatesRequest) (*ListCertificatesResponse, error)
// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
RevokeCertificate(context.Context, *RevokeCertificateRequest) (*Certificate, error)
// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
// Currently, the only field you can update is the
// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
UpdateCertificate(context.Context, *UpdateCertificateRequest) (*Certificate, error)
// Activate a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// that is in state
// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
// and is of type
// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
// After the parent Certificate Authority signs a certificate signing request
// from
// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
// this method can complete the activation process.
ActivateCertificateAuthority(context.Context, *ActivateCertificateAuthorityRequest) (*longrunningpb.Operation, error)
// Create a new
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in a given Project and Location.
CreateCertificateAuthority(context.Context, *CreateCertificateAuthorityRequest) (*longrunningpb.Operation, error)
// Disable a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
DisableCertificateAuthority(context.Context, *DisableCertificateAuthorityRequest) (*longrunningpb.Operation, error)
// Enable a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
EnableCertificateAuthority(context.Context, *EnableCertificateAuthorityRequest) (*longrunningpb.Operation, error)
// Fetch a certificate signing request (CSR) from a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// that is in state
// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
// and is of type
// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
// The CSR must then be signed by the desired parent Certificate Authority,
// which could be another
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// resource, or could be an on-prem certificate authority. See also
// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
FetchCertificateAuthorityCsr(context.Context, *FetchCertificateAuthorityCsrRequest) (*FetchCertificateAuthorityCsrResponse, error)
// Returns a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
GetCertificateAuthority(context.Context, *GetCertificateAuthorityRequest) (*CertificateAuthority, error)
// Lists
// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
ListCertificateAuthorities(context.Context, *ListCertificateAuthoritiesRequest) (*ListCertificateAuthoritiesResponse, error)
// Undelete a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// that has been deleted.
UndeleteCertificateAuthority(context.Context, *UndeleteCertificateAuthorityRequest) (*longrunningpb.Operation, error)
// Delete a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
DeleteCertificateAuthority(context.Context, *DeleteCertificateAuthorityRequest) (*longrunningpb.Operation, error)
// Update a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
UpdateCertificateAuthority(context.Context, *UpdateCertificateAuthorityRequest) (*longrunningpb.Operation, error)
// Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
CreateCaPool(context.Context, *CreateCaPoolRequest) (*longrunningpb.Operation, error)
// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
UpdateCaPool(context.Context, *UpdateCaPoolRequest) (*longrunningpb.Operation, error)
// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
GetCaPool(context.Context, *GetCaPoolRequest) (*CaPool, error)
// Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
ListCaPools(context.Context, *ListCaPoolsRequest) (*ListCaPoolsResponse, error)
// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
DeleteCaPool(context.Context, *DeleteCaPoolRequest) (*longrunningpb.Operation, error)
// FetchCaCerts returns the current trust anchor for the
// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
// certificate chains for all certificate authorities in the ENABLED,
// DISABLED, or STAGED states.
FetchCaCerts(context.Context, *FetchCaCertsRequest) (*FetchCaCertsResponse, error)
// Returns a
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
GetCertificateRevocationList(context.Context, *GetCertificateRevocationListRequest) (*CertificateRevocationList, error)
// Lists
// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
ListCertificateRevocationLists(context.Context, *ListCertificateRevocationListsRequest) (*ListCertificateRevocationListsResponse, error)
// Update a
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
UpdateCertificateRevocationList(context.Context, *UpdateCertificateRevocationListRequest) (*longrunningpb.Operation, error)
// Create a new
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// in a given Project and Location.
CreateCertificateTemplate(context.Context, *CreateCertificateTemplateRequest) (*longrunningpb.Operation, error)
// DeleteCertificateTemplate deletes a
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
DeleteCertificateTemplate(context.Context, *DeleteCertificateTemplateRequest) (*longrunningpb.Operation, error)
// Returns a
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
GetCertificateTemplate(context.Context, *GetCertificateTemplateRequest) (*CertificateTemplate, error)
// Lists
// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
ListCertificateTemplates(context.Context, *ListCertificateTemplatesRequest) (*ListCertificateTemplatesResponse, error)
// Update a
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
UpdateCertificateTemplate(context.Context, *UpdateCertificateTemplateRequest) (*longrunningpb.Operation, error)
}CertificateAuthorityServiceServer is the server API for CertificateAuthorityService service. All implementations should embed UnimplementedCertificateAuthorityServiceServer for forward compatibility
CertificateAuthority_AccessUrls
type CertificateAuthority_AccessUrls struct {
// The URL where this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
// CA certificate is published. This will only be set for CAs that have been
// activated.
CaCertificateAccessUrl string `protobuf:"bytes,1,opt,name=ca_certificate_access_url,json=caCertificateAccessUrl,proto3" json:"ca_certificate_access_url,omitempty"`
// The URLs where this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
// CRLs are published. This will only be set for CAs that have been
// activated.
CrlAccessUrls []string `protobuf:"bytes,2,rep,name=crl_access_urls,json=crlAccessUrls,proto3" json:"crl_access_urls,omitempty"`
// contains filtered or unexported fields
}URLs where a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will publish content.
func (*CertificateAuthority_AccessUrls) Descriptor
func (*CertificateAuthority_AccessUrls) Descriptor() ([]byte, []int)Deprecated: Use CertificateAuthority_AccessUrls.ProtoReflect.Descriptor instead.
func (*CertificateAuthority_AccessUrls) GetCaCertificateAccessUrl
func (x *CertificateAuthority_AccessUrls) GetCaCertificateAccessUrl() stringfunc (*CertificateAuthority_AccessUrls) GetCrlAccessUrls
func (x *CertificateAuthority_AccessUrls) GetCrlAccessUrls() []stringfunc (*CertificateAuthority_AccessUrls) ProtoMessage
func (*CertificateAuthority_AccessUrls) ProtoMessage()func (*CertificateAuthority_AccessUrls) ProtoReflect
func (x *CertificateAuthority_AccessUrls) ProtoReflect() protoreflect.Messagefunc (*CertificateAuthority_AccessUrls) Reset
func (x *CertificateAuthority_AccessUrls) Reset()func (*CertificateAuthority_AccessUrls) String
func (x *CertificateAuthority_AccessUrls) String() stringCertificateAuthority_KeyVersionSpec
type CertificateAuthority_KeyVersionSpec struct {
// Types that are assignable to KeyVersion:
//
// *CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion
// *CertificateAuthority_KeyVersionSpec_Algorithm
KeyVersion isCertificateAuthority_KeyVersionSpec_KeyVersion `protobuf_oneof:"KeyVersion"`
// contains filtered or unexported fields
}A Cloud KMS key configuration that a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will use.
func (*CertificateAuthority_KeyVersionSpec) Descriptor
func (*CertificateAuthority_KeyVersionSpec) Descriptor() ([]byte, []int)Deprecated: Use CertificateAuthority_KeyVersionSpec.ProtoReflect.Descriptor instead.
func (*CertificateAuthority_KeyVersionSpec) GetAlgorithm
func (x *CertificateAuthority_KeyVersionSpec) GetAlgorithm() CertificateAuthority_SignHashAlgorithmfunc (*CertificateAuthority_KeyVersionSpec) GetCloudKmsKeyVersion
func (x *CertificateAuthority_KeyVersionSpec) GetCloudKmsKeyVersion() stringfunc (*CertificateAuthority_KeyVersionSpec) GetKeyVersion
func (m *CertificateAuthority_KeyVersionSpec) GetKeyVersion() isCertificateAuthority_KeyVersionSpec_KeyVersionfunc (*CertificateAuthority_KeyVersionSpec) ProtoMessage
func (*CertificateAuthority_KeyVersionSpec) ProtoMessage()func (*CertificateAuthority_KeyVersionSpec) ProtoReflect
func (x *CertificateAuthority_KeyVersionSpec) ProtoReflect() protoreflect.Messagefunc (*CertificateAuthority_KeyVersionSpec) Reset
func (x *CertificateAuthority_KeyVersionSpec) Reset()func (*CertificateAuthority_KeyVersionSpec) String
func (x *CertificateAuthority_KeyVersionSpec) String() stringCertificateAuthority_KeyVersionSpec_Algorithm
type CertificateAuthority_KeyVersionSpec_Algorithm struct {
// The algorithm to use for creating a managed Cloud KMS key for a for a
// simplified experience. All managed keys will be have their
// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
Algorithm CertificateAuthority_SignHashAlgorithm `protobuf:"varint,2,opt,name=algorithm,proto3,enum=google.cloud.security.privateca.v1.CertificateAuthority_SignHashAlgorithm,oneof"`
}CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion
type CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion struct {
// The resource name for an existing Cloud KMS CryptoKeyVersion in the
// format
// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
// This option enables full flexibility in the key's capabilities and
// properties.
CloudKmsKeyVersion string `protobuf:"bytes,1,opt,name=cloud_kms_key_version,json=cloudKmsKeyVersion,proto3,oneof"`
}CertificateAuthority_SignHashAlgorithm
type CertificateAuthority_SignHashAlgorithm int32The algorithm of a Cloud KMS CryptoKeyVersion of a
[CryptoKey][google.cloud.kms.v1.CryptoKey] with the
[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
ASYMMETRIC_SIGN. These values correspond to the
[CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
values. For RSA signing algorithms, the PSS algorithms should be preferred,
use PKCS1 algorithms if required for compatibility. For further
recommendations, see
https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
CertificateAuthority_SIGN_HASH_ALGORITHM_UNSPECIFIED, CertificateAuthority_RSA_PSS_2048_SHA256, CertificateAuthority_RSA_PSS_3072_SHA256, CertificateAuthority_RSA_PSS_4096_SHA256, CertificateAuthority_RSA_PKCS1_2048_SHA256, CertificateAuthority_RSA_PKCS1_3072_SHA256, CertificateAuthority_RSA_PKCS1_4096_SHA256, CertificateAuthority_EC_P256_SHA256, CertificateAuthority_EC_P384_SHA384
const (
// Not specified.
CertificateAuthority_SIGN_HASH_ALGORITHM_UNSPECIFIED CertificateAuthority_SignHashAlgorithm = 0
// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
CertificateAuthority_RSA_PSS_2048_SHA256 CertificateAuthority_SignHashAlgorithm = 1
// maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
CertificateAuthority_RSA_PSS_3072_SHA256 CertificateAuthority_SignHashAlgorithm = 2
// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
CertificateAuthority_RSA_PSS_4096_SHA256 CertificateAuthority_SignHashAlgorithm = 3
// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
CertificateAuthority_RSA_PKCS1_2048_SHA256 CertificateAuthority_SignHashAlgorithm = 6
// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
CertificateAuthority_RSA_PKCS1_3072_SHA256 CertificateAuthority_SignHashAlgorithm = 7
// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
CertificateAuthority_RSA_PKCS1_4096_SHA256 CertificateAuthority_SignHashAlgorithm = 8
// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
CertificateAuthority_EC_P256_SHA256 CertificateAuthority_SignHashAlgorithm = 4
// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
CertificateAuthority_EC_P384_SHA384 CertificateAuthority_SignHashAlgorithm = 5
)func (CertificateAuthority_SignHashAlgorithm) Descriptor
func (CertificateAuthority_SignHashAlgorithm) Descriptor() protoreflect.EnumDescriptorfunc (CertificateAuthority_SignHashAlgorithm) Enum
func (CertificateAuthority_SignHashAlgorithm) EnumDescriptor
func (CertificateAuthority_SignHashAlgorithm) EnumDescriptor() ([]byte, []int)Deprecated: Use CertificateAuthority_SignHashAlgorithm.Descriptor instead.
func (CertificateAuthority_SignHashAlgorithm) Number
func (x CertificateAuthority_SignHashAlgorithm) Number() protoreflect.EnumNumberfunc (CertificateAuthority_SignHashAlgorithm) String
func (x CertificateAuthority_SignHashAlgorithm) String() stringfunc (CertificateAuthority_SignHashAlgorithm) Type
func (CertificateAuthority_SignHashAlgorithm) Type() protoreflect.EnumTypeCertificateAuthority_State
type CertificateAuthority_State int32The state of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating if it can be used.
CertificateAuthority_STATE_UNSPECIFIED, CertificateAuthority_ENABLED, CertificateAuthority_DISABLED, CertificateAuthority_STAGED, CertificateAuthority_AWAITING_USER_ACTIVATION, CertificateAuthority_DELETED
const (
// Not specified.
CertificateAuthority_STATE_UNSPECIFIED CertificateAuthority_State = 0
// Certificates can be issued from this CA. CRLs will be generated for this
// CA. The CA will be part of the
// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
// will be used to issue certificates from the
// [CaPool][google.cloud.security.privateca.v1.CaPool].
CertificateAuthority_ENABLED CertificateAuthority_State = 1
// Certificates cannot be issued from this CA. CRLs will still be generated.
// The CA will be part of the
// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but
// will not be used to issue certificates from the
// [CaPool][google.cloud.security.privateca.v1.CaPool].
CertificateAuthority_DISABLED CertificateAuthority_State = 2
// Certificates can be issued from this CA. CRLs will be generated for this
// CA. The CA will be part of the
// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but
// will not be used to issue certificates from the
// [CaPool][google.cloud.security.privateca.v1.CaPool].
CertificateAuthority_STAGED CertificateAuthority_State = 3
// Certificates cannot be issued from this CA. CRLs will not be generated.
// The CA will not be part of the
// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
// will not be used to issue certificates from the
// [CaPool][google.cloud.security.privateca.v1.CaPool].
CertificateAuthority_AWAITING_USER_ACTIVATION CertificateAuthority_State = 4
// Certificates cannot be issued from this CA. CRLs will not be generated.
// The CA may still be recovered by calling
// [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority]
// before
// [expire_time][google.cloud.security.privateca.v1.CertificateAuthority.expire_time].
// The CA will not be part of the
// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
// will not be used to issue certificates from the
// [CaPool][google.cloud.security.privateca.v1.CaPool].
CertificateAuthority_DELETED CertificateAuthority_State = 5
)func (CertificateAuthority_State) Descriptor
func (CertificateAuthority_State) Descriptor() protoreflect.EnumDescriptorfunc (CertificateAuthority_State) Enum
func (x CertificateAuthority_State) Enum() *CertificateAuthority_Statefunc (CertificateAuthority_State) EnumDescriptor
func (CertificateAuthority_State) EnumDescriptor() ([]byte, []int)Deprecated: Use CertificateAuthority_State.Descriptor instead.
func (CertificateAuthority_State) Number
func (x CertificateAuthority_State) Number() protoreflect.EnumNumberfunc (CertificateAuthority_State) String
func (x CertificateAuthority_State) String() stringfunc (CertificateAuthority_State) Type
func (CertificateAuthority_State) Type() protoreflect.EnumTypeCertificateAuthority_Type
type CertificateAuthority_Type int32The type of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating its issuing chain.
CertificateAuthority_TYPE_UNSPECIFIED, CertificateAuthority_SELF_SIGNED, CertificateAuthority_SUBORDINATE
const (
// Not specified.
CertificateAuthority_TYPE_UNSPECIFIED CertificateAuthority_Type = 0
// Self-signed CA.
CertificateAuthority_SELF_SIGNED CertificateAuthority_Type = 1
// Subordinate CA. Could be issued by a Private CA
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// or an unmanaged CA.
CertificateAuthority_SUBORDINATE CertificateAuthority_Type = 2
)func (CertificateAuthority_Type) Descriptor
func (CertificateAuthority_Type) Descriptor() protoreflect.EnumDescriptorfunc (CertificateAuthority_Type) Enum
func (x CertificateAuthority_Type) Enum() *CertificateAuthority_Typefunc (CertificateAuthority_Type) EnumDescriptor
func (CertificateAuthority_Type) EnumDescriptor() ([]byte, []int)Deprecated: Use CertificateAuthority_Type.Descriptor instead.
func (CertificateAuthority_Type) Number
func (x CertificateAuthority_Type) Number() protoreflect.EnumNumberfunc (CertificateAuthority_Type) String
func (x CertificateAuthority_Type) String() stringfunc (CertificateAuthority_Type) Type
func (CertificateAuthority_Type) Type() protoreflect.EnumTypeCertificateAuthority_UserDefinedAccessUrls
type CertificateAuthority_UserDefinedAccessUrls struct {
// Optional. A list of URLs where the issuer CA certificate may be
// downloaded, which appears in the "Authority Information Access" extension
// in the certificate. If specified, the default [Cloud Storage
// URLs][google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.ca_certificate_access_url]
// will be omitted.
AiaIssuingCertificateUrls []string `protobuf:"bytes,1,rep,name=aia_issuing_certificate_urls,json=aiaIssuingCertificateUrls,proto3" json:"aia_issuing_certificate_urls,omitempty"`
// Optional. A list of URLs where to obtain CRL information, i.e.
// the DistributionPoint.fullName described by
// https://tools.ietf.org/html/rfc5280#section-4.2.1.13.
// If specified, the default
// [Cloud Storage
// URLs][google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.crl_access_urls]
// will be omitted.
CrlAccessUrls []string `protobuf:"bytes,2,rep,name=crl_access_urls,json=crlAccessUrls,proto3" json:"crl_access_urls,omitempty"`
// contains filtered or unexported fields
}User-defined URLs for accessing content published by this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
func (*CertificateAuthority_UserDefinedAccessUrls) Descriptor
func (*CertificateAuthority_UserDefinedAccessUrls) Descriptor() ([]byte, []int)Deprecated: Use CertificateAuthority_UserDefinedAccessUrls.ProtoReflect.Descriptor instead.
func (*CertificateAuthority_UserDefinedAccessUrls) GetAiaIssuingCertificateUrls
func (x *CertificateAuthority_UserDefinedAccessUrls) GetAiaIssuingCertificateUrls() []stringfunc (*CertificateAuthority_UserDefinedAccessUrls) GetCrlAccessUrls
func (x *CertificateAuthority_UserDefinedAccessUrls) GetCrlAccessUrls() []stringfunc (*CertificateAuthority_UserDefinedAccessUrls) ProtoMessage
func (*CertificateAuthority_UserDefinedAccessUrls) ProtoMessage()func (*CertificateAuthority_UserDefinedAccessUrls) ProtoReflect
func (x *CertificateAuthority_UserDefinedAccessUrls) ProtoReflect() protoreflect.Messagefunc (*CertificateAuthority_UserDefinedAccessUrls) Reset
func (x *CertificateAuthority_UserDefinedAccessUrls) Reset()func (*CertificateAuthority_UserDefinedAccessUrls) String
func (x *CertificateAuthority_UserDefinedAccessUrls) String() stringCertificateConfig
type CertificateConfig struct {
// Required. Specifies some of the values in a certificate that are related to
// the subject.
SubjectConfig *CertificateConfig_SubjectConfig `protobuf:"bytes,1,opt,name=subject_config,json=subjectConfig,proto3" json:"subject_config,omitempty"`
// Required. Describes how some of the technical X.509 fields in a certificate
// should be populated.
X509Config *X509Parameters `protobuf:"bytes,2,opt,name=x509_config,json=x509Config,proto3" json:"x509_config,omitempty"`
// Optional. The public key that corresponds to this config. This is, for
// example, used when issuing
// [Certificates][google.cloud.security.privateca.v1.Certificate], but not
// when creating a self-signed
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// or
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// CSR.
PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
// Optional. When specified this provides a custom SKI to be used in the
// certificate. This should only be used to maintain a SKI of an existing CA
// originally created outside CA service, which was not generated using method
// (1) described in RFC 5280 section 4.2.1.2.
SubjectKeyId *CertificateConfig_KeyId `protobuf:"bytes,4,opt,name=subject_key_id,json=subjectKeyId,proto3" json:"subject_key_id,omitempty"`
// contains filtered or unexported fields
}A [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig] describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.
func (*CertificateConfig) Descriptor
func (*CertificateConfig) Descriptor() ([]byte, []int)Deprecated: Use CertificateConfig.ProtoReflect.Descriptor instead.
func (*CertificateConfig) GetPublicKey
func (x *CertificateConfig) GetPublicKey() *PublicKeyfunc (*CertificateConfig) GetSubjectConfig
func (x *CertificateConfig) GetSubjectConfig() *CertificateConfig_SubjectConfigfunc (*CertificateConfig) GetSubjectKeyId
func (x *CertificateConfig) GetSubjectKeyId() *CertificateConfig_KeyIdfunc (*CertificateConfig) GetX509Config
func (x *CertificateConfig) GetX509Config() *X509Parametersfunc (*CertificateConfig) ProtoMessage
func (*CertificateConfig) ProtoMessage()func (*CertificateConfig) ProtoReflect
func (x *CertificateConfig) ProtoReflect() protoreflect.Messagefunc (*CertificateConfig) Reset
func (x *CertificateConfig) Reset()func (*CertificateConfig) String
func (x *CertificateConfig) String() stringCertificateConfig_KeyId
type CertificateConfig_KeyId struct {
// Required. The value of this KeyId encoded in lowercase hexadecimal. This
// is most likely the 160 bit SHA-1 hash of the public key.
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// contains filtered or unexported fields
}A KeyId identifies a specific public key, usually by hashing the public key.
func (*CertificateConfig_KeyId) Descriptor
func (*CertificateConfig_KeyId) Descriptor() ([]byte, []int)Deprecated: Use CertificateConfig_KeyId.ProtoReflect.Descriptor instead.
func (*CertificateConfig_KeyId) GetKeyId
func (x *CertificateConfig_KeyId) GetKeyId() stringfunc (*CertificateConfig_KeyId) ProtoMessage
func (*CertificateConfig_KeyId) ProtoMessage()func (*CertificateConfig_KeyId) ProtoReflect
func (x *CertificateConfig_KeyId) ProtoReflect() protoreflect.Messagefunc (*CertificateConfig_KeyId) Reset
func (x *CertificateConfig_KeyId) Reset()func (*CertificateConfig_KeyId) String
func (x *CertificateConfig_KeyId) String() stringCertificateConfig_SubjectConfig
type CertificateConfig_SubjectConfig struct {
// Optional. Contains distinguished name fields such as the common name,
// location and organization.
Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
// Optional. The subject alternative name fields.
SubjectAltName *SubjectAltNames `protobuf:"bytes,2,opt,name=subject_alt_name,json=subjectAltName,proto3" json:"subject_alt_name,omitempty"`
// contains filtered or unexported fields
}These values are used to create the distinguished name and subject alternative name fields in an X.509 certificate.
func (*CertificateConfig_SubjectConfig) Descriptor
func (*CertificateConfig_SubjectConfig) Descriptor() ([]byte, []int)Deprecated: Use CertificateConfig_SubjectConfig.ProtoReflect.Descriptor instead.
func (*CertificateConfig_SubjectConfig) GetSubject
func (x *CertificateConfig_SubjectConfig) GetSubject() *Subjectfunc (*CertificateConfig_SubjectConfig) GetSubjectAltName
func (x *CertificateConfig_SubjectConfig) GetSubjectAltName() *SubjectAltNamesfunc (*CertificateConfig_SubjectConfig) ProtoMessage
func (*CertificateConfig_SubjectConfig) ProtoMessage()func (*CertificateConfig_SubjectConfig) ProtoReflect
func (x *CertificateConfig_SubjectConfig) ProtoReflect() protoreflect.Messagefunc (*CertificateConfig_SubjectConfig) Reset
func (x *CertificateConfig_SubjectConfig) Reset()func (*CertificateConfig_SubjectConfig) String
func (x *CertificateConfig_SubjectConfig) String() stringCertificateDescription
type CertificateDescription struct {
// Describes some of the values in a certificate that are related to the
// subject and lifetime.
SubjectDescription *CertificateDescription_SubjectDescription `protobuf:"bytes,1,opt,name=subject_description,json=subjectDescription,proto3" json:"subject_description,omitempty"`
// Describes some of the technical X.509 fields in a certificate.
X509Description *X509Parameters `protobuf:"bytes,2,opt,name=x509_description,json=x509Description,proto3" json:"x509_description,omitempty"`
// The public key that corresponds to an issued certificate.
PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
// Provides a means of identifiying certificates that contain a particular
// public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
SubjectKeyId *CertificateDescription_KeyId `protobuf:"bytes,4,opt,name=subject_key_id,json=subjectKeyId,proto3" json:"subject_key_id,omitempty"`
// Identifies the subject_key_id of the parent certificate, per
// https://tools.ietf.org/html/rfc5280#section-4.2.1.1
AuthorityKeyId *CertificateDescription_KeyId `protobuf:"bytes,5,opt,name=authority_key_id,json=authorityKeyId,proto3" json:"authority_key_id,omitempty"`
// Describes a list of locations to obtain CRL information, i.e.
// the DistributionPoint.fullName described by
// https://tools.ietf.org/html/rfc5280#section-4.2.1.13
CrlDistributionPoints []string `protobuf:"bytes,6,rep,name=crl_distribution_points,json=crlDistributionPoints,proto3" json:"crl_distribution_points,omitempty"`
// Describes lists of issuer CA certificate URLs that appear in the
// "Authority Information Access" extension in the certificate.
AiaIssuingCertificateUrls []string `protobuf:"bytes,7,rep,name=aia_issuing_certificate_urls,json=aiaIssuingCertificateUrls,proto3" json:"aia_issuing_certificate_urls,omitempty"`
// The hash of the x.509 certificate.
CertFingerprint *CertificateDescription_CertificateFingerprint `protobuf:"bytes,8,opt,name=cert_fingerprint,json=certFingerprint,proto3" json:"cert_fingerprint,omitempty"`
// The hash of the pre-signed certificate, which will be signed by the CA.
// Corresponds to the TBS Certificate in
// https://tools.ietf.org/html/rfc5280#section-4.1.2. The field will always be
// populated.
TbsCertificateDigest string `protobuf:"bytes,9,opt,name=tbs_certificate_digest,json=tbsCertificateDigest,proto3" json:"tbs_certificate_digest,omitempty"`
// contains filtered or unexported fields
}A [CertificateDescription][google.cloud.security.privateca.v1.CertificateDescription] describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.
func (*CertificateDescription) Descriptor
func (*CertificateDescription) Descriptor() ([]byte, []int)Deprecated: Use CertificateDescription.ProtoReflect.Descriptor instead.
func (*CertificateDescription) GetAiaIssuingCertificateUrls
func (x *CertificateDescription) GetAiaIssuingCertificateUrls() []stringfunc (*CertificateDescription) GetAuthorityKeyId
func (x *CertificateDescription) GetAuthorityKeyId() *CertificateDescription_KeyIdfunc (*CertificateDescription) GetCertFingerprint
func (x *CertificateDescription) GetCertFingerprint() *CertificateDescription_CertificateFingerprintfunc (*CertificateDescription) GetCrlDistributionPoints
func (x *CertificateDescription) GetCrlDistributionPoints() []stringfunc (*CertificateDescription) GetPublicKey
func (x *CertificateDescription) GetPublicKey() *PublicKeyfunc (*CertificateDescription) GetSubjectDescription
func (x *CertificateDescription) GetSubjectDescription() *CertificateDescription_SubjectDescriptionfunc (*CertificateDescription) GetSubjectKeyId
func (x *CertificateDescription) GetSubjectKeyId() *CertificateDescription_KeyIdfunc (*CertificateDescription) GetTbsCertificateDigest
func (x *CertificateDescription) GetTbsCertificateDigest() stringfunc (*CertificateDescription) GetX509Description
func (x *CertificateDescription) GetX509Description() *X509Parametersfunc (*CertificateDescription) ProtoMessage
func (*CertificateDescription) ProtoMessage()func (*CertificateDescription) ProtoReflect
func (x *CertificateDescription) ProtoReflect() protoreflect.Messagefunc (*CertificateDescription) Reset
func (x *CertificateDescription) Reset()func (*CertificateDescription) String
func (x *CertificateDescription) String() stringCertificateDescription_CertificateFingerprint
type CertificateDescription_CertificateFingerprint struct {
// The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
Sha256Hash string `protobuf:"bytes,1,opt,name=sha256_hash,json=sha256Hash,proto3" json:"sha256_hash,omitempty"`
// contains filtered or unexported fields
}A group of fingerprints for the x509 certificate.
func (*CertificateDescription_CertificateFingerprint) Descriptor
func (*CertificateDescription_CertificateFingerprint) Descriptor() ([]byte, []int)Deprecated: Use CertificateDescription_CertificateFingerprint.ProtoReflect.Descriptor instead.
func (*CertificateDescription_CertificateFingerprint) GetSha256Hash
func (x *CertificateDescription_CertificateFingerprint) GetSha256Hash() stringfunc (*CertificateDescription_CertificateFingerprint) ProtoMessage
func (*CertificateDescription_CertificateFingerprint) ProtoMessage()func (*CertificateDescription_CertificateFingerprint) ProtoReflect
func (x *CertificateDescription_CertificateFingerprint) ProtoReflect() protoreflect.Messagefunc (*CertificateDescription_CertificateFingerprint) Reset
func (x *CertificateDescription_CertificateFingerprint) Reset()func (*CertificateDescription_CertificateFingerprint) String
func (x *CertificateDescription_CertificateFingerprint) String() stringCertificateDescription_KeyId
type CertificateDescription_KeyId struct {
// Optional. The value of this KeyId encoded in lowercase hexadecimal. This
// is most likely the 160 bit SHA-1 hash of the public key.
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// contains filtered or unexported fields
}A KeyId identifies a specific public key, usually by hashing the public key.
func (*CertificateDescription_KeyId) Descriptor
func (*CertificateDescription_KeyId) Descriptor() ([]byte, []int)Deprecated: Use CertificateDescription_KeyId.ProtoReflect.Descriptor instead.
func (*CertificateDescription_KeyId) GetKeyId
func (x *CertificateDescription_KeyId) GetKeyId() stringfunc (*CertificateDescription_KeyId) ProtoMessage
func (*CertificateDescription_KeyId) ProtoMessage()func (*CertificateDescription_KeyId) ProtoReflect
func (x *CertificateDescription_KeyId) ProtoReflect() protoreflect.Messagefunc (*CertificateDescription_KeyId) Reset
func (x *CertificateDescription_KeyId) Reset()func (*CertificateDescription_KeyId) String
func (x *CertificateDescription_KeyId) String() stringCertificateDescription_SubjectDescription
type CertificateDescription_SubjectDescription struct {
// Contains distinguished name fields such as the common name, location and
// / organization.
Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
// The subject alternative name fields.
SubjectAltName *SubjectAltNames `protobuf:"bytes,2,opt,name=subject_alt_name,json=subjectAltName,proto3" json:"subject_alt_name,omitempty"`
// The serial number encoded in lowercase hexadecimal.
HexSerialNumber string `protobuf:"bytes,3,opt,name=hex_serial_number,json=hexSerialNumber,proto3" json:"hex_serial_number,omitempty"`
// For convenience, the actual lifetime of an issued certificate.
Lifetime *durationpb.Duration `protobuf:"bytes,4,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
// The time at which the certificate becomes valid.
NotBeforeTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=not_before_time,json=notBeforeTime,proto3" json:"not_before_time,omitempty"`
// The time after which the certificate is expired.
// Per RFC 5280, the validity period for a certificate is the period of time
// from not_before_time through not_after_time, inclusive.
// Corresponds to 'not_before_time' + 'lifetime' - 1 second.
NotAfterTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=not_after_time,json=notAfterTime,proto3" json:"not_after_time,omitempty"`
// contains filtered or unexported fields
}These values describe fields in an issued X.509 certificate such as the distinguished name, subject alternative names, serial number, and lifetime.
func (*CertificateDescription_SubjectDescription) Descriptor
func (*CertificateDescription_SubjectDescription) Descriptor() ([]byte, []int)Deprecated: Use CertificateDescription_SubjectDescription.ProtoReflect.Descriptor instead.
func (*CertificateDescription_SubjectDescription) GetHexSerialNumber
func (x *CertificateDescription_SubjectDescription) GetHexSerialNumber() stringfunc (*CertificateDescription_SubjectDescription) GetLifetime
func (x *CertificateDescription_SubjectDescription) GetLifetime() *durationpb.Durationfunc (*CertificateDescription_SubjectDescription) GetNotAfterTime
func (x *CertificateDescription_SubjectDescription) GetNotAfterTime() *timestamppb.Timestampfunc (*CertificateDescription_SubjectDescription) GetNotBeforeTime
func (x *CertificateDescription_SubjectDescription) GetNotBeforeTime() *timestamppb.Timestampfunc (*CertificateDescription_SubjectDescription) GetSubject
func (x *CertificateDescription_SubjectDescription) GetSubject() *Subjectfunc (*CertificateDescription_SubjectDescription) GetSubjectAltName
func (x *CertificateDescription_SubjectDescription) GetSubjectAltName() *SubjectAltNamesfunc (*CertificateDescription_SubjectDescription) ProtoMessage
func (*CertificateDescription_SubjectDescription) ProtoMessage()func (*CertificateDescription_SubjectDescription) ProtoReflect
func (x *CertificateDescription_SubjectDescription) ProtoReflect() protoreflect.Messagefunc (*CertificateDescription_SubjectDescription) Reset
func (x *CertificateDescription_SubjectDescription) Reset()func (*CertificateDescription_SubjectDescription) String
func (x *CertificateDescription_SubjectDescription) String() stringCertificateExtensionConstraints
type CertificateExtensionConstraints struct {
// Optional. A set of named X.509 extensions. Will be combined with
// [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions]
// to determine the full set of X.509 extensions.
KnownExtensions []CertificateExtensionConstraints_KnownCertificateExtension `protobuf:"varint,1,rep,packed,name=known_extensions,json=knownExtensions,proto3,enum=google.cloud.security.privateca.v1.CertificateExtensionConstraints_KnownCertificateExtension" json:"known_extensions,omitempty"`
// Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId]
// identifying custom X.509 extensions. Will be combined with
// [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions]
// to determine the full set of X.509 extensions.
AdditionalExtensions []*ObjectId `protobuf:"bytes,2,rep,name=additional_extensions,json=additionalExtensions,proto3" json:"additional_extensions,omitempty"`
// contains filtered or unexported fields
}Describes a set of X.509 extensions that may be part of some certificate issuance controls.
func (*CertificateExtensionConstraints) Descriptor
func (*CertificateExtensionConstraints) Descriptor() ([]byte, []int)Deprecated: Use CertificateExtensionConstraints.ProtoReflect.Descriptor instead.
func (*CertificateExtensionConstraints) GetAdditionalExtensions
func (x *CertificateExtensionConstraints) GetAdditionalExtensions() []*ObjectIdfunc (*CertificateExtensionConstraints) GetKnownExtensions
func (x *CertificateExtensionConstraints) GetKnownExtensions() []CertificateExtensionConstraints_KnownCertificateExtensionfunc (*CertificateExtensionConstraints) ProtoMessage
func (*CertificateExtensionConstraints) ProtoMessage()func (*CertificateExtensionConstraints) ProtoReflect
func (x *CertificateExtensionConstraints) ProtoReflect() protoreflect.Messagefunc (*CertificateExtensionConstraints) Reset
func (x *CertificateExtensionConstraints) Reset()func (*CertificateExtensionConstraints) String
func (x *CertificateExtensionConstraints) String() stringCertificateExtensionConstraints_KnownCertificateExtension
type CertificateExtensionConstraints_KnownCertificateExtension int32Describes well-known X.509 extensions that can appear in a [Certificate][google.cloud.security.privateca.v1.Certificate], not including the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension.
CertificateExtensionConstraints_KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED, CertificateExtensionConstraints_BASE_KEY_USAGE, CertificateExtensionConstraints_EXTENDED_KEY_USAGE, CertificateExtensionConstraints_CA_OPTIONS, CertificateExtensionConstraints_POLICY_IDS, CertificateExtensionConstraints_AIA_OCSP_SERVERS, CertificateExtensionConstraints_NAME_CONSTRAINTS
const (
// Not specified.
CertificateExtensionConstraints_KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED CertificateExtensionConstraints_KnownCertificateExtension = 0
// Refers to a certificate's Key Usage extension, as described in [RFC 5280
// section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
// This corresponds to the
// [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage]
// field.
CertificateExtensionConstraints_BASE_KEY_USAGE CertificateExtensionConstraints_KnownCertificateExtension = 1
// Refers to a certificate's Extended Key Usage extension, as described in
// [RFC 5280
// section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
// This corresponds to the
// [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage]
// message.
CertificateExtensionConstraints_EXTENDED_KEY_USAGE CertificateExtensionConstraints_KnownCertificateExtension = 2
// Refers to a certificate's Basic Constraints extension, as described in
// [RFC 5280
// section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
// This corresponds to the
// [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options]
// field.
CertificateExtensionConstraints_CA_OPTIONS CertificateExtensionConstraints_KnownCertificateExtension = 3
// Refers to a certificate's Policy object identifiers, as described in
// [RFC 5280
// section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
// This corresponds to the
// [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids]
// field.
CertificateExtensionConstraints_POLICY_IDS CertificateExtensionConstraints_KnownCertificateExtension = 4
// Refers to OCSP servers in a certificate's Authority Information Access
// extension, as described in
// [RFC 5280
// section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
// This corresponds to the
// [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers]
// field.
CertificateExtensionConstraints_AIA_OCSP_SERVERS CertificateExtensionConstraints_KnownCertificateExtension = 5
// Refers to Name Constraints extension as described in
// [RFC 5280
// section 4.2.1.10](https://tools.ietf.org/html/rfc5280#section-4.2.1.10)
CertificateExtensionConstraints_NAME_CONSTRAINTS CertificateExtensionConstraints_KnownCertificateExtension = 6
)func (CertificateExtensionConstraints_KnownCertificateExtension) Descriptor
func (CertificateExtensionConstraints_KnownCertificateExtension) Descriptor() protoreflect.EnumDescriptorfunc (CertificateExtensionConstraints_KnownCertificateExtension) Enum
func (x CertificateExtensionConstraints_KnownCertificateExtension) Enum() *CertificateExtensionConstraints_KnownCertificateExtensionfunc (CertificateExtensionConstraints_KnownCertificateExtension) EnumDescriptor
func (CertificateExtensionConstraints_KnownCertificateExtension) EnumDescriptor() ([]byte, []int)Deprecated: Use CertificateExtensionConstraints_KnownCertificateExtension.Descriptor instead.
func (CertificateExtensionConstraints_KnownCertificateExtension) Number
func (x CertificateExtensionConstraints_KnownCertificateExtension) Number() protoreflect.EnumNumberfunc (CertificateExtensionConstraints_KnownCertificateExtension) String
func (x CertificateExtensionConstraints_KnownCertificateExtension) String() stringfunc (CertificateExtensionConstraints_KnownCertificateExtension) Type
CertificateIdentityConstraints
type CertificateIdentityConstraints struct {
// Optional. A CEL expression that may be used to validate the resolved X.509
// Subject and/or Subject Alternative Name before a certificate is signed. To
// see the full allowed syntax and some examples, see
// https://cloud.google.com/certificate-authority-service/docs/using-cel
CelExpression *expr.Expr `protobuf:"bytes,1,opt,name=cel_expression,json=celExpression,proto3" json:"cel_expression,omitempty"`
// Required. If this is true, the
// [Subject][google.cloud.security.privateca.v1.Subject] field may be copied
// from a certificate request into the signed certificate. Otherwise, the
// requested [Subject][google.cloud.security.privateca.v1.Subject] will be
// discarded.
AllowSubjectPassthrough *bool `protobuf:"varint,2,opt,name=allow_subject_passthrough,json=allowSubjectPassthrough,proto3,oneof" json:"allow_subject_passthrough,omitempty"`
// Required. If this is true, the
// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
// extension may be copied from a certificate request into the signed
// certificate. Otherwise, the requested
// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will
// be discarded.
AllowSubjectAltNamesPassthrough *bool `protobuf:"varint,3,opt,name=allow_subject_alt_names_passthrough,json=allowSubjectAltNamesPassthrough,proto3,oneof" json:"allow_subject_alt_names_passthrough,omitempty"`
// contains filtered or unexported fields
}Describes constraints on a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames].
func (*CertificateIdentityConstraints) Descriptor
func (*CertificateIdentityConstraints) Descriptor() ([]byte, []int)Deprecated: Use CertificateIdentityConstraints.ProtoReflect.Descriptor instead.
func (*CertificateIdentityConstraints) GetAllowSubjectAltNamesPassthrough
func (x *CertificateIdentityConstraints) GetAllowSubjectAltNamesPassthrough() boolfunc (*CertificateIdentityConstraints) GetAllowSubjectPassthrough
func (x *CertificateIdentityConstraints) GetAllowSubjectPassthrough() boolfunc (*CertificateIdentityConstraints) GetCelExpression
func (x *CertificateIdentityConstraints) GetCelExpression() *expr.Exprfunc (*CertificateIdentityConstraints) ProtoMessage
func (*CertificateIdentityConstraints) ProtoMessage()func (*CertificateIdentityConstraints) ProtoReflect
func (x *CertificateIdentityConstraints) ProtoReflect() protoreflect.Messagefunc (*CertificateIdentityConstraints) Reset
func (x *CertificateIdentityConstraints) Reset()func (*CertificateIdentityConstraints) String
func (x *CertificateIdentityConstraints) String() stringCertificateRevocationList
type CertificateRevocationList struct {
// Identifier. The resource name for this
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
// in the format `projects/*/locations/*/caPools/*certificateAuthorities/*/
//
// certificateRevocationLists/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Output only. The CRL sequence number that appears in pem_crl.
SequenceNumber int64 `protobuf:"varint,2,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"`
// Output only. The revoked serial numbers that appear in pem_crl.
RevokedCertificates []*CertificateRevocationList_RevokedCertificate `protobuf:"bytes,3,rep,name=revoked_certificates,json=revokedCertificates,proto3" json:"revoked_certificates,omitempty"`
// Output only. The PEM-encoded X.509 CRL.
PemCrl string `protobuf:"bytes,4,opt,name=pem_crl,json=pemCrl,proto3" json:"pem_crl,omitempty"`
// Output only. The location where 'pem_crl' can be accessed.
AccessUrl string `protobuf:"bytes,5,opt,name=access_url,json=accessUrl,proto3" json:"access_url,omitempty"`
// Output only. The
// [State][google.cloud.security.privateca.v1.CertificateRevocationList.State]
// for this
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
State CertificateRevocationList_State `protobuf:"varint,6,opt,name=state,proto3,enum=google.cloud.security.privateca.v1.CertificateRevocationList_State" json:"state,omitempty"`
// Output only. The time at which this
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
// was created.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. The time at which this
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
// was updated.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// Output only. The revision ID of this
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
// A new revision is committed whenever a new CRL is published. The format is
// an 8-character hexadecimal string.
RevisionId string `protobuf:"bytes,9,opt,name=revision_id,json=revisionId,proto3" json:"revision_id,omitempty"`
// Optional. Labels with user-defined metadata.
Labels map[string]string `protobuf:"bytes,10,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// contains filtered or unexported fields
}A [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] corresponds to a signed X.509 certificate Revocation List (CRL). A CRL contains the serial numbers of certificates that should no longer be trusted.
func (*CertificateRevocationList) Descriptor
func (*CertificateRevocationList) Descriptor() ([]byte, []int)Deprecated: Use CertificateRevocationList.ProtoReflect.Descriptor instead.
func (*CertificateRevocationList) GetAccessUrl
func (x *CertificateRevocationList) GetAccessUrl() stringfunc (*CertificateRevocationList) GetCreateTime
func (x *CertificateRevocationList) GetCreateTime() *timestamppb.Timestampfunc (*CertificateRevocationList) GetLabels
func (x *CertificateRevocationList) GetLabels() map[string]stringfunc (*CertificateRevocationList) GetName
func (x *CertificateRevocationList) GetName() stringfunc (*CertificateRevocationList) GetPemCrl
func (x *CertificateRevocationList) GetPemCrl() stringfunc (*CertificateRevocationList) GetRevisionId
func (x *CertificateRevocationList) GetRevisionId() stringfunc (*CertificateRevocationList) GetRevokedCertificates
func (x *CertificateRevocationList) GetRevokedCertificates() []*CertificateRevocationList_RevokedCertificatefunc (*CertificateRevocationList) GetSequenceNumber
func (x *CertificateRevocationList) GetSequenceNumber() int64func (*CertificateRevocationList) GetState
func (x *CertificateRevocationList) GetState() CertificateRevocationList_Statefunc (*CertificateRevocationList) GetUpdateTime
func (x *CertificateRevocationList) GetUpdateTime() *timestamppb.Timestampfunc (*CertificateRevocationList) ProtoMessage
func (*CertificateRevocationList) ProtoMessage()func (*CertificateRevocationList) ProtoReflect
func (x *CertificateRevocationList) ProtoReflect() protoreflect.Messagefunc (*CertificateRevocationList) Reset
func (x *CertificateRevocationList) Reset()func (*CertificateRevocationList) String
func (x *CertificateRevocationList) String() stringCertificateRevocationList_RevokedCertificate
type CertificateRevocationList_RevokedCertificate struct {
// The resource name for the
// [Certificate][google.cloud.security.privateca.v1.Certificate] in the
// format `projects/*/locations/*/caPools/*/certificates/*`.
Certificate string `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
// The serial number of the
// [Certificate][google.cloud.security.privateca.v1.Certificate].
HexSerialNumber string `protobuf:"bytes,2,opt,name=hex_serial_number,json=hexSerialNumber,proto3" json:"hex_serial_number,omitempty"`
// The reason the
// [Certificate][google.cloud.security.privateca.v1.Certificate] was
// revoked.
RevocationReason RevocationReason `protobuf:"varint,3,opt,name=revocation_reason,json=revocationReason,proto3,enum=google.cloud.security.privateca.v1.RevocationReason" json:"revocation_reason,omitempty"`
// contains filtered or unexported fields
}Describes a revoked [Certificate][google.cloud.security.privateca.v1.Certificate].
func (*CertificateRevocationList_RevokedCertificate) Descriptor
func (*CertificateRevocationList_RevokedCertificate) Descriptor() ([]byte, []int)Deprecated: Use CertificateRevocationList_RevokedCertificate.ProtoReflect.Descriptor instead.
func (*CertificateRevocationList_RevokedCertificate) GetCertificate
func (x *CertificateRevocationList_RevokedCertificate) GetCertificate() stringfunc (*CertificateRevocationList_RevokedCertificate) GetHexSerialNumber
func (x *CertificateRevocationList_RevokedCertificate) GetHexSerialNumber() stringfunc (*CertificateRevocationList_RevokedCertificate) GetRevocationReason
func (x *CertificateRevocationList_RevokedCertificate) GetRevocationReason() RevocationReasonfunc (*CertificateRevocationList_RevokedCertificate) ProtoMessage
func (*CertificateRevocationList_RevokedCertificate) ProtoMessage()func (*CertificateRevocationList_RevokedCertificate) ProtoReflect
func (x *CertificateRevocationList_RevokedCertificate) ProtoReflect() protoreflect.Messagefunc (*CertificateRevocationList_RevokedCertificate) Reset
func (x *CertificateRevocationList_RevokedCertificate) Reset()func (*CertificateRevocationList_RevokedCertificate) String
func (x *CertificateRevocationList_RevokedCertificate) String() stringCertificateRevocationList_State
type CertificateRevocationList_State int32The state of a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList], indicating if it is current.
CertificateRevocationList_STATE_UNSPECIFIED, CertificateRevocationList_ACTIVE, CertificateRevocationList_SUPERSEDED
const (
// Not specified.
CertificateRevocationList_STATE_UNSPECIFIED CertificateRevocationList_State = 0
// The
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
// is up to date.
CertificateRevocationList_ACTIVE CertificateRevocationList_State = 1
// The
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
// is no longer current.
CertificateRevocationList_SUPERSEDED CertificateRevocationList_State = 2
)func (CertificateRevocationList_State) Descriptor
func (CertificateRevocationList_State) Descriptor() protoreflect.EnumDescriptorfunc (CertificateRevocationList_State) Enum
func (x CertificateRevocationList_State) Enum() *CertificateRevocationList_Statefunc (CertificateRevocationList_State) EnumDescriptor
func (CertificateRevocationList_State) EnumDescriptor() ([]byte, []int)Deprecated: Use CertificateRevocationList_State.Descriptor instead.
func (CertificateRevocationList_State) Number
func (x CertificateRevocationList_State) Number() protoreflect.EnumNumberfunc (CertificateRevocationList_State) String
func (x CertificateRevocationList_State) String() stringfunc (CertificateRevocationList_State) Type
func (CertificateRevocationList_State) Type() protoreflect.EnumTypeCertificateTemplate
type CertificateTemplate struct {
// Identifier. The resource name for this
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// in the format `projects/*/locations/*/certificateTemplates/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The maximum lifetime allowed for issued
// [Certificates][google.cloud.security.privateca.v1.Certificate] that use
// this template. If the issuing
// [CaPool][google.cloud.security.privateca.v1.CaPool] resource's
// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
// specifies a
// [maximum_lifetime][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.maximum_lifetime]
// the minimum of the two durations will be the maximum lifetime for issued
// [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
// if the issuing
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// expires before a
// [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
// maximum_lifetime, the effective lifetime will be explicitly truncated
//
// to match it.
MaximumLifetime *durationpb.Duration `protobuf:"bytes,9,opt,name=maximum_lifetime,json=maximumLifetime,proto3" json:"maximum_lifetime,omitempty"`
// Optional. A set of X.509 values that will be applied to all issued
// certificates that use this template. If the certificate request includes
// conflicting values for the same properties, they will be overwritten by the
// values defined here. If the issuing
// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
// defines conflicting
// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
// for the same properties, the certificate issuance request will fail.
PredefinedValues *X509Parameters `protobuf:"bytes,2,opt,name=predefined_values,json=predefinedValues,proto3" json:"predefined_values,omitempty"`
// Optional. Describes constraints on identities that may be appear in
// [Certificates][google.cloud.security.privateca.v1.Certificate] issued using
// this template. If this is omitted, then this template will not add
// restrictions on a certificate's identity.
IdentityConstraints *CertificateIdentityConstraints `protobuf:"bytes,3,opt,name=identity_constraints,json=identityConstraints,proto3" json:"identity_constraints,omitempty"`
// Optional. Describes the set of X.509 extensions that may appear in a
// [Certificate][google.cloud.security.privateca.v1.Certificate] issued using
// this
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
// If a certificate request sets extensions that don't appear in the
// [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions],
// those extensions will be dropped. If the issuing
// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
// defines
// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
// that don't appear here, the certificate issuance request will fail. If this
// is omitted, then this template will not add restrictions on a certificate's
// X.509 extensions. These constraints do not apply to X.509 extensions set in
// this
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s
// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
PassthroughExtensions *CertificateExtensionConstraints `protobuf:"bytes,4,opt,name=passthrough_extensions,json=passthroughExtensions,proto3" json:"passthrough_extensions,omitempty"`
// Optional. A human-readable description of scenarios this template is
// intended for.
Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`
// Output only. The time at which this
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// was created.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. The time at which this
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// was updated.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// Optional. Labels with user-defined metadata.
Labels map[string]string `protobuf:"bytes,8,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// contains filtered or unexported fields
}A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] refers to a managed template for certificate issuance.
func (*CertificateTemplate) Descriptor
func (*CertificateTemplate) Descriptor() ([]byte, []int)Deprecated: Use CertificateTemplate.ProtoReflect.Descriptor instead.
func (*CertificateTemplate) GetCreateTime
func (x *CertificateTemplate) GetCreateTime() *timestamppb.Timestampfunc (*CertificateTemplate) GetDescription
func (x *CertificateTemplate) GetDescription() stringfunc (*CertificateTemplate) GetIdentityConstraints
func (x *CertificateTemplate) GetIdentityConstraints() *CertificateIdentityConstraintsfunc (*CertificateTemplate) GetLabels
func (x *CertificateTemplate) GetLabels() map[string]stringfunc (*CertificateTemplate) GetMaximumLifetime
func (x *CertificateTemplate) GetMaximumLifetime() *durationpb.Durationfunc (*CertificateTemplate) GetName
func (x *CertificateTemplate) GetName() stringfunc (*CertificateTemplate) GetPassthroughExtensions
func (x *CertificateTemplate) GetPassthroughExtensions() *CertificateExtensionConstraintsfunc (*CertificateTemplate) GetPredefinedValues
func (x *CertificateTemplate) GetPredefinedValues() *X509Parametersfunc (*CertificateTemplate) GetUpdateTime
func (x *CertificateTemplate) GetUpdateTime() *timestamppb.Timestampfunc (*CertificateTemplate) ProtoMessage
func (*CertificateTemplate) ProtoMessage()func (*CertificateTemplate) ProtoReflect
func (x *CertificateTemplate) ProtoReflect() protoreflect.Messagefunc (*CertificateTemplate) Reset
func (x *CertificateTemplate) Reset()func (*CertificateTemplate) String
func (x *CertificateTemplate) String() stringCertificate_Config
type Certificate_Config struct {
// Immutable. A description of the certificate and key that does not require
// X.509 or ASN.1.
Config *CertificateConfig `protobuf:"bytes,3,opt,name=config,proto3,oneof"`
}Certificate_PemCsr
type Certificate_PemCsr struct {
// Immutable. A pem-encoded X.509 certificate signing request (CSR).
PemCsr string `protobuf:"bytes,2,opt,name=pem_csr,json=pemCsr,proto3,oneof"`
}Certificate_RevocationDetails
type Certificate_RevocationDetails struct {
// Indicates why a
// [Certificate][google.cloud.security.privateca.v1.Certificate] was
// revoked.
RevocationState RevocationReason `protobuf:"varint,1,opt,name=revocation_state,json=revocationState,proto3,enum=google.cloud.security.privateca.v1.RevocationReason" json:"revocation_state,omitempty"`
// The time at which this
// [Certificate][google.cloud.security.privateca.v1.Certificate] was
// revoked.
RevocationTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=revocation_time,json=revocationTime,proto3" json:"revocation_time,omitempty"`
// contains filtered or unexported fields
}Describes fields that are relavent to the revocation of a [Certificate][google.cloud.security.privateca.v1.Certificate].
func (*Certificate_RevocationDetails) Descriptor
func (*Certificate_RevocationDetails) Descriptor() ([]byte, []int)Deprecated: Use Certificate_RevocationDetails.ProtoReflect.Descriptor instead.
func (*Certificate_RevocationDetails) GetRevocationState
func (x *Certificate_RevocationDetails) GetRevocationState() RevocationReasonfunc (*Certificate_RevocationDetails) GetRevocationTime
func (x *Certificate_RevocationDetails) GetRevocationTime() *timestamppb.Timestampfunc (*Certificate_RevocationDetails) ProtoMessage
func (*Certificate_RevocationDetails) ProtoMessage()func (*Certificate_RevocationDetails) ProtoReflect
func (x *Certificate_RevocationDetails) ProtoReflect() protoreflect.Messagefunc (*Certificate_RevocationDetails) Reset
func (x *Certificate_RevocationDetails) Reset()func (*Certificate_RevocationDetails) String
func (x *Certificate_RevocationDetails) String() stringCreateCaPoolRequest
type CreateCaPoolRequest struct {
// Required. The resource name of the location associated with the
// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
// `projects/*/locations/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`
CaPoolId string `protobuf:"bytes,2,opt,name=ca_pool_id,json=caPoolId,proto3" json:"ca_pool_id,omitempty"`
// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
// initial field values.
CaPool *CaPool `protobuf:"bytes,3,opt,name=ca_pool,json=caPool,proto3" json:"ca_pool,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.CreateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool].
func (*CreateCaPoolRequest) Descriptor
func (*CreateCaPoolRequest) Descriptor() ([]byte, []int)Deprecated: Use CreateCaPoolRequest.ProtoReflect.Descriptor instead.
func (*CreateCaPoolRequest) GetCaPool
func (x *CreateCaPoolRequest) GetCaPool() *CaPoolfunc (*CreateCaPoolRequest) GetCaPoolId
func (x *CreateCaPoolRequest) GetCaPoolId() stringfunc (*CreateCaPoolRequest) GetParent
func (x *CreateCaPoolRequest) GetParent() stringfunc (*CreateCaPoolRequest) GetRequestId
func (x *CreateCaPoolRequest) GetRequestId() stringfunc (*CreateCaPoolRequest) ProtoMessage
func (*CreateCaPoolRequest) ProtoMessage()func (*CreateCaPoolRequest) ProtoReflect
func (x *CreateCaPoolRequest) ProtoReflect() protoreflect.Messagefunc (*CreateCaPoolRequest) Reset
func (x *CreateCaPoolRequest) Reset()func (*CreateCaPoolRequest) String
func (x *CreateCaPoolRequest) String() stringCreateCertificateAuthorityRequest
type CreateCertificateAuthorityRequest struct {
// Required. The resource name of the
// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
// in the format `projects/*/locations/*/caPools/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`
CertificateAuthorityId string `protobuf:"bytes,2,opt,name=certificate_authority_id,json=certificateAuthorityId,proto3" json:"certificate_authority_id,omitempty"`
// Required. A
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// with initial field values.
CertificateAuthority *CertificateAuthority `protobuf:"bytes,3,opt,name=certificate_authority,json=certificateAuthority,proto3" json:"certificate_authority,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority].
func (*CreateCertificateAuthorityRequest) Descriptor
func (*CreateCertificateAuthorityRequest) Descriptor() ([]byte, []int)Deprecated: Use CreateCertificateAuthorityRequest.ProtoReflect.Descriptor instead.
func (*CreateCertificateAuthorityRequest) GetCertificateAuthority
func (x *CreateCertificateAuthorityRequest) GetCertificateAuthority() *CertificateAuthorityfunc (*CreateCertificateAuthorityRequest) GetCertificateAuthorityId
func (x *CreateCertificateAuthorityRequest) GetCertificateAuthorityId() stringfunc (*CreateCertificateAuthorityRequest) GetParent
func (x *CreateCertificateAuthorityRequest) GetParent() stringfunc (*CreateCertificateAuthorityRequest) GetRequestId
func (x *CreateCertificateAuthorityRequest) GetRequestId() stringfunc (*CreateCertificateAuthorityRequest) ProtoMessage
func (*CreateCertificateAuthorityRequest) ProtoMessage()func (*CreateCertificateAuthorityRequest) ProtoReflect
func (x *CreateCertificateAuthorityRequest) ProtoReflect() protoreflect.Messagefunc (*CreateCertificateAuthorityRequest) Reset
func (x *CreateCertificateAuthorityRequest) Reset()func (*CreateCertificateAuthorityRequest) String
func (x *CreateCertificateAuthorityRequest) String() stringCreateCertificateRequest
type CreateCertificateRequest struct {
// Required. The resource name of the
// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
// [Certificate][google.cloud.security.privateca.v1.Certificate], in the
// format `projects/*/locations/*/caPools/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in the Enterprise
// [CertificateAuthority.tier][google.cloud.security.privateca.v1.CertificateAuthority.tier],
// but is optional and its value is ignored otherwise.
CertificateId string `protobuf:"bytes,2,opt,name=certificate_id,json=certificateId,proto3" json:"certificate_id,omitempty"`
// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
// with initial field values.
Certificate *Certificate `protobuf:"bytes,3,opt,name=certificate,proto3" json:"certificate,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and the
// request times out. If you make the request again with the same request ID,
// the server can check if original operation with the same request ID was
// received, and if so, will ignore the second request. This prevents clients
// from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// Optional. If this is true, no
// [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
// be persisted regardless of the
// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
// [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
// [Certificate][google.cloud.security.privateca.v1.Certificate] will not
// contain the
// [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
// field.
ValidateOnly bool `protobuf:"varint,5,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
// Optional. The resource ID of the
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// that should issue the certificate. This optional field will ignore the
// load-balancing scheme of the Pool and directly issue the certificate from
// the CA with the specified ID, contained in the same
// [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
// Per-CA quota rules apply. If left empty, a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
// by the service. For example, to issue a
// [Certificate][google.cloud.security.privateca.v1.Certificate] from a
// Certificate Authority with resource name
// "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
// you can set the
// [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
// to "projects/my-project/locations/us-central1/caPools/my-pool" and the
// [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
// to "my-ca".
IssuingCertificateAuthorityId string `protobuf:"bytes,6,opt,name=issuing_certificate_authority_id,json=issuingCertificateAuthorityId,proto3" json:"issuing_certificate_authority_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
func (*CreateCertificateRequest) Descriptor
func (*CreateCertificateRequest) Descriptor() ([]byte, []int)Deprecated: Use CreateCertificateRequest.ProtoReflect.Descriptor instead.
func (*CreateCertificateRequest) GetCertificate
func (x *CreateCertificateRequest) GetCertificate() *Certificatefunc (*CreateCertificateRequest) GetCertificateId
func (x *CreateCertificateRequest) GetCertificateId() stringfunc (*CreateCertificateRequest) GetIssuingCertificateAuthorityId
func (x *CreateCertificateRequest) GetIssuingCertificateAuthorityId() stringfunc (*CreateCertificateRequest) GetParent
func (x *CreateCertificateRequest) GetParent() stringfunc (*CreateCertificateRequest) GetRequestId
func (x *CreateCertificateRequest) GetRequestId() stringfunc (*CreateCertificateRequest) GetValidateOnly
func (x *CreateCertificateRequest) GetValidateOnly() boolfunc (*CreateCertificateRequest) ProtoMessage
func (*CreateCertificateRequest) ProtoMessage()func (*CreateCertificateRequest) ProtoReflect
func (x *CreateCertificateRequest) ProtoReflect() protoreflect.Messagefunc (*CreateCertificateRequest) Reset
func (x *CreateCertificateRequest) Reset()func (*CreateCertificateRequest) String
func (x *CreateCertificateRequest) String() stringCreateCertificateTemplateRequest
type CreateCertificateTemplateRequest struct {
// Required. The resource name of the location associated with the
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
// in the format `projects/*/locations/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`
CertificateTemplateId string `protobuf:"bytes,2,opt,name=certificate_template_id,json=certificateTemplateId,proto3" json:"certificate_template_id,omitempty"`
// Required. A
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// with initial field values.
CertificateTemplate *CertificateTemplate `protobuf:"bytes,3,opt,name=certificate_template,json=certificateTemplate,proto3" json:"certificate_template,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.CreateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate].
func (*CreateCertificateTemplateRequest) Descriptor
func (*CreateCertificateTemplateRequest) Descriptor() ([]byte, []int)Deprecated: Use CreateCertificateTemplateRequest.ProtoReflect.Descriptor instead.
func (*CreateCertificateTemplateRequest) GetCertificateTemplate
func (x *CreateCertificateTemplateRequest) GetCertificateTemplate() *CertificateTemplatefunc (*CreateCertificateTemplateRequest) GetCertificateTemplateId
func (x *CreateCertificateTemplateRequest) GetCertificateTemplateId() stringfunc (*CreateCertificateTemplateRequest) GetParent
func (x *CreateCertificateTemplateRequest) GetParent() stringfunc (*CreateCertificateTemplateRequest) GetRequestId
func (x *CreateCertificateTemplateRequest) GetRequestId() stringfunc (*CreateCertificateTemplateRequest) ProtoMessage
func (*CreateCertificateTemplateRequest) ProtoMessage()func (*CreateCertificateTemplateRequest) ProtoReflect
func (x *CreateCertificateTemplateRequest) ProtoReflect() protoreflect.Messagefunc (*CreateCertificateTemplateRequest) Reset
func (x *CreateCertificateTemplateRequest) Reset()func (*CreateCertificateTemplateRequest) String
func (x *CreateCertificateTemplateRequest) String() stringDeleteCaPoolRequest
type DeleteCaPoolRequest struct {
// Required. The resource name for this
// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
// `projects/*/locations/*/caPools/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// Optional. This field allows this pool to be deleted even if it's being
// depended on by another resource. However, doing so may result in unintended
// and unrecoverable effects on any dependent resources since the pool will
// no longer be able to issue certificates.
IgnoreDependentResources bool `protobuf:"varint,4,opt,name=ignore_dependent_resources,json=ignoreDependentResources,proto3" json:"ignore_dependent_resources,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.DeleteCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool].
func (*DeleteCaPoolRequest) Descriptor
func (*DeleteCaPoolRequest) Descriptor() ([]byte, []int)Deprecated: Use DeleteCaPoolRequest.ProtoReflect.Descriptor instead.
func (*DeleteCaPoolRequest) GetIgnoreDependentResources
func (x *DeleteCaPoolRequest) GetIgnoreDependentResources() boolfunc (*DeleteCaPoolRequest) GetName
func (x *DeleteCaPoolRequest) GetName() stringfunc (*DeleteCaPoolRequest) GetRequestId
func (x *DeleteCaPoolRequest) GetRequestId() stringfunc (*DeleteCaPoolRequest) ProtoMessage
func (*DeleteCaPoolRequest) ProtoMessage()func (*DeleteCaPoolRequest) ProtoReflect
func (x *DeleteCaPoolRequest) ProtoReflect() protoreflect.Messagefunc (*DeleteCaPoolRequest) Reset
func (x *DeleteCaPoolRequest) Reset()func (*DeleteCaPoolRequest) String
func (x *DeleteCaPoolRequest) String() stringDeleteCertificateAuthorityRequest
type DeleteCertificateAuthorityRequest struct {
// Required. The resource name for this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// Optional. This field allows the CA to be deleted even if the CA has
// active certs. Active certs include both unrevoked and unexpired certs.
IgnoreActiveCertificates bool `protobuf:"varint,4,opt,name=ignore_active_certificates,json=ignoreActiveCertificates,proto3" json:"ignore_active_certificates,omitempty"`
// Optional. If this flag is set, the Certificate Authority will be deleted as
// soon as possible without a 30-day grace period where undeletion would have
// been allowed. If you proceed, there will be no way to recover this CA.
SkipGracePeriod bool `protobuf:"varint,5,opt,name=skip_grace_period,json=skipGracePeriod,proto3" json:"skip_grace_period,omitempty"`
// Optional. This field allows this CA to be deleted even if it's being
// depended on by another resource. However, doing so may result in unintended
// and unrecoverable effects on any dependent resources since the CA will
// no longer be able to issue certificates.
IgnoreDependentResources bool `protobuf:"varint,6,opt,name=ignore_dependent_resources,json=ignoreDependentResources,proto3" json:"ignore_dependent_resources,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.DeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority].
func (*DeleteCertificateAuthorityRequest) Descriptor
func (*DeleteCertificateAuthorityRequest) Descriptor() ([]byte, []int)Deprecated: Use DeleteCertificateAuthorityRequest.ProtoReflect.Descriptor instead.
func (*DeleteCertificateAuthorityRequest) GetIgnoreActiveCertificates
func (x *DeleteCertificateAuthorityRequest) GetIgnoreActiveCertificates() boolfunc (*DeleteCertificateAuthorityRequest) GetIgnoreDependentResources
func (x *DeleteCertificateAuthorityRequest) GetIgnoreDependentResources() boolfunc (*DeleteCertificateAuthorityRequest) GetName
func (x *DeleteCertificateAuthorityRequest) GetName() stringfunc (*DeleteCertificateAuthorityRequest) GetRequestId
func (x *DeleteCertificateAuthorityRequest) GetRequestId() stringfunc (*DeleteCertificateAuthorityRequest) GetSkipGracePeriod
func (x *DeleteCertificateAuthorityRequest) GetSkipGracePeriod() boolfunc (*DeleteCertificateAuthorityRequest) ProtoMessage
func (*DeleteCertificateAuthorityRequest) ProtoMessage()func (*DeleteCertificateAuthorityRequest) ProtoReflect
func (x *DeleteCertificateAuthorityRequest) ProtoReflect() protoreflect.Messagefunc (*DeleteCertificateAuthorityRequest) Reset
func (x *DeleteCertificateAuthorityRequest) Reset()func (*DeleteCertificateAuthorityRequest) String
func (x *DeleteCertificateAuthorityRequest) String() stringDeleteCertificateTemplateRequest
type DeleteCertificateTemplateRequest struct {
// Required. The resource name for this
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// in the format `projects/*/locations/*/certificateTemplates/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.DeleteCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate].
func (*DeleteCertificateTemplateRequest) Descriptor
func (*DeleteCertificateTemplateRequest) Descriptor() ([]byte, []int)Deprecated: Use DeleteCertificateTemplateRequest.ProtoReflect.Descriptor instead.
func (*DeleteCertificateTemplateRequest) GetName
func (x *DeleteCertificateTemplateRequest) GetName() stringfunc (*DeleteCertificateTemplateRequest) GetRequestId
func (x *DeleteCertificateTemplateRequest) GetRequestId() stringfunc (*DeleteCertificateTemplateRequest) ProtoMessage
func (*DeleteCertificateTemplateRequest) ProtoMessage()func (*DeleteCertificateTemplateRequest) ProtoReflect
func (x *DeleteCertificateTemplateRequest) ProtoReflect() protoreflect.Messagefunc (*DeleteCertificateTemplateRequest) Reset
func (x *DeleteCertificateTemplateRequest) Reset()func (*DeleteCertificateTemplateRequest) String
func (x *DeleteCertificateTemplateRequest) String() stringDisableCertificateAuthorityRequest
type DisableCertificateAuthorityRequest struct {
// Required. The resource name for this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// Optional. This field allows this CA to be disabled even if it's being
// depended on by another resource. However, doing so may result in unintended
// and unrecoverable effects on any dependent resources since the CA will
// no longer be able to issue certificates.
IgnoreDependentResources bool `protobuf:"varint,3,opt,name=ignore_dependent_resources,json=ignoreDependentResources,proto3" json:"ignore_dependent_resources,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority].
func (*DisableCertificateAuthorityRequest) Descriptor
func (*DisableCertificateAuthorityRequest) Descriptor() ([]byte, []int)Deprecated: Use DisableCertificateAuthorityRequest.ProtoReflect.Descriptor instead.
func (*DisableCertificateAuthorityRequest) GetIgnoreDependentResources
func (x *DisableCertificateAuthorityRequest) GetIgnoreDependentResources() boolfunc (*DisableCertificateAuthorityRequest) GetName
func (x *DisableCertificateAuthorityRequest) GetName() stringfunc (*DisableCertificateAuthorityRequest) GetRequestId
func (x *DisableCertificateAuthorityRequest) GetRequestId() stringfunc (*DisableCertificateAuthorityRequest) ProtoMessage
func (*DisableCertificateAuthorityRequest) ProtoMessage()func (*DisableCertificateAuthorityRequest) ProtoReflect
func (x *DisableCertificateAuthorityRequest) ProtoReflect() protoreflect.Messagefunc (*DisableCertificateAuthorityRequest) Reset
func (x *DisableCertificateAuthorityRequest) Reset()func (*DisableCertificateAuthorityRequest) String
func (x *DisableCertificateAuthorityRequest) String() stringEnableCertificateAuthorityRequest
type EnableCertificateAuthorityRequest struct {
// Required. The resource name for this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority].
func (*EnableCertificateAuthorityRequest) Descriptor
func (*EnableCertificateAuthorityRequest) Descriptor() ([]byte, []int)Deprecated: Use EnableCertificateAuthorityRequest.ProtoReflect.Descriptor instead.
func (*EnableCertificateAuthorityRequest) GetName
func (x *EnableCertificateAuthorityRequest) GetName() stringfunc (*EnableCertificateAuthorityRequest) GetRequestId
func (x *EnableCertificateAuthorityRequest) GetRequestId() stringfunc (*EnableCertificateAuthorityRequest) ProtoMessage
func (*EnableCertificateAuthorityRequest) ProtoMessage()func (*EnableCertificateAuthorityRequest) ProtoReflect
func (x *EnableCertificateAuthorityRequest) ProtoReflect() protoreflect.Messagefunc (*EnableCertificateAuthorityRequest) Reset
func (x *EnableCertificateAuthorityRequest) Reset()func (*EnableCertificateAuthorityRequest) String
func (x *EnableCertificateAuthorityRequest) String() stringFetchCaCertsRequest
type FetchCaCertsRequest struct {
// Required. The resource name for the
// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
// `projects/*/locations/*/caPools/*`.
CaPool string `protobuf:"bytes,1,opt,name=ca_pool,json=caPool,proto3" json:"ca_pool,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
func (*FetchCaCertsRequest) Descriptor
func (*FetchCaCertsRequest) Descriptor() ([]byte, []int)Deprecated: Use FetchCaCertsRequest.ProtoReflect.Descriptor instead.
func (*FetchCaCertsRequest) GetCaPool
func (x *FetchCaCertsRequest) GetCaPool() stringfunc (*FetchCaCertsRequest) GetRequestId
func (x *FetchCaCertsRequest) GetRequestId() stringfunc (*FetchCaCertsRequest) ProtoMessage
func (*FetchCaCertsRequest) ProtoMessage()func (*FetchCaCertsRequest) ProtoReflect
func (x *FetchCaCertsRequest) ProtoReflect() protoreflect.Messagefunc (*FetchCaCertsRequest) Reset
func (x *FetchCaCertsRequest) Reset()func (*FetchCaCertsRequest) String
func (x *FetchCaCertsRequest) String() stringFetchCaCertsResponse
type FetchCaCertsResponse struct {
// The PEM encoded CA certificate chains of all certificate authorities in
// this [CaPool][google.cloud.security.privateca.v1.CaPool] in the ENABLED,
// DISABLED, or STAGED states.
CaCerts []*FetchCaCertsResponse_CertChain `protobuf:"bytes,1,rep,name=ca_certs,json=caCerts,proto3" json:"ca_certs,omitempty"`
// contains filtered or unexported fields
}Response message for [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
func (*FetchCaCertsResponse) Descriptor
func (*FetchCaCertsResponse) Descriptor() ([]byte, []int)Deprecated: Use FetchCaCertsResponse.ProtoReflect.Descriptor instead.
func (*FetchCaCertsResponse) GetCaCerts
func (x *FetchCaCertsResponse) GetCaCerts() []*FetchCaCertsResponse_CertChainfunc (*FetchCaCertsResponse) ProtoMessage
func (*FetchCaCertsResponse) ProtoMessage()func (*FetchCaCertsResponse) ProtoReflect
func (x *FetchCaCertsResponse) ProtoReflect() protoreflect.Messagefunc (*FetchCaCertsResponse) Reset
func (x *FetchCaCertsResponse) Reset()func (*FetchCaCertsResponse) String
func (x *FetchCaCertsResponse) String() stringFetchCaCertsResponse_CertChain
type FetchCaCertsResponse_CertChain struct {
// The certificates that form the CA chain, from leaf to root order.
Certificates []string `protobuf:"bytes,1,rep,name=certificates,proto3" json:"certificates,omitempty"`
// contains filtered or unexported fields
}func (*FetchCaCertsResponse_CertChain) Descriptor
func (*FetchCaCertsResponse_CertChain) Descriptor() ([]byte, []int)Deprecated: Use FetchCaCertsResponse_CertChain.ProtoReflect.Descriptor instead.
func (*FetchCaCertsResponse_CertChain) GetCertificates
func (x *FetchCaCertsResponse_CertChain) GetCertificates() []stringfunc (*FetchCaCertsResponse_CertChain) ProtoMessage
func (*FetchCaCertsResponse_CertChain) ProtoMessage()func (*FetchCaCertsResponse_CertChain) ProtoReflect
func (x *FetchCaCertsResponse_CertChain) ProtoReflect() protoreflect.Messagefunc (*FetchCaCertsResponse_CertChain) Reset
func (x *FetchCaCertsResponse_CertChain) Reset()func (*FetchCaCertsResponse_CertChain) String
func (x *FetchCaCertsResponse_CertChain) String() stringFetchCertificateAuthorityCsrRequest
type FetchCertificateAuthorityCsrRequest struct {
// Required. The resource name for this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
func (*FetchCertificateAuthorityCsrRequest) Descriptor
func (*FetchCertificateAuthorityCsrRequest) Descriptor() ([]byte, []int)Deprecated: Use FetchCertificateAuthorityCsrRequest.ProtoReflect.Descriptor instead.
func (*FetchCertificateAuthorityCsrRequest) GetName
func (x *FetchCertificateAuthorityCsrRequest) GetName() stringfunc (*FetchCertificateAuthorityCsrRequest) ProtoMessage
func (*FetchCertificateAuthorityCsrRequest) ProtoMessage()func (*FetchCertificateAuthorityCsrRequest) ProtoReflect
func (x *FetchCertificateAuthorityCsrRequest) ProtoReflect() protoreflect.Messagefunc (*FetchCertificateAuthorityCsrRequest) Reset
func (x *FetchCertificateAuthorityCsrRequest) Reset()func (*FetchCertificateAuthorityCsrRequest) String
func (x *FetchCertificateAuthorityCsrRequest) String() stringFetchCertificateAuthorityCsrResponse
type FetchCertificateAuthorityCsrResponse struct {
// Output only. The PEM-encoded signed certificate signing request (CSR).
PemCsr string `protobuf:"bytes,1,opt,name=pem_csr,json=pemCsr,proto3" json:"pem_csr,omitempty"`
// contains filtered or unexported fields
}Response message for [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
func (*FetchCertificateAuthorityCsrResponse) Descriptor
func (*FetchCertificateAuthorityCsrResponse) Descriptor() ([]byte, []int)Deprecated: Use FetchCertificateAuthorityCsrResponse.ProtoReflect.Descriptor instead.
func (*FetchCertificateAuthorityCsrResponse) GetPemCsr
func (x *FetchCertificateAuthorityCsrResponse) GetPemCsr() stringfunc (*FetchCertificateAuthorityCsrResponse) ProtoMessage
func (*FetchCertificateAuthorityCsrResponse) ProtoMessage()func (*FetchCertificateAuthorityCsrResponse) ProtoReflect
func (x *FetchCertificateAuthorityCsrResponse) ProtoReflect() protoreflect.Messagefunc (*FetchCertificateAuthorityCsrResponse) Reset
func (x *FetchCertificateAuthorityCsrResponse) Reset()func (*FetchCertificateAuthorityCsrResponse) String
func (x *FetchCertificateAuthorityCsrResponse) String() stringGetCaPoolRequest
type GetCaPoolRequest struct {
// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
// [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
func (*GetCaPoolRequest) Descriptor
func (*GetCaPoolRequest) Descriptor() ([]byte, []int)Deprecated: Use GetCaPoolRequest.ProtoReflect.Descriptor instead.
func (*GetCaPoolRequest) GetName
func (x *GetCaPoolRequest) GetName() stringfunc (*GetCaPoolRequest) ProtoMessage
func (*GetCaPoolRequest) ProtoMessage()func (*GetCaPoolRequest) ProtoReflect
func (x *GetCaPoolRequest) ProtoReflect() protoreflect.Messagefunc (*GetCaPoolRequest) Reset
func (x *GetCaPoolRequest) Reset()func (*GetCaPoolRequest) String
func (x *GetCaPoolRequest) String() stringGetCertificateAuthorityRequest
type GetCertificateAuthorityRequest struct {
// Required. The
// [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
func (*GetCertificateAuthorityRequest) Descriptor
func (*GetCertificateAuthorityRequest) Descriptor() ([]byte, []int)Deprecated: Use GetCertificateAuthorityRequest.ProtoReflect.Descriptor instead.
func (*GetCertificateAuthorityRequest) GetName
func (x *GetCertificateAuthorityRequest) GetName() stringfunc (*GetCertificateAuthorityRequest) ProtoMessage
func (*GetCertificateAuthorityRequest) ProtoMessage()func (*GetCertificateAuthorityRequest) ProtoReflect
func (x *GetCertificateAuthorityRequest) ProtoReflect() protoreflect.Messagefunc (*GetCertificateAuthorityRequest) Reset
func (x *GetCertificateAuthorityRequest) Reset()func (*GetCertificateAuthorityRequest) String
func (x *GetCertificateAuthorityRequest) String() stringGetCertificateRequest
type GetCertificateRequest struct {
// Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
// of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
// get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate].
func (*GetCertificateRequest) Descriptor
func (*GetCertificateRequest) Descriptor() ([]byte, []int)Deprecated: Use GetCertificateRequest.ProtoReflect.Descriptor instead.
func (*GetCertificateRequest) GetName
func (x *GetCertificateRequest) GetName() stringfunc (*GetCertificateRequest) ProtoMessage
func (*GetCertificateRequest) ProtoMessage()func (*GetCertificateRequest) ProtoReflect
func (x *GetCertificateRequest) ProtoReflect() protoreflect.Messagefunc (*GetCertificateRequest) Reset
func (x *GetCertificateRequest) Reset()func (*GetCertificateRequest) String
func (x *GetCertificateRequest) String() stringGetCertificateRevocationListRequest
type GetCertificateRevocationListRequest struct {
// Required. The
// [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
// of the
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
// to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList].
func (*GetCertificateRevocationListRequest) Descriptor
func (*GetCertificateRevocationListRequest) Descriptor() ([]byte, []int)Deprecated: Use GetCertificateRevocationListRequest.ProtoReflect.Descriptor instead.
func (*GetCertificateRevocationListRequest) GetName
func (x *GetCertificateRevocationListRequest) GetName() stringfunc (*GetCertificateRevocationListRequest) ProtoMessage
func (*GetCertificateRevocationListRequest) ProtoMessage()func (*GetCertificateRevocationListRequest) ProtoReflect
func (x *GetCertificateRevocationListRequest) ProtoReflect() protoreflect.Messagefunc (*GetCertificateRevocationListRequest) Reset
func (x *GetCertificateRevocationListRequest) Reset()func (*GetCertificateRevocationListRequest) String
func (x *GetCertificateRevocationListRequest) String() stringGetCertificateTemplateRequest
type GetCertificateTemplateRequest struct {
// Required. The
// [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.GetCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate].
func (*GetCertificateTemplateRequest) Descriptor
func (*GetCertificateTemplateRequest) Descriptor() ([]byte, []int)Deprecated: Use GetCertificateTemplateRequest.ProtoReflect.Descriptor instead.
func (*GetCertificateTemplateRequest) GetName
func (x *GetCertificateTemplateRequest) GetName() stringfunc (*GetCertificateTemplateRequest) ProtoMessage
func (*GetCertificateTemplateRequest) ProtoMessage()func (*GetCertificateTemplateRequest) ProtoReflect
func (x *GetCertificateTemplateRequest) ProtoReflect() protoreflect.Messagefunc (*GetCertificateTemplateRequest) Reset
func (x *GetCertificateTemplateRequest) Reset()func (*GetCertificateTemplateRequest) String
func (x *GetCertificateTemplateRequest) String() stringKeyUsage
type KeyUsage struct {
// Describes high-level ways in which a key may be used.
BaseKeyUsage *KeyUsage_KeyUsageOptions `protobuf:"bytes,1,opt,name=base_key_usage,json=baseKeyUsage,proto3" json:"base_key_usage,omitempty"`
// Detailed scenarios in which a key may be used.
ExtendedKeyUsage *KeyUsage_ExtendedKeyUsageOptions `protobuf:"bytes,2,opt,name=extended_key_usage,json=extendedKeyUsage,proto3" json:"extended_key_usage,omitempty"`
// Used to describe extended key usages that are not listed in the
// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
// message.
UnknownExtendedKeyUsages []*ObjectId `protobuf:"bytes,3,rep,name=unknown_extended_key_usages,json=unknownExtendedKeyUsages,proto3" json:"unknown_extended_key_usages,omitempty"`
// contains filtered or unexported fields
}A [KeyUsage][google.cloud.security.privateca.v1.KeyUsage] describes key usage values that may appear in an X.509 certificate.
func (*KeyUsage) Descriptor
Deprecated: Use KeyUsage.ProtoReflect.Descriptor instead.
func (*KeyUsage) GetBaseKeyUsage
func (x *KeyUsage) GetBaseKeyUsage() *KeyUsage_KeyUsageOptionsfunc (*KeyUsage) GetExtendedKeyUsage
func (x *KeyUsage) GetExtendedKeyUsage() *KeyUsage_ExtendedKeyUsageOptionsfunc (*KeyUsage) GetUnknownExtendedKeyUsages
func (*KeyUsage) ProtoMessage
func (*KeyUsage) ProtoMessage()func (*KeyUsage) ProtoReflect
func (x *KeyUsage) ProtoReflect() protoreflect.Messagefunc (*KeyUsage) Reset
func (x *KeyUsage) Reset()func (*KeyUsage) String
KeyUsage_ExtendedKeyUsageOptions
type KeyUsage_ExtendedKeyUsageOptions struct {
// Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
// server authentication", though regularly used for non-WWW TLS.
ServerAuth bool `protobuf:"varint,1,opt,name=server_auth,json=serverAuth,proto3" json:"server_auth,omitempty"`
// Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
// client authentication", though regularly used for non-WWW TLS.
ClientAuth bool `protobuf:"varint,2,opt,name=client_auth,json=clientAuth,proto3" json:"client_auth,omitempty"`
// Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
// downloadable executable code client authentication".
CodeSigning bool `protobuf:"varint,3,opt,name=code_signing,json=codeSigning,proto3" json:"code_signing,omitempty"`
// Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
// protection".
EmailProtection bool `protobuf:"varint,4,opt,name=email_protection,json=emailProtection,proto3" json:"email_protection,omitempty"`
// Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
// the hash of an object to a time".
TimeStamping bool `protobuf:"varint,5,opt,name=time_stamping,json=timeStamping,proto3" json:"time_stamping,omitempty"`
// Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
// OCSP responses".
OcspSigning bool `protobuf:"varint,6,opt,name=ocsp_signing,json=ocspSigning,proto3" json:"ocsp_signing,omitempty"`
// contains filtered or unexported fields
}[KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] has fields that correspond to certain common OIDs that could be specified as an extended key usage value.
func (*KeyUsage_ExtendedKeyUsageOptions) Descriptor
func (*KeyUsage_ExtendedKeyUsageOptions) Descriptor() ([]byte, []int)Deprecated: Use KeyUsage_ExtendedKeyUsageOptions.ProtoReflect.Descriptor instead.
func (*KeyUsage_ExtendedKeyUsageOptions) GetClientAuth
func (x *KeyUsage_ExtendedKeyUsageOptions) GetClientAuth() boolfunc (*KeyUsage_ExtendedKeyUsageOptions) GetCodeSigning
func (x *KeyUsage_ExtendedKeyUsageOptions) GetCodeSigning() boolfunc (*KeyUsage_ExtendedKeyUsageOptions) GetEmailProtection
func (x *KeyUsage_ExtendedKeyUsageOptions) GetEmailProtection() boolfunc (*KeyUsage_ExtendedKeyUsageOptions) GetOcspSigning
func (x *KeyUsage_ExtendedKeyUsageOptions) GetOcspSigning() boolfunc (*KeyUsage_ExtendedKeyUsageOptions) GetServerAuth
func (x *KeyUsage_ExtendedKeyUsageOptions) GetServerAuth() boolfunc (*KeyUsage_ExtendedKeyUsageOptions) GetTimeStamping
func (x *KeyUsage_ExtendedKeyUsageOptions) GetTimeStamping() boolfunc (*KeyUsage_ExtendedKeyUsageOptions) ProtoMessage
func (*KeyUsage_ExtendedKeyUsageOptions) ProtoMessage()func (*KeyUsage_ExtendedKeyUsageOptions) ProtoReflect
func (x *KeyUsage_ExtendedKeyUsageOptions) ProtoReflect() protoreflect.Messagefunc (*KeyUsage_ExtendedKeyUsageOptions) Reset
func (x *KeyUsage_ExtendedKeyUsageOptions) Reset()func (*KeyUsage_ExtendedKeyUsageOptions) String
func (x *KeyUsage_ExtendedKeyUsageOptions) String() stringKeyUsage_KeyUsageOptions
type KeyUsage_KeyUsageOptions struct {
// The key may be used for digital signatures.
DigitalSignature bool `protobuf:"varint,1,opt,name=digital_signature,json=digitalSignature,proto3" json:"digital_signature,omitempty"`
// The key may be used for cryptographic commitments. Note that this may
// also be referred to as "non-repudiation".
ContentCommitment bool `protobuf:"varint,2,opt,name=content_commitment,json=contentCommitment,proto3" json:"content_commitment,omitempty"`
// The key may be used to encipher other keys.
KeyEncipherment bool `protobuf:"varint,3,opt,name=key_encipherment,json=keyEncipherment,proto3" json:"key_encipherment,omitempty"`
// The key may be used to encipher data.
DataEncipherment bool `protobuf:"varint,4,opt,name=data_encipherment,json=dataEncipherment,proto3" json:"data_encipherment,omitempty"`
// The key may be used in a key agreement protocol.
KeyAgreement bool `protobuf:"varint,5,opt,name=key_agreement,json=keyAgreement,proto3" json:"key_agreement,omitempty"`
// The key may be used to sign certificates.
CertSign bool `protobuf:"varint,6,opt,name=cert_sign,json=certSign,proto3" json:"cert_sign,omitempty"`
// The key may be used sign certificate revocation lists.
CrlSign bool `protobuf:"varint,7,opt,name=crl_sign,json=crlSign,proto3" json:"crl_sign,omitempty"`
// The key may be used to encipher only.
EncipherOnly bool `protobuf:"varint,8,opt,name=encipher_only,json=encipherOnly,proto3" json:"encipher_only,omitempty"`
// The key may be used to decipher only.
DecipherOnly bool `protobuf:"varint,9,opt,name=decipher_only,json=decipherOnly,proto3" json:"decipher_only,omitempty"`
// contains filtered or unexported fields
}[KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions] corresponds to the key usage values described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
func (*KeyUsage_KeyUsageOptions) Descriptor
func (*KeyUsage_KeyUsageOptions) Descriptor() ([]byte, []int)Deprecated: Use KeyUsage_KeyUsageOptions.ProtoReflect.Descriptor instead.
func (*KeyUsage_KeyUsageOptions) GetCertSign
func (x *KeyUsage_KeyUsageOptions) GetCertSign() boolfunc (*KeyUsage_KeyUsageOptions) GetContentCommitment
func (x *KeyUsage_KeyUsageOptions) GetContentCommitment() boolfunc (*KeyUsage_KeyUsageOptions) GetCrlSign
func (x *KeyUsage_KeyUsageOptions) GetCrlSign() boolfunc (*KeyUsage_KeyUsageOptions) GetDataEncipherment
func (x *KeyUsage_KeyUsageOptions) GetDataEncipherment() boolfunc (*KeyUsage_KeyUsageOptions) GetDecipherOnly
func (x *KeyUsage_KeyUsageOptions) GetDecipherOnly() boolfunc (*KeyUsage_KeyUsageOptions) GetDigitalSignature
func (x *KeyUsage_KeyUsageOptions) GetDigitalSignature() boolfunc (*KeyUsage_KeyUsageOptions) GetEncipherOnly
func (x *KeyUsage_KeyUsageOptions) GetEncipherOnly() boolfunc (*KeyUsage_KeyUsageOptions) GetKeyAgreement
func (x *KeyUsage_KeyUsageOptions) GetKeyAgreement() boolfunc (*KeyUsage_KeyUsageOptions) GetKeyEncipherment
func (x *KeyUsage_KeyUsageOptions) GetKeyEncipherment() boolfunc (*KeyUsage_KeyUsageOptions) ProtoMessage
func (*KeyUsage_KeyUsageOptions) ProtoMessage()func (*KeyUsage_KeyUsageOptions) ProtoReflect
func (x *KeyUsage_KeyUsageOptions) ProtoReflect() protoreflect.Messagefunc (*KeyUsage_KeyUsageOptions) Reset
func (x *KeyUsage_KeyUsageOptions) Reset()func (*KeyUsage_KeyUsageOptions) String
func (x *KeyUsage_KeyUsageOptions) String() stringListCaPoolsRequest
type ListCaPoolsRequest struct {
// Required. The resource name of the location associated with the
// [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
// `projects/*/locations/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. Limit on the number of
// [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
// response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
// subsequently be obtained by including the
// [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
// in a subsequent request. If unspecified, the server will pick an
// appropriate default.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. Pagination token, returned earlier via
// [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Optional. Only include resources that match the filter in the response.
Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
// Optional. Specify how the results should be sorted.
OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
func (*ListCaPoolsRequest) Descriptor
func (*ListCaPoolsRequest) Descriptor() ([]byte, []int)Deprecated: Use ListCaPoolsRequest.ProtoReflect.Descriptor instead.
func (*ListCaPoolsRequest) GetFilter
func (x *ListCaPoolsRequest) GetFilter() stringfunc (*ListCaPoolsRequest) GetOrderBy
func (x *ListCaPoolsRequest) GetOrderBy() stringfunc (*ListCaPoolsRequest) GetPageSize
func (x *ListCaPoolsRequest) GetPageSize() int32func (*ListCaPoolsRequest) GetPageToken
func (x *ListCaPoolsRequest) GetPageToken() stringfunc (*ListCaPoolsRequest) GetParent
func (x *ListCaPoolsRequest) GetParent() stringfunc (*ListCaPoolsRequest) ProtoMessage
func (*ListCaPoolsRequest) ProtoMessage()func (*ListCaPoolsRequest) ProtoReflect
func (x *ListCaPoolsRequest) ProtoReflect() protoreflect.Messagefunc (*ListCaPoolsRequest) Reset
func (x *ListCaPoolsRequest) Reset()func (*ListCaPoolsRequest) String
func (x *ListCaPoolsRequest) String() stringListCaPoolsResponse
type ListCaPoolsResponse struct {
// The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
CaPools []*CaPool `protobuf:"bytes,1,rep,name=ca_pools,json=caPools,proto3" json:"ca_pools,omitempty"`
// A token to retrieve next page of results. Pass this value in
// [ListCertificateAuthoritiesRequest.page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.page_token]
// to retrieve the next page of results.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// A list of locations (e.g. "us-west1") that could not be reached.
Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
// contains filtered or unexported fields
}Response message for [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
func (*ListCaPoolsResponse) Descriptor
func (*ListCaPoolsResponse) Descriptor() ([]byte, []int)Deprecated: Use ListCaPoolsResponse.ProtoReflect.Descriptor instead.
func (*ListCaPoolsResponse) GetCaPools
func (x *ListCaPoolsResponse) GetCaPools() []*CaPoolfunc (*ListCaPoolsResponse) GetNextPageToken
func (x *ListCaPoolsResponse) GetNextPageToken() stringfunc (*ListCaPoolsResponse) GetUnreachable
func (x *ListCaPoolsResponse) GetUnreachable() []stringfunc (*ListCaPoolsResponse) ProtoMessage
func (*ListCaPoolsResponse) ProtoMessage()func (*ListCaPoolsResponse) ProtoReflect
func (x *ListCaPoolsResponse) ProtoReflect() protoreflect.Messagefunc (*ListCaPoolsResponse) Reset
func (x *ListCaPoolsResponse) Reset()func (*ListCaPoolsResponse) String
func (x *ListCaPoolsResponse) String() stringListCertificateAuthoritiesRequest
type ListCertificateAuthoritiesRequest struct {
// Required. The resource name of the
// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
// in the format `projects/*/locations/*/caPools/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. Limit on the number of
// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
// to include in the response. Further
// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
// can subsequently be obtained by including the
// [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
// in a subsequent request. If unspecified, the server will pick an
// appropriate default.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. Pagination token, returned earlier via
// [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Optional. Only include resources that match the filter in the response.
Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
// Optional. Specify how the results should be sorted.
OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
func (*ListCertificateAuthoritiesRequest) Descriptor
func (*ListCertificateAuthoritiesRequest) Descriptor() ([]byte, []int)Deprecated: Use ListCertificateAuthoritiesRequest.ProtoReflect.Descriptor instead.
func (*ListCertificateAuthoritiesRequest) GetFilter
func (x *ListCertificateAuthoritiesRequest) GetFilter() stringfunc (*ListCertificateAuthoritiesRequest) GetOrderBy
func (x *ListCertificateAuthoritiesRequest) GetOrderBy() stringfunc (*ListCertificateAuthoritiesRequest) GetPageSize
func (x *ListCertificateAuthoritiesRequest) GetPageSize() int32func (*ListCertificateAuthoritiesRequest) GetPageToken
func (x *ListCertificateAuthoritiesRequest) GetPageToken() stringfunc (*ListCertificateAuthoritiesRequest) GetParent
func (x *ListCertificateAuthoritiesRequest) GetParent() stringfunc (*ListCertificateAuthoritiesRequest) ProtoMessage
func (*ListCertificateAuthoritiesRequest) ProtoMessage()func (*ListCertificateAuthoritiesRequest) ProtoReflect
func (x *ListCertificateAuthoritiesRequest) ProtoReflect() protoreflect.Messagefunc (*ListCertificateAuthoritiesRequest) Reset
func (x *ListCertificateAuthoritiesRequest) Reset()func (*ListCertificateAuthoritiesRequest) String
func (x *ListCertificateAuthoritiesRequest) String() stringListCertificateAuthoritiesResponse
type ListCertificateAuthoritiesResponse struct {
// The list of
// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
CertificateAuthorities []*CertificateAuthority `protobuf:"bytes,1,rep,name=certificate_authorities,json=certificateAuthorities,proto3" json:"certificate_authorities,omitempty"`
// A token to retrieve next page of results. Pass this value in
// [ListCertificateAuthoritiesRequest.page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.page_token]
// to retrieve the next page of results.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// A list of locations (e.g. "us-west1") that could not be reached.
Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
// contains filtered or unexported fields
}Response message for [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
func (*ListCertificateAuthoritiesResponse) Descriptor
func (*ListCertificateAuthoritiesResponse) Descriptor() ([]byte, []int)Deprecated: Use ListCertificateAuthoritiesResponse.ProtoReflect.Descriptor instead.
func (*ListCertificateAuthoritiesResponse) GetCertificateAuthorities
func (x *ListCertificateAuthoritiesResponse) GetCertificateAuthorities() []*CertificateAuthorityfunc (*ListCertificateAuthoritiesResponse) GetNextPageToken
func (x *ListCertificateAuthoritiesResponse) GetNextPageToken() stringfunc (*ListCertificateAuthoritiesResponse) GetUnreachable
func (x *ListCertificateAuthoritiesResponse) GetUnreachable() []stringfunc (*ListCertificateAuthoritiesResponse) ProtoMessage
func (*ListCertificateAuthoritiesResponse) ProtoMessage()func (*ListCertificateAuthoritiesResponse) ProtoReflect
func (x *ListCertificateAuthoritiesResponse) ProtoReflect() protoreflect.Messagefunc (*ListCertificateAuthoritiesResponse) Reset
func (x *ListCertificateAuthoritiesResponse) Reset()func (*ListCertificateAuthoritiesResponse) String
func (x *ListCertificateAuthoritiesResponse) String() stringListCertificateRevocationListsRequest
type ListCertificateRevocationListsRequest struct {
// Required. The resource name of the location associated with the
// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. Limit on the number of
// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
// to include in the response. Further
// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
// can subsequently be obtained by including the
// [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
// in a subsequent request. If unspecified, the server will pick an
// appropriate default.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. Pagination token, returned earlier via
// [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Optional. Only include resources that match the filter in the response.
Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
// Optional. Specify how the results should be sorted.
OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
func (*ListCertificateRevocationListsRequest) Descriptor
func (*ListCertificateRevocationListsRequest) Descriptor() ([]byte, []int)Deprecated: Use ListCertificateRevocationListsRequest.ProtoReflect.Descriptor instead.
func (*ListCertificateRevocationListsRequest) GetFilter
func (x *ListCertificateRevocationListsRequest) GetFilter() stringfunc (*ListCertificateRevocationListsRequest) GetOrderBy
func (x *ListCertificateRevocationListsRequest) GetOrderBy() stringfunc (*ListCertificateRevocationListsRequest) GetPageSize
func (x *ListCertificateRevocationListsRequest) GetPageSize() int32func (*ListCertificateRevocationListsRequest) GetPageToken
func (x *ListCertificateRevocationListsRequest) GetPageToken() stringfunc (*ListCertificateRevocationListsRequest) GetParent
func (x *ListCertificateRevocationListsRequest) GetParent() stringfunc (*ListCertificateRevocationListsRequest) ProtoMessage
func (*ListCertificateRevocationListsRequest) ProtoMessage()func (*ListCertificateRevocationListsRequest) ProtoReflect
func (x *ListCertificateRevocationListsRequest) ProtoReflect() protoreflect.Messagefunc (*ListCertificateRevocationListsRequest) Reset
func (x *ListCertificateRevocationListsRequest) Reset()func (*ListCertificateRevocationListsRequest) String
func (x *ListCertificateRevocationListsRequest) String() stringListCertificateRevocationListsResponse
type ListCertificateRevocationListsResponse struct {
// The list of
// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
CertificateRevocationLists []*CertificateRevocationList `protobuf:"bytes,1,rep,name=certificate_revocation_lists,json=certificateRevocationLists,proto3" json:"certificate_revocation_lists,omitempty"`
// A token to retrieve next page of results. Pass this value in
// [ListCertificateRevocationListsRequest.page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest.page_token]
// to retrieve the next page of results.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// A list of locations (e.g. "us-west1") that could not be reached.
Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
// contains filtered or unexported fields
}Response message for [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
func (*ListCertificateRevocationListsResponse) Descriptor
func (*ListCertificateRevocationListsResponse) Descriptor() ([]byte, []int)Deprecated: Use ListCertificateRevocationListsResponse.ProtoReflect.Descriptor instead.
func (*ListCertificateRevocationListsResponse) GetCertificateRevocationLists
func (x *ListCertificateRevocationListsResponse) GetCertificateRevocationLists() []*CertificateRevocationListfunc (*ListCertificateRevocationListsResponse) GetNextPageToken
func (x *ListCertificateRevocationListsResponse) GetNextPageToken() stringfunc (*ListCertificateRevocationListsResponse) GetUnreachable
func (x *ListCertificateRevocationListsResponse) GetUnreachable() []stringfunc (*ListCertificateRevocationListsResponse) ProtoMessage
func (*ListCertificateRevocationListsResponse) ProtoMessage()func (*ListCertificateRevocationListsResponse) ProtoReflect
func (x *ListCertificateRevocationListsResponse) ProtoReflect() protoreflect.Messagefunc (*ListCertificateRevocationListsResponse) Reset
func (x *ListCertificateRevocationListsResponse) Reset()func (*ListCertificateRevocationListsResponse) String
func (x *ListCertificateRevocationListsResponse) String() stringListCertificateTemplatesRequest
type ListCertificateTemplatesRequest struct {
// Required. The resource name of the location associated with the
// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
// in the format `projects/*/locations/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. Limit on the number of
// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
// to include in the response. Further
// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
// can subsequently be obtained by including the
// [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
// in a subsequent request. If unspecified, the server will pick an
// appropriate default.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. Pagination token, returned earlier via
// [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Optional. Only include resources that match the filter in the response.
Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
// Optional. Specify how the results should be sorted.
OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
func (*ListCertificateTemplatesRequest) Descriptor
func (*ListCertificateTemplatesRequest) Descriptor() ([]byte, []int)Deprecated: Use ListCertificateTemplatesRequest.ProtoReflect.Descriptor instead.
func (*ListCertificateTemplatesRequest) GetFilter
func (x *ListCertificateTemplatesRequest) GetFilter() stringfunc (*ListCertificateTemplatesRequest) GetOrderBy
func (x *ListCertificateTemplatesRequest) GetOrderBy() stringfunc (*ListCertificateTemplatesRequest) GetPageSize
func (x *ListCertificateTemplatesRequest) GetPageSize() int32func (*ListCertificateTemplatesRequest) GetPageToken
func (x *ListCertificateTemplatesRequest) GetPageToken() stringfunc (*ListCertificateTemplatesRequest) GetParent
func (x *ListCertificateTemplatesRequest) GetParent() stringfunc (*ListCertificateTemplatesRequest) ProtoMessage
func (*ListCertificateTemplatesRequest) ProtoMessage()func (*ListCertificateTemplatesRequest) ProtoReflect
func (x *ListCertificateTemplatesRequest) ProtoReflect() protoreflect.Messagefunc (*ListCertificateTemplatesRequest) Reset
func (x *ListCertificateTemplatesRequest) Reset()func (*ListCertificateTemplatesRequest) String
func (x *ListCertificateTemplatesRequest) String() stringListCertificateTemplatesResponse
type ListCertificateTemplatesResponse struct {
// The list of
// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
CertificateTemplates []*CertificateTemplate `protobuf:"bytes,1,rep,name=certificate_templates,json=certificateTemplates,proto3" json:"certificate_templates,omitempty"`
// A token to retrieve next page of results. Pass this value in
// [ListCertificateTemplatesRequest.page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesRequest.page_token]
// to retrieve the next page of results.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// A list of locations (e.g. "us-west1") that could not be reached.
Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
// contains filtered or unexported fields
}Response message for [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
func (*ListCertificateTemplatesResponse) Descriptor
func (*ListCertificateTemplatesResponse) Descriptor() ([]byte, []int)Deprecated: Use ListCertificateTemplatesResponse.ProtoReflect.Descriptor instead.
func (*ListCertificateTemplatesResponse) GetCertificateTemplates
func (x *ListCertificateTemplatesResponse) GetCertificateTemplates() []*CertificateTemplatefunc (*ListCertificateTemplatesResponse) GetNextPageToken
func (x *ListCertificateTemplatesResponse) GetNextPageToken() stringfunc (*ListCertificateTemplatesResponse) GetUnreachable
func (x *ListCertificateTemplatesResponse) GetUnreachable() []stringfunc (*ListCertificateTemplatesResponse) ProtoMessage
func (*ListCertificateTemplatesResponse) ProtoMessage()func (*ListCertificateTemplatesResponse) ProtoReflect
func (x *ListCertificateTemplatesResponse) ProtoReflect() protoreflect.Messagefunc (*ListCertificateTemplatesResponse) Reset
func (x *ListCertificateTemplatesResponse) Reset()func (*ListCertificateTemplatesResponse) String
func (x *ListCertificateTemplatesResponse) String() stringListCertificatesRequest
type ListCertificatesRequest struct {
// Required. The resource name of the location associated with the
// [Certificates][google.cloud.security.privateca.v1.Certificate], in the
// format `projects/*/locations/*/caPools/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. Limit on the number of
// [Certificates][google.cloud.security.privateca.v1.Certificate] to include
// in the response. Further
// [Certificates][google.cloud.security.privateca.v1.Certificate] can
// subsequently be obtained by including the
// [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
// in a subsequent request. If unspecified, the server will pick an
// appropriate default.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. Pagination token, returned earlier via
// [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Optional. Only include resources that match the filter in the response. For
// details on supported filters and syntax, see [Certificates Filtering
// documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
// Optional. Specify how the results should be sorted. For details on
// supported fields and syntax, see [Certificates Sorting
// documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
func (*ListCertificatesRequest) Descriptor
func (*ListCertificatesRequest) Descriptor() ([]byte, []int)Deprecated: Use ListCertificatesRequest.ProtoReflect.Descriptor instead.
func (*ListCertificatesRequest) GetFilter
func (x *ListCertificatesRequest) GetFilter() stringfunc (*ListCertificatesRequest) GetOrderBy
func (x *ListCertificatesRequest) GetOrderBy() stringfunc (*ListCertificatesRequest) GetPageSize
func (x *ListCertificatesRequest) GetPageSize() int32func (*ListCertificatesRequest) GetPageToken
func (x *ListCertificatesRequest) GetPageToken() stringfunc (*ListCertificatesRequest) GetParent
func (x *ListCertificatesRequest) GetParent() stringfunc (*ListCertificatesRequest) ProtoMessage
func (*ListCertificatesRequest) ProtoMessage()func (*ListCertificatesRequest) ProtoReflect
func (x *ListCertificatesRequest) ProtoReflect() protoreflect.Messagefunc (*ListCertificatesRequest) Reset
func (x *ListCertificatesRequest) Reset()func (*ListCertificatesRequest) String
func (x *ListCertificatesRequest) String() stringListCertificatesResponse
type ListCertificatesResponse struct {
// The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
Certificates []*Certificate `protobuf:"bytes,1,rep,name=certificates,proto3" json:"certificates,omitempty"`
// A token to retrieve next page of results. Pass this value in
// [ListCertificatesRequest.page_token][google.cloud.security.privateca.v1.ListCertificatesRequest.page_token]
// to retrieve the next page of results.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// A list of locations (e.g. "us-west1") that could not be reached.
Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
// contains filtered or unexported fields
}Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
func (*ListCertificatesResponse) Descriptor
func (*ListCertificatesResponse) Descriptor() ([]byte, []int)Deprecated: Use ListCertificatesResponse.ProtoReflect.Descriptor instead.
func (*ListCertificatesResponse) GetCertificates
func (x *ListCertificatesResponse) GetCertificates() []*Certificatefunc (*ListCertificatesResponse) GetNextPageToken
func (x *ListCertificatesResponse) GetNextPageToken() stringfunc (*ListCertificatesResponse) GetUnreachable
func (x *ListCertificatesResponse) GetUnreachable() []stringfunc (*ListCertificatesResponse) ProtoMessage
func (*ListCertificatesResponse) ProtoMessage()func (*ListCertificatesResponse) ProtoReflect
func (x *ListCertificatesResponse) ProtoReflect() protoreflect.Messagefunc (*ListCertificatesResponse) Reset
func (x *ListCertificatesResponse) Reset()func (*ListCertificatesResponse) String
func (x *ListCertificatesResponse) String() stringObjectId
type ObjectId struct {
// Required. The parts of an OID path. The most significant parts of the path
// come first.
ObjectIdPath []int32 `protobuf:"varint,1,rep,packed,name=object_id_path,json=objectIdPath,proto3" json:"object_id_path,omitempty"`
// contains filtered or unexported fields
}An [ObjectId][google.cloud.security.privateca.v1.ObjectId] specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
func (*ObjectId) Descriptor
Deprecated: Use ObjectId.ProtoReflect.Descriptor instead.
func (*ObjectId) GetObjectIdPath
func (*ObjectId) ProtoMessage
func (*ObjectId) ProtoMessage()func (*ObjectId) ProtoReflect
func (x *ObjectId) ProtoReflect() protoreflect.Messagefunc (*ObjectId) Reset
func (x *ObjectId) Reset()func (*ObjectId) String
OperationMetadata
type OperationMetadata struct {
// Output only. The time the operation was created.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. The time the operation finished running.
EndTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"`
// Output only. Server-defined resource path for the target of the operation.
Target string `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
// Output only. Name of the verb executed by the operation.
Verb string `protobuf:"bytes,4,opt,name=verb,proto3" json:"verb,omitempty"`
// Output only. Human-readable status of the operation, if any.
StatusMessage string `protobuf:"bytes,5,opt,name=status_message,json=statusMessage,proto3" json:"status_message,omitempty"`
// Output only. Identifies whether the user has requested cancellation
// of the operation. Operations that have successfully been cancelled
// have
// [google.longrunning.Operation.error][google.longrunning.Operation.error]
// value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
// corresponding to `Code.CANCELLED`.
RequestedCancellation bool `protobuf:"varint,6,opt,name=requested_cancellation,json=requestedCancellation,proto3" json:"requested_cancellation,omitempty"`
// Output only. API version used to start the operation.
ApiVersion string `protobuf:"bytes,7,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"`
// contains filtered or unexported fields
}Represents the metadata of the long-running operation.
func (*OperationMetadata) Descriptor
func (*OperationMetadata) Descriptor() ([]byte, []int)Deprecated: Use OperationMetadata.ProtoReflect.Descriptor instead.
func (*OperationMetadata) GetApiVersion
func (x *OperationMetadata) GetApiVersion() stringfunc (*OperationMetadata) GetCreateTime
func (x *OperationMetadata) GetCreateTime() *timestamppb.Timestampfunc (*OperationMetadata) GetEndTime
func (x *OperationMetadata) GetEndTime() *timestamppb.Timestampfunc (*OperationMetadata) GetRequestedCancellation
func (x *OperationMetadata) GetRequestedCancellation() boolfunc (*OperationMetadata) GetStatusMessage
func (x *OperationMetadata) GetStatusMessage() stringfunc (*OperationMetadata) GetTarget
func (x *OperationMetadata) GetTarget() stringfunc (*OperationMetadata) GetVerb
func (x *OperationMetadata) GetVerb() stringfunc (*OperationMetadata) ProtoMessage
func (*OperationMetadata) ProtoMessage()func (*OperationMetadata) ProtoReflect
func (x *OperationMetadata) ProtoReflect() protoreflect.Messagefunc (*OperationMetadata) Reset
func (x *OperationMetadata) Reset()func (*OperationMetadata) String
func (x *OperationMetadata) String() stringPublicKey
type PublicKey struct {
// Required. A public key. The padding and encoding
// must match with the `KeyFormat` value specified for the `format` field.
Key []byte `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
// Required. The format of the public key.
Format PublicKey_KeyFormat `protobuf:"varint,2,opt,name=format,proto3,enum=google.cloud.security.privateca.v1.PublicKey_KeyFormat" json:"format,omitempty"`
// contains filtered or unexported fields
}A [PublicKey][google.cloud.security.privateca.v1.PublicKey] describes a public key.
func (*PublicKey) Descriptor
Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.
func (*PublicKey) GetFormat
func (x *PublicKey) GetFormat() PublicKey_KeyFormatfunc (*PublicKey) GetKey
func (*PublicKey) ProtoMessage
func (*PublicKey) ProtoMessage()func (*PublicKey) ProtoReflect
func (x *PublicKey) ProtoReflect() protoreflect.Messagefunc (*PublicKey) Reset
func (x *PublicKey) Reset()func (*PublicKey) String
PublicKey_KeyFormat
type PublicKey_KeyFormat int32Types of public keys formats that are supported. Currently, only PEM
format is supported.
PublicKey_KEY_FORMAT_UNSPECIFIED, PublicKey_PEM
const (
// Default unspecified value.
PublicKey_KEY_FORMAT_UNSPECIFIED PublicKey_KeyFormat = 0
// The key is PEM-encoded as defined in [RFC
// 7468](https://tools.ietf.org/html/rfc7468). It can be any of the
// following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
// structure, an RFC 5280
// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
// or a PEM-encoded X.509 certificate signing request (CSR). If a
// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
// is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
// or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified,
// it will used solely for the purpose of extracting the public key. When
// generated by the service, it will always be an RFC 5280
// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
// structure containing an algorithm identifier and a key.
PublicKey_PEM PublicKey_KeyFormat = 1
)func (PublicKey_KeyFormat) Descriptor
func (PublicKey_KeyFormat) Descriptor() protoreflect.EnumDescriptorfunc (PublicKey_KeyFormat) Enum
func (x PublicKey_KeyFormat) Enum() *PublicKey_KeyFormatfunc (PublicKey_KeyFormat) EnumDescriptor
func (PublicKey_KeyFormat) EnumDescriptor() ([]byte, []int)Deprecated: Use PublicKey_KeyFormat.Descriptor instead.
func (PublicKey_KeyFormat) Number
func (x PublicKey_KeyFormat) Number() protoreflect.EnumNumberfunc (PublicKey_KeyFormat) String
func (x PublicKey_KeyFormat) String() stringfunc (PublicKey_KeyFormat) Type
func (PublicKey_KeyFormat) Type() protoreflect.EnumTypeRelativeDistinguishedName
type RelativeDistinguishedName struct {
// Attributes describes the attribute value assertions in the RDN.
Attributes []*AttributeTypeAndValue `protobuf:"bytes,1,rep,name=attributes,proto3" json:"attributes,omitempty"`
// contains filtered or unexported fields
}[RelativeDistinguishedName][google.cloud.security.privateca.v1.RelativeDistinguishedName] specifies a relative distinguished name which will be used to build a distinguished name.
func (*RelativeDistinguishedName) Descriptor
func (*RelativeDistinguishedName) Descriptor() ([]byte, []int)Deprecated: Use RelativeDistinguishedName.ProtoReflect.Descriptor instead.
func (*RelativeDistinguishedName) GetAttributes
func (x *RelativeDistinguishedName) GetAttributes() []*AttributeTypeAndValuefunc (*RelativeDistinguishedName) ProtoMessage
func (*RelativeDistinguishedName) ProtoMessage()func (*RelativeDistinguishedName) ProtoReflect
func (x *RelativeDistinguishedName) ProtoReflect() protoreflect.Messagefunc (*RelativeDistinguishedName) Reset
func (x *RelativeDistinguishedName) Reset()func (*RelativeDistinguishedName) String
func (x *RelativeDistinguishedName) String() stringRevocationReason
type RevocationReason int32A [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] indicates whether a [Certificate][google.cloud.security.privateca.v1.Certificate] has been revoked, and the reason for revocation. These correspond to standard revocation reasons from RFC 5280. Note that the enum labels and values in this definition are not the same ASN.1 values defined in RFC 5280. These values will be translated to the correct ASN.1 values when a CRL is created.
RevocationReason_REVOCATION_REASON_UNSPECIFIED, RevocationReason_KEY_COMPROMISE, RevocationReason_CERTIFICATE_AUTHORITY_COMPROMISE, RevocationReason_AFFILIATION_CHANGED, RevocationReason_SUPERSEDED, RevocationReason_CESSATION_OF_OPERATION, RevocationReason_CERTIFICATE_HOLD, RevocationReason_PRIVILEGE_WITHDRAWN, RevocationReason_ATTRIBUTE_AUTHORITY_COMPROMISE
const (
// Default unspecified value. This value does indicate that a
// [Certificate][google.cloud.security.privateca.v1.Certificate] has been
// revoked, but that a reason has not been recorded.
RevocationReason_REVOCATION_REASON_UNSPECIFIED RevocationReason = 0
// Key material for this
// [Certificate][google.cloud.security.privateca.v1.Certificate] may have
// leaked.
RevocationReason_KEY_COMPROMISE RevocationReason = 1
// The key material for a certificate authority in the issuing path may have
// leaked.
RevocationReason_CERTIFICATE_AUTHORITY_COMPROMISE RevocationReason = 2
// The subject or other attributes in this
// [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
RevocationReason_AFFILIATION_CHANGED RevocationReason = 3
// This [Certificate][google.cloud.security.privateca.v1.Certificate] has been
// superseded.
RevocationReason_SUPERSEDED RevocationReason = 4
// This [Certificate][google.cloud.security.privateca.v1.Certificate] or
// entities in the issuing path have ceased to operate.
RevocationReason_CESSATION_OF_OPERATION RevocationReason = 5
// This [Certificate][google.cloud.security.privateca.v1.Certificate] should
// not be considered valid, it is expected that it may become valid in the
// future.
RevocationReason_CERTIFICATE_HOLD RevocationReason = 6
// This [Certificate][google.cloud.security.privateca.v1.Certificate] no
// longer has permission to assert the listed attributes.
RevocationReason_PRIVILEGE_WITHDRAWN RevocationReason = 7
// The authority which determines appropriate attributes for a
// [Certificate][google.cloud.security.privateca.v1.Certificate] may have been
// compromised.
RevocationReason_ATTRIBUTE_AUTHORITY_COMPROMISE RevocationReason = 8
)func (RevocationReason) Descriptor
func (RevocationReason) Descriptor() protoreflect.EnumDescriptorfunc (RevocationReason) Enum
func (x RevocationReason) Enum() *RevocationReasonfunc (RevocationReason) EnumDescriptor
func (RevocationReason) EnumDescriptor() ([]byte, []int)Deprecated: Use RevocationReason.Descriptor instead.
func (RevocationReason) Number
func (x RevocationReason) Number() protoreflect.EnumNumberfunc (RevocationReason) String
func (x RevocationReason) String() stringfunc (RevocationReason) Type
func (RevocationReason) Type() protoreflect.EnumTypeRevokeCertificateRequest
type RevokeCertificateRequest struct {
// Required. The resource name for this
// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
// `projects/*/locations/*/caPools/*/certificates/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. The
// [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
// revoking this certificate.
Reason RevocationReason `protobuf:"varint,2,opt,name=reason,proto3,enum=google.cloud.security.privateca.v1.RevocationReason" json:"reason,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.RevokeCertificate].
func (*RevokeCertificateRequest) Descriptor
func (*RevokeCertificateRequest) Descriptor() ([]byte, []int)Deprecated: Use RevokeCertificateRequest.ProtoReflect.Descriptor instead.
func (*RevokeCertificateRequest) GetName
func (x *RevokeCertificateRequest) GetName() stringfunc (*RevokeCertificateRequest) GetReason
func (x *RevokeCertificateRequest) GetReason() RevocationReasonfunc (*RevokeCertificateRequest) GetRequestId
func (x *RevokeCertificateRequest) GetRequestId() stringfunc (*RevokeCertificateRequest) ProtoMessage
func (*RevokeCertificateRequest) ProtoMessage()func (*RevokeCertificateRequest) ProtoReflect
func (x *RevokeCertificateRequest) ProtoReflect() protoreflect.Messagefunc (*RevokeCertificateRequest) Reset
func (x *RevokeCertificateRequest) Reset()func (*RevokeCertificateRequest) String
func (x *RevokeCertificateRequest) String() stringSubject
type Subject struct {
// The "common name" of the subject.
CommonName string `protobuf:"bytes,1,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty"`
// The country code of the subject.
CountryCode string `protobuf:"bytes,2,opt,name=country_code,json=countryCode,proto3" json:"country_code,omitempty"`
// The organization of the subject.
Organization string `protobuf:"bytes,3,opt,name=organization,proto3" json:"organization,omitempty"`
// The organizational_unit of the subject.
OrganizationalUnit string `protobuf:"bytes,4,opt,name=organizational_unit,json=organizationalUnit,proto3" json:"organizational_unit,omitempty"`
// The locality or city of the subject.
Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"`
// The province, territory, or regional state of the subject.
Province string `protobuf:"bytes,6,opt,name=province,proto3" json:"province,omitempty"`
// The street address of the subject.
StreetAddress string `protobuf:"bytes,7,opt,name=street_address,json=streetAddress,proto3" json:"street_address,omitempty"`
// The postal code of the subject.
PostalCode string `protobuf:"bytes,8,opt,name=postal_code,json=postalCode,proto3" json:"postal_code,omitempty"`
// This field can be used in place of the named subject fields.
RdnSequence []*RelativeDistinguishedName `protobuf:"bytes,9,rep,name=rdn_sequence,json=rdnSequence,proto3" json:"rdn_sequence,omitempty"`
// contains filtered or unexported fields
}[Subject][google.cloud.security.privateca.v1.Subject] describes parts of a distinguished name that, in turn, describes the subject of the certificate.
func (*Subject) Descriptor
Deprecated: Use Subject.ProtoReflect.Descriptor instead.
func (*Subject) GetCommonName
func (*Subject) GetCountryCode
func (*Subject) GetLocality
func (*Subject) GetOrganization
func (*Subject) GetOrganizationalUnit
func (*Subject) GetPostalCode
func (*Subject) GetProvince
func (*Subject) GetRdnSequence
func (x *Subject) GetRdnSequence() []*RelativeDistinguishedNamefunc (*Subject) GetStreetAddress
func (*Subject) ProtoMessage
func (*Subject) ProtoMessage()func (*Subject) ProtoReflect
func (x *Subject) ProtoReflect() protoreflect.Messagefunc (*Subject) Reset
func (x *Subject) Reset()func (*Subject) String
SubjectAltNames
type SubjectAltNames struct {
// Contains only valid, fully-qualified host names.
DnsNames []string `protobuf:"bytes,1,rep,name=dns_names,json=dnsNames,proto3" json:"dns_names,omitempty"`
// Contains only valid RFC 3986 URIs.
Uris []string `protobuf:"bytes,2,rep,name=uris,proto3" json:"uris,omitempty"`
// Contains only valid RFC 2822 E-mail addresses.
EmailAddresses []string `protobuf:"bytes,3,rep,name=email_addresses,json=emailAddresses,proto3" json:"email_addresses,omitempty"`
// Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
IpAddresses []string `protobuf:"bytes,4,rep,name=ip_addresses,json=ipAddresses,proto3" json:"ip_addresses,omitempty"`
// Contains additional subject alternative name values.
// For each custom_san, the `value` field must contain an ASN.1 encoded
// UTF8String.
CustomSans []*X509Extension `protobuf:"bytes,5,rep,name=custom_sans,json=customSans,proto3" json:"custom_sans,omitempty"`
// contains filtered or unexported fields
}[SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] corresponds to a more modern way of listing what the asserted identity is in a certificate (i.e., compared to the "common name" in the distinguished name).
func (*SubjectAltNames) Descriptor
func (*SubjectAltNames) Descriptor() ([]byte, []int)Deprecated: Use SubjectAltNames.ProtoReflect.Descriptor instead.
func (*SubjectAltNames) GetCustomSans
func (x *SubjectAltNames) GetCustomSans() []*X509Extensionfunc (*SubjectAltNames) GetDnsNames
func (x *SubjectAltNames) GetDnsNames() []stringfunc (*SubjectAltNames) GetEmailAddresses
func (x *SubjectAltNames) GetEmailAddresses() []stringfunc (*SubjectAltNames) GetIpAddresses
func (x *SubjectAltNames) GetIpAddresses() []stringfunc (*SubjectAltNames) GetUris
func (x *SubjectAltNames) GetUris() []stringfunc (*SubjectAltNames) ProtoMessage
func (*SubjectAltNames) ProtoMessage()func (*SubjectAltNames) ProtoReflect
func (x *SubjectAltNames) ProtoReflect() protoreflect.Messagefunc (*SubjectAltNames) Reset
func (x *SubjectAltNames) Reset()func (*SubjectAltNames) String
func (x *SubjectAltNames) String() stringSubjectRequestMode
type SubjectRequestMode int32Describes the way in which a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be resolved.
SubjectRequestMode_SUBJECT_REQUEST_MODE_UNSPECIFIED, SubjectRequestMode_DEFAULT, SubjectRequestMode_RDN_SEQUENCE, SubjectRequestMode_REFLECTED_SPIFFE
const (
// Not specified.
SubjectRequestMode_SUBJECT_REQUEST_MODE_UNSPECIFIED SubjectRequestMode = 0
// The default mode used in most cases. Indicates that the certificate's
// [Subject][google.cloud.security.privateca.v1.Subject] and/or
// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are
// specified in the certificate request. This mode requires the caller to have
// the `privateca.certificates.create` permission.
SubjectRequestMode_DEFAULT SubjectRequestMode = 1
// A mode used to get an accurate representation of the Subject
// field's distinguished name. Indicates that the certificate's
// [Subject][google.cloud.security.privateca.v1.Subject] and/or
// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are
// specified in the certificate request. When parsing a PEM CSR this mode will
// maintain the sequence of RDNs found in the CSR's subject field in the
// issued [Certificate][google.cloud.security.privateca.v1.Certificate]. This
// mode requires the caller to have the `privateca.certificates.create`
// permission.
SubjectRequestMode_RDN_SEQUENCE SubjectRequestMode = 3
// A mode reserved for special cases. Indicates that the certificate should
// have one SPIFFE
// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set
// by the service based on the caller's identity. This mode will ignore any
// explicitly specified [Subject][google.cloud.security.privateca.v1.Subject]
// and/or
// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in
// the certificate request. This mode requires the caller to have the
// `privateca.certificates.createForSelf` permission.
SubjectRequestMode_REFLECTED_SPIFFE SubjectRequestMode = 2
)func (SubjectRequestMode) Descriptor
func (SubjectRequestMode) Descriptor() protoreflect.EnumDescriptorfunc (SubjectRequestMode) Enum
func (x SubjectRequestMode) Enum() *SubjectRequestModefunc (SubjectRequestMode) EnumDescriptor
func (SubjectRequestMode) EnumDescriptor() ([]byte, []int)Deprecated: Use SubjectRequestMode.Descriptor instead.
func (SubjectRequestMode) Number
func (x SubjectRequestMode) Number() protoreflect.EnumNumberfunc (SubjectRequestMode) String
func (x SubjectRequestMode) String() stringfunc (SubjectRequestMode) Type
func (SubjectRequestMode) Type() protoreflect.EnumTypeSubordinateConfig
type SubordinateConfig struct {
// Types that are assignable to SubordinateConfig:
//
// *SubordinateConfig_CertificateAuthority
// *SubordinateConfig_PemIssuerChain
SubordinateConfig isSubordinateConfig_SubordinateConfig `protobuf_oneof:"subordinate_config"`
// contains filtered or unexported fields
}Describes a subordinate CA's issuers. This is either a resource name to a known issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], or a PEM issuer certificate chain.
func (*SubordinateConfig) Descriptor
func (*SubordinateConfig) Descriptor() ([]byte, []int)Deprecated: Use SubordinateConfig.ProtoReflect.Descriptor instead.
func (*SubordinateConfig) GetCertificateAuthority
func (x *SubordinateConfig) GetCertificateAuthority() stringfunc (*SubordinateConfig) GetPemIssuerChain
func (x *SubordinateConfig) GetPemIssuerChain() *SubordinateConfig_SubordinateConfigChainfunc (*SubordinateConfig) GetSubordinateConfig
func (m *SubordinateConfig) GetSubordinateConfig() isSubordinateConfig_SubordinateConfigfunc (*SubordinateConfig) ProtoMessage
func (*SubordinateConfig) ProtoMessage()func (*SubordinateConfig) ProtoReflect
func (x *SubordinateConfig) ProtoReflect() protoreflect.Messagefunc (*SubordinateConfig) Reset
func (x *SubordinateConfig) Reset()func (*SubordinateConfig) String
func (x *SubordinateConfig) String() stringSubordinateConfig_CertificateAuthority
type SubordinateConfig_CertificateAuthority struct {
// Required. This can refer to a
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// that was used to create a subordinate
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
// This field is used for information and usability purposes only. The
// resource name is in the format
// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
CertificateAuthority string `protobuf:"bytes,1,opt,name=certificate_authority,json=certificateAuthority,proto3,oneof"`
}SubordinateConfig_PemIssuerChain
type SubordinateConfig_PemIssuerChain struct {
// Required. Contains the PEM certificate chain for the issuers of this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
// but not pem certificate for this CA itself.
PemIssuerChain *SubordinateConfig_SubordinateConfigChain `protobuf:"bytes,2,opt,name=pem_issuer_chain,json=pemIssuerChain,proto3,oneof"`
}SubordinateConfig_SubordinateConfigChain
type SubordinateConfig_SubordinateConfigChain struct {
// Required. Expected to be in leaf-to-root order according to RFC 5246.
PemCertificates []string `protobuf:"bytes,1,rep,name=pem_certificates,json=pemCertificates,proto3" json:"pem_certificates,omitempty"`
// contains filtered or unexported fields
}This message describes a subordinate CA's issuer certificate chain. This wrapper exists for compatibility reasons.
func (*SubordinateConfig_SubordinateConfigChain) Descriptor
func (*SubordinateConfig_SubordinateConfigChain) Descriptor() ([]byte, []int)Deprecated: Use SubordinateConfig_SubordinateConfigChain.ProtoReflect.Descriptor instead.
func (*SubordinateConfig_SubordinateConfigChain) GetPemCertificates
func (x *SubordinateConfig_SubordinateConfigChain) GetPemCertificates() []stringfunc (*SubordinateConfig_SubordinateConfigChain) ProtoMessage
func (*SubordinateConfig_SubordinateConfigChain) ProtoMessage()func (*SubordinateConfig_SubordinateConfigChain) ProtoReflect
func (x *SubordinateConfig_SubordinateConfigChain) ProtoReflect() protoreflect.Messagefunc (*SubordinateConfig_SubordinateConfigChain) Reset
func (x *SubordinateConfig_SubordinateConfigChain) Reset()func (*SubordinateConfig_SubordinateConfigChain) String
func (x *SubordinateConfig_SubordinateConfigChain) String() stringUndeleteCertificateAuthorityRequest
type UndeleteCertificateAuthorityRequest struct {
// Required. The resource name for this
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority].
func (*UndeleteCertificateAuthorityRequest) Descriptor
func (*UndeleteCertificateAuthorityRequest) Descriptor() ([]byte, []int)Deprecated: Use UndeleteCertificateAuthorityRequest.ProtoReflect.Descriptor instead.
func (*UndeleteCertificateAuthorityRequest) GetName
func (x *UndeleteCertificateAuthorityRequest) GetName() stringfunc (*UndeleteCertificateAuthorityRequest) GetRequestId
func (x *UndeleteCertificateAuthorityRequest) GetRequestId() stringfunc (*UndeleteCertificateAuthorityRequest) ProtoMessage
func (*UndeleteCertificateAuthorityRequest) ProtoMessage()func (*UndeleteCertificateAuthorityRequest) ProtoReflect
func (x *UndeleteCertificateAuthorityRequest) ProtoReflect() protoreflect.Messagefunc (*UndeleteCertificateAuthorityRequest) Reset
func (x *UndeleteCertificateAuthorityRequest) Reset()func (*UndeleteCertificateAuthorityRequest) String
func (x *UndeleteCertificateAuthorityRequest) String() stringUnimplementedCertificateAuthorityServiceServer
type UnimplementedCertificateAuthorityServiceServer struct {
}UnimplementedCertificateAuthorityServiceServer should be embedded to have forward compatible implementations.
func (UnimplementedCertificateAuthorityServiceServer) ActivateCertificateAuthority
func (UnimplementedCertificateAuthorityServiceServer) ActivateCertificateAuthority(context.Context, *ActivateCertificateAuthorityRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) CreateCaPool
func (UnimplementedCertificateAuthorityServiceServer) CreateCaPool(context.Context, *CreateCaPoolRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) CreateCertificate
func (UnimplementedCertificateAuthorityServiceServer) CreateCertificate(context.Context, *CreateCertificateRequest) (*Certificate, error)func (UnimplementedCertificateAuthorityServiceServer) CreateCertificateAuthority
func (UnimplementedCertificateAuthorityServiceServer) CreateCertificateAuthority(context.Context, *CreateCertificateAuthorityRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) CreateCertificateTemplate
func (UnimplementedCertificateAuthorityServiceServer) CreateCertificateTemplate(context.Context, *CreateCertificateTemplateRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) DeleteCaPool
func (UnimplementedCertificateAuthorityServiceServer) DeleteCaPool(context.Context, *DeleteCaPoolRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) DeleteCertificateAuthority
func (UnimplementedCertificateAuthorityServiceServer) DeleteCertificateAuthority(context.Context, *DeleteCertificateAuthorityRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) DeleteCertificateTemplate
func (UnimplementedCertificateAuthorityServiceServer) DeleteCertificateTemplate(context.Context, *DeleteCertificateTemplateRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) DisableCertificateAuthority
func (UnimplementedCertificateAuthorityServiceServer) DisableCertificateAuthority(context.Context, *DisableCertificateAuthorityRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) EnableCertificateAuthority
func (UnimplementedCertificateAuthorityServiceServer) EnableCertificateAuthority(context.Context, *EnableCertificateAuthorityRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) FetchCaCerts
func (UnimplementedCertificateAuthorityServiceServer) FetchCaCerts(context.Context, *FetchCaCertsRequest) (*FetchCaCertsResponse, error)func (UnimplementedCertificateAuthorityServiceServer) FetchCertificateAuthorityCsr
func (UnimplementedCertificateAuthorityServiceServer) FetchCertificateAuthorityCsr(context.Context, *FetchCertificateAuthorityCsrRequest) (*FetchCertificateAuthorityCsrResponse, error)func (UnimplementedCertificateAuthorityServiceServer) GetCaPool
func (UnimplementedCertificateAuthorityServiceServer) GetCaPool(context.Context, *GetCaPoolRequest) (*CaPool, error)func (UnimplementedCertificateAuthorityServiceServer) GetCertificate
func (UnimplementedCertificateAuthorityServiceServer) GetCertificate(context.Context, *GetCertificateRequest) (*Certificate, error)func (UnimplementedCertificateAuthorityServiceServer) GetCertificateAuthority
func (UnimplementedCertificateAuthorityServiceServer) GetCertificateAuthority(context.Context, *GetCertificateAuthorityRequest) (*CertificateAuthority, error)func (UnimplementedCertificateAuthorityServiceServer) GetCertificateRevocationList
func (UnimplementedCertificateAuthorityServiceServer) GetCertificateRevocationList(context.Context, *GetCertificateRevocationListRequest) (*CertificateRevocationList, error)func (UnimplementedCertificateAuthorityServiceServer) GetCertificateTemplate
func (UnimplementedCertificateAuthorityServiceServer) GetCertificateTemplate(context.Context, *GetCertificateTemplateRequest) (*CertificateTemplate, error)func (UnimplementedCertificateAuthorityServiceServer) ListCaPools
func (UnimplementedCertificateAuthorityServiceServer) ListCaPools(context.Context, *ListCaPoolsRequest) (*ListCaPoolsResponse, error)func (UnimplementedCertificateAuthorityServiceServer) ListCertificateAuthorities
func (UnimplementedCertificateAuthorityServiceServer) ListCertificateAuthorities(context.Context, *ListCertificateAuthoritiesRequest) (*ListCertificateAuthoritiesResponse, error)func (UnimplementedCertificateAuthorityServiceServer) ListCertificateRevocationLists
func (UnimplementedCertificateAuthorityServiceServer) ListCertificateRevocationLists(context.Context, *ListCertificateRevocationListsRequest) (*ListCertificateRevocationListsResponse, error)func (UnimplementedCertificateAuthorityServiceServer) ListCertificateTemplates
func (UnimplementedCertificateAuthorityServiceServer) ListCertificateTemplates(context.Context, *ListCertificateTemplatesRequest) (*ListCertificateTemplatesResponse, error)func (UnimplementedCertificateAuthorityServiceServer) ListCertificates
func (UnimplementedCertificateAuthorityServiceServer) ListCertificates(context.Context, *ListCertificatesRequest) (*ListCertificatesResponse, error)func (UnimplementedCertificateAuthorityServiceServer) RevokeCertificate
func (UnimplementedCertificateAuthorityServiceServer) RevokeCertificate(context.Context, *RevokeCertificateRequest) (*Certificate, error)func (UnimplementedCertificateAuthorityServiceServer) UndeleteCertificateAuthority
func (UnimplementedCertificateAuthorityServiceServer) UndeleteCertificateAuthority(context.Context, *UndeleteCertificateAuthorityRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) UpdateCaPool
func (UnimplementedCertificateAuthorityServiceServer) UpdateCaPool(context.Context, *UpdateCaPoolRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificate
func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificate(context.Context, *UpdateCertificateRequest) (*Certificate, error)func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateAuthority
func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateAuthority(context.Context, *UpdateCertificateAuthorityRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateRevocationList
func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateRevocationList(context.Context, *UpdateCertificateRevocationListRequest) (*longrunningpb.Operation, error)func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateTemplate
func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateTemplate(context.Context, *UpdateCertificateTemplateRequest) (*longrunningpb.Operation, error)UnsafeCertificateAuthorityServiceServer
type UnsafeCertificateAuthorityServiceServer interface {
// contains filtered or unexported methods
}UnsafeCertificateAuthorityServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to CertificateAuthorityServiceServer will result in compilation errors.
UpdateCaPoolRequest
type UpdateCaPoolRequest struct {
// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
// values.
CaPool *CaPool `protobuf:"bytes,1,opt,name=ca_pool,json=caPool,proto3" json:"ca_pool,omitempty"`
// Required. A list of fields to be updated in this request.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.UpdateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCaPool].
func (*UpdateCaPoolRequest) Descriptor
func (*UpdateCaPoolRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateCaPoolRequest.ProtoReflect.Descriptor instead.
func (*UpdateCaPoolRequest) GetCaPool
func (x *UpdateCaPoolRequest) GetCaPool() *CaPoolfunc (*UpdateCaPoolRequest) GetRequestId
func (x *UpdateCaPoolRequest) GetRequestId() stringfunc (*UpdateCaPoolRequest) GetUpdateMask
func (x *UpdateCaPoolRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdateCaPoolRequest) ProtoMessage
func (*UpdateCaPoolRequest) ProtoMessage()func (*UpdateCaPoolRequest) ProtoReflect
func (x *UpdateCaPoolRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateCaPoolRequest) Reset
func (x *UpdateCaPoolRequest) Reset()func (*UpdateCaPoolRequest) String
func (x *UpdateCaPoolRequest) String() stringUpdateCertificateAuthorityRequest
type UpdateCertificateAuthorityRequest struct {
// Required.
// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
// with updated values.
CertificateAuthority *CertificateAuthority `protobuf:"bytes,1,opt,name=certificate_authority,json=certificateAuthority,proto3" json:"certificate_authority,omitempty"`
// Required. A list of fields to be updated in this request.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateAuthority].
func (*UpdateCertificateAuthorityRequest) Descriptor
func (*UpdateCertificateAuthorityRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateCertificateAuthorityRequest.ProtoReflect.Descriptor instead.
func (*UpdateCertificateAuthorityRequest) GetCertificateAuthority
func (x *UpdateCertificateAuthorityRequest) GetCertificateAuthority() *CertificateAuthorityfunc (*UpdateCertificateAuthorityRequest) GetRequestId
func (x *UpdateCertificateAuthorityRequest) GetRequestId() stringfunc (*UpdateCertificateAuthorityRequest) GetUpdateMask
func (x *UpdateCertificateAuthorityRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdateCertificateAuthorityRequest) ProtoMessage
func (*UpdateCertificateAuthorityRequest) ProtoMessage()func (*UpdateCertificateAuthorityRequest) ProtoReflect
func (x *UpdateCertificateAuthorityRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateCertificateAuthorityRequest) Reset
func (x *UpdateCertificateAuthorityRequest) Reset()func (*UpdateCertificateAuthorityRequest) String
func (x *UpdateCertificateAuthorityRequest) String() stringUpdateCertificateRequest
type UpdateCertificateRequest struct {
// Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
// with updated values.
Certificate *Certificate `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
// Required. A list of fields to be updated in this request.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
func (*UpdateCertificateRequest) Descriptor
func (*UpdateCertificateRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateCertificateRequest.ProtoReflect.Descriptor instead.
func (*UpdateCertificateRequest) GetCertificate
func (x *UpdateCertificateRequest) GetCertificate() *Certificatefunc (*UpdateCertificateRequest) GetRequestId
func (x *UpdateCertificateRequest) GetRequestId() stringfunc (*UpdateCertificateRequest) GetUpdateMask
func (x *UpdateCertificateRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdateCertificateRequest) ProtoMessage
func (*UpdateCertificateRequest) ProtoMessage()func (*UpdateCertificateRequest) ProtoReflect
func (x *UpdateCertificateRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateCertificateRequest) Reset
func (x *UpdateCertificateRequest) Reset()func (*UpdateCertificateRequest) String
func (x *UpdateCertificateRequest) String() stringUpdateCertificateRevocationListRequest
type UpdateCertificateRevocationListRequest struct {
// Required.
// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
// with updated values.
CertificateRevocationList *CertificateRevocationList `protobuf:"bytes,1,opt,name=certificate_revocation_list,json=certificateRevocationList,proto3" json:"certificate_revocation_list,omitempty"`
// Required. A list of fields to be updated in this request.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateRevocationList].
func (*UpdateCertificateRevocationListRequest) Descriptor
func (*UpdateCertificateRevocationListRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateCertificateRevocationListRequest.ProtoReflect.Descriptor instead.
func (*UpdateCertificateRevocationListRequest) GetCertificateRevocationList
func (x *UpdateCertificateRevocationListRequest) GetCertificateRevocationList() *CertificateRevocationListfunc (*UpdateCertificateRevocationListRequest) GetRequestId
func (x *UpdateCertificateRevocationListRequest) GetRequestId() stringfunc (*UpdateCertificateRevocationListRequest) GetUpdateMask
func (x *UpdateCertificateRevocationListRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdateCertificateRevocationListRequest) ProtoMessage
func (*UpdateCertificateRevocationListRequest) ProtoMessage()func (*UpdateCertificateRevocationListRequest) ProtoReflect
func (x *UpdateCertificateRevocationListRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateCertificateRevocationListRequest) Reset
func (x *UpdateCertificateRevocationListRequest) Reset()func (*UpdateCertificateRevocationListRequest) String
func (x *UpdateCertificateRevocationListRequest) String() stringUpdateCertificateTemplateRequest
type UpdateCertificateTemplateRequest struct {
// Required.
// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
// with updated values.
CertificateTemplate *CertificateTemplate `protobuf:"bytes,1,opt,name=certificate_template,json=certificateTemplate,proto3" json:"certificate_template,omitempty"`
// Required. A list of fields to be updated in this request.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// Optional. An ID to identify requests. Specify a unique request ID so that
// if you must retry your request, the server will know to ignore the request
// if it has already been completed. The server will guarantee that for at
// least 60 minutes since the first request.
//
// For example, consider a situation where you make an initial request and
// the request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, will ignore the second request. This prevents
// clients from accidentally creating duplicate commitments.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}Request message for [CertificateAuthorityService.UpdateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateTemplate].
func (*UpdateCertificateTemplateRequest) Descriptor
func (*UpdateCertificateTemplateRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateCertificateTemplateRequest.ProtoReflect.Descriptor instead.
func (*UpdateCertificateTemplateRequest) GetCertificateTemplate
func (x *UpdateCertificateTemplateRequest) GetCertificateTemplate() *CertificateTemplatefunc (*UpdateCertificateTemplateRequest) GetRequestId
func (x *UpdateCertificateTemplateRequest) GetRequestId() stringfunc (*UpdateCertificateTemplateRequest) GetUpdateMask
func (x *UpdateCertificateTemplateRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdateCertificateTemplateRequest) ProtoMessage
func (*UpdateCertificateTemplateRequest) ProtoMessage()func (*UpdateCertificateTemplateRequest) ProtoReflect
func (x *UpdateCertificateTemplateRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateCertificateTemplateRequest) Reset
func (x *UpdateCertificateTemplateRequest) Reset()func (*UpdateCertificateTemplateRequest) String
func (x *UpdateCertificateTemplateRequest) String() stringX509Extension
type X509Extension struct {
// Required. The OID for this X.509 extension.
ObjectId *ObjectId `protobuf:"bytes,1,opt,name=object_id,json=objectId,proto3" json:"object_id,omitempty"`
// Optional. Indicates whether or not this extension is critical (i.e., if the
// client does not know how to handle this extension, the client should
// consider this to be an error).
Critical bool `protobuf:"varint,2,opt,name=critical,proto3" json:"critical,omitempty"`
// Required. The value of this X.509 extension.
Value []byte `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
// contains filtered or unexported fields
}An [X509Extension][google.cloud.security.privateca.v1.X509Extension] specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
func (*X509Extension) Descriptor
func (*X509Extension) Descriptor() ([]byte, []int)Deprecated: Use X509Extension.ProtoReflect.Descriptor instead.
func (*X509Extension) GetCritical
func (x *X509Extension) GetCritical() boolfunc (*X509Extension) GetObjectId
func (x *X509Extension) GetObjectId() *ObjectIdfunc (*X509Extension) GetValue
func (x *X509Extension) GetValue() []bytefunc (*X509Extension) ProtoMessage
func (*X509Extension) ProtoMessage()func (*X509Extension) ProtoReflect
func (x *X509Extension) ProtoReflect() protoreflect.Messagefunc (*X509Extension) Reset
func (x *X509Extension) Reset()func (*X509Extension) String
func (x *X509Extension) String() stringX509Parameters
type X509Parameters struct {
// Optional. Indicates the intended use for keys that correspond to a
// certificate.
KeyUsage *KeyUsage `protobuf:"bytes,1,opt,name=key_usage,json=keyUsage,proto3" json:"key_usage,omitempty"`
// Optional. Describes options in this
// [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that
// are relevant in a CA certificate. If not specified, a default basic
// constraints extension with `is_ca=false` will be added for leaf
// certificates.
CaOptions *X509Parameters_CaOptions `protobuf:"bytes,2,opt,name=ca_options,json=caOptions,proto3" json:"ca_options,omitempty"`
// Optional. Describes the X.509 certificate policy object identifiers, per
// https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
PolicyIds []*ObjectId `protobuf:"bytes,3,rep,name=policy_ids,json=policyIds,proto3" json:"policy_ids,omitempty"`
// Optional. Describes Online Certificate Status Protocol (OCSP) endpoint
// addresses that appear in the "Authority Information Access" extension in
// the certificate.
AiaOcspServers []string `protobuf:"bytes,4,rep,name=aia_ocsp_servers,json=aiaOcspServers,proto3" json:"aia_ocsp_servers,omitempty"`
// Optional. Describes the X.509 name constraints extension.
NameConstraints *X509Parameters_NameConstraints `protobuf:"bytes,6,opt,name=name_constraints,json=nameConstraints,proto3" json:"name_constraints,omitempty"`
// Optional. Describes custom X.509 extensions.
AdditionalExtensions []*X509Extension `protobuf:"bytes,5,rep,name=additional_extensions,json=additionalExtensions,proto3" json:"additional_extensions,omitempty"`
// contains filtered or unexported fields
}An [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] is used to describe certain fields of an X.509 certificate, such as the key usage fields, fields specific to CA certificates, certificate policy extensions and custom extensions.
func (*X509Parameters) Descriptor
func (*X509Parameters) Descriptor() ([]byte, []int)Deprecated: Use X509Parameters.ProtoReflect.Descriptor instead.
func (*X509Parameters) GetAdditionalExtensions
func (x *X509Parameters) GetAdditionalExtensions() []*X509Extensionfunc (*X509Parameters) GetAiaOcspServers
func (x *X509Parameters) GetAiaOcspServers() []stringfunc (*X509Parameters) GetCaOptions
func (x *X509Parameters) GetCaOptions() *X509Parameters_CaOptionsfunc (*X509Parameters) GetKeyUsage
func (x *X509Parameters) GetKeyUsage() *KeyUsagefunc (*X509Parameters) GetNameConstraints
func (x *X509Parameters) GetNameConstraints() *X509Parameters_NameConstraintsfunc (*X509Parameters) GetPolicyIds
func (x *X509Parameters) GetPolicyIds() []*ObjectIdfunc (*X509Parameters) ProtoMessage
func (*X509Parameters) ProtoMessage()func (*X509Parameters) ProtoReflect
func (x *X509Parameters) ProtoReflect() protoreflect.Messagefunc (*X509Parameters) Reset
func (x *X509Parameters) Reset()func (*X509Parameters) String
func (x *X509Parameters) String() stringX509Parameters_CaOptions
type X509Parameters_CaOptions struct {
// Optional. Refers to the "CA" boolean field in the X.509 extension.
// When this value is missing, the basic constraints extension will be
// omitted from the certificate.
IsCa *bool `protobuf:"varint,1,opt,name=is_ca,json=isCa,proto3,oneof" json:"is_ca,omitempty"`
// Optional. Refers to the path length constraint field in the X.509
// extension. For a CA certificate, this value describes the depth of
// subordinate CA certificates that are allowed. If this value is less than
// 0, the request will fail. If this value is missing, the max path length
// will be omitted from the certificate.
MaxIssuerPathLength *int32 `protobuf:"varint,2,opt,name=max_issuer_path_length,json=maxIssuerPathLength,proto3,oneof" json:"max_issuer_path_length,omitempty"`
// contains filtered or unexported fields
}Describes the X.509 basic constraints extension, per RFC 5280 section 4.2.1.9
func (*X509Parameters_CaOptions) Descriptor
func (*X509Parameters_CaOptions) Descriptor() ([]byte, []int)Deprecated: Use X509Parameters_CaOptions.ProtoReflect.Descriptor instead.
func (*X509Parameters_CaOptions) GetIsCa
func (x *X509Parameters_CaOptions) GetIsCa() boolfunc (*X509Parameters_CaOptions) GetMaxIssuerPathLength
func (x *X509Parameters_CaOptions) GetMaxIssuerPathLength() int32func (*X509Parameters_CaOptions) ProtoMessage
func (*X509Parameters_CaOptions) ProtoMessage()func (*X509Parameters_CaOptions) ProtoReflect
func (x *X509Parameters_CaOptions) ProtoReflect() protoreflect.Messagefunc (*X509Parameters_CaOptions) Reset
func (x *X509Parameters_CaOptions) Reset()func (*X509Parameters_CaOptions) String
func (x *X509Parameters_CaOptions) String() stringX509Parameters_NameConstraints
type X509Parameters_NameConstraints struct {
// Indicates whether or not the name constraints are marked critical.
Critical bool `protobuf:"varint,1,opt,name=critical,proto3" json:"critical,omitempty"`
// Contains permitted DNS names. Any DNS name that can be
// constructed by simply adding zero or more labels to
// the left-hand side of the name satisfies the name constraint.
// For example, `example.com`, `www.example.com`, `www.sub.example.com`
// would satisfy `example.com` while `example1.com` does not.
PermittedDnsNames []string `protobuf:"bytes,2,rep,name=permitted_dns_names,json=permittedDnsNames,proto3" json:"permitted_dns_names,omitempty"`
// Contains excluded DNS names. Any DNS name that can be
// constructed by simply adding zero or more labels to
// the left-hand side of the name satisfies the name constraint.
// For example, `example.com`, `www.example.com`, `www.sub.example.com`
// would satisfy `example.com` while `example1.com` does not.
ExcludedDnsNames []string `protobuf:"bytes,3,rep,name=excluded_dns_names,json=excludedDnsNames,proto3" json:"excluded_dns_names,omitempty"`
// Contains the permitted IP ranges. For IPv4 addresses, the ranges
// are expressed using CIDR notation as specified in RFC 4632.
// For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
// addresses.
PermittedIpRanges []string `protobuf:"bytes,4,rep,name=permitted_ip_ranges,json=permittedIpRanges,proto3" json:"permitted_ip_ranges,omitempty"`
// Contains the excluded IP ranges. For IPv4 addresses, the ranges
// are expressed using CIDR notation as specified in RFC 4632.
// For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
// addresses.
ExcludedIpRanges []string `protobuf:"bytes,5,rep,name=excluded_ip_ranges,json=excludedIpRanges,proto3" json:"excluded_ip_ranges,omitempty"`
// Contains the permitted email addresses. The value can be a particular
// email address, a hostname to indicate all email addresses on that host or
// a domain with a leading period (e.g. `.example.com`) to indicate
// all email addresses in that domain.
PermittedEmailAddresses []string `protobuf:"bytes,6,rep,name=permitted_email_addresses,json=permittedEmailAddresses,proto3" json:"permitted_email_addresses,omitempty"`
// Contains the excluded email addresses. The value can be a particular
// email address, a hostname to indicate all email addresses on that host or
// a domain with a leading period (e.g. `.example.com`) to indicate
// all email addresses in that domain.
ExcludedEmailAddresses []string `protobuf:"bytes,7,rep,name=excluded_email_addresses,json=excludedEmailAddresses,proto3" json:"excluded_email_addresses,omitempty"`
// Contains the permitted URIs that apply to the host part of the name.
// The value can be a hostname or a domain with a
// leading period (like `.example.com`)
PermittedUris []string `protobuf:"bytes,8,rep,name=permitted_uris,json=permittedUris,proto3" json:"permitted_uris,omitempty"`
// Contains the excluded URIs that apply to the host part of the name.
// The value can be a hostname or a domain with a
// leading period (like `.example.com`)
ExcludedUris []string `protobuf:"bytes,9,rep,name=excluded_uris,json=excludedUris,proto3" json:"excluded_uris,omitempty"`
// contains filtered or unexported fields
}Describes the X.509 name constraints extension, per https://tools.ietf.org/html/rfc5280#section-4.2.1.10
func (*X509Parameters_NameConstraints) Descriptor
func (*X509Parameters_NameConstraints) Descriptor() ([]byte, []int)Deprecated: Use X509Parameters_NameConstraints.ProtoReflect.Descriptor instead.
func (*X509Parameters_NameConstraints) GetCritical
func (x *X509Parameters_NameConstraints) GetCritical() boolfunc (*X509Parameters_NameConstraints) GetExcludedDnsNames
func (x *X509Parameters_NameConstraints) GetExcludedDnsNames() []stringfunc (*X509Parameters_NameConstraints) GetExcludedEmailAddresses
func (x *X509Parameters_NameConstraints) GetExcludedEmailAddresses() []stringfunc (*X509Parameters_NameConstraints) GetExcludedIpRanges
func (x *X509Parameters_NameConstraints) GetExcludedIpRanges() []stringfunc (*X509Parameters_NameConstraints) GetExcludedUris
func (x *X509Parameters_NameConstraints) GetExcludedUris() []stringfunc (*X509Parameters_NameConstraints) GetPermittedDnsNames
func (x *X509Parameters_NameConstraints) GetPermittedDnsNames() []stringfunc (*X509Parameters_NameConstraints) GetPermittedEmailAddresses
func (x *X509Parameters_NameConstraints) GetPermittedEmailAddresses() []stringfunc (*X509Parameters_NameConstraints) GetPermittedIpRanges
func (x *X509Parameters_NameConstraints) GetPermittedIpRanges() []stringfunc (*X509Parameters_NameConstraints) GetPermittedUris
func (x *X509Parameters_NameConstraints) GetPermittedUris() []stringfunc (*X509Parameters_NameConstraints) ProtoMessage
func (*X509Parameters_NameConstraints) ProtoMessage()func (*X509Parameters_NameConstraints) ProtoReflect
func (x *X509Parameters_NameConstraints) ProtoReflect() protoreflect.Messagefunc (*X509Parameters_NameConstraints) Reset
func (x *X509Parameters_NameConstraints) Reset()func (*X509Parameters_NameConstraints) String
func (x *X509Parameters_NameConstraints) String() string