privatecapb

package
v1.17.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 24, 2024 License: Apache-2.0 Imports: 15 Imported by: 12

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	RevocationReason_name = map[int32]string{
		0: "REVOCATION_REASON_UNSPECIFIED",
		1: "KEY_COMPROMISE",
		2: "CERTIFICATE_AUTHORITY_COMPROMISE",
		3: "AFFILIATION_CHANGED",
		4: "SUPERSEDED",
		5: "CESSATION_OF_OPERATION",
		6: "CERTIFICATE_HOLD",
		7: "PRIVILEGE_WITHDRAWN",
		8: "ATTRIBUTE_AUTHORITY_COMPROMISE",
	}
	RevocationReason_value = map[string]int32{
		"REVOCATION_REASON_UNSPECIFIED":    0,
		"KEY_COMPROMISE":                   1,
		"CERTIFICATE_AUTHORITY_COMPROMISE": 2,
		"AFFILIATION_CHANGED":              3,
		"SUPERSEDED":                       4,
		"CESSATION_OF_OPERATION":           5,
		"CERTIFICATE_HOLD":                 6,
		"PRIVILEGE_WITHDRAWN":              7,
		"ATTRIBUTE_AUTHORITY_COMPROMISE":   8,
	}
)

Enum value maps for RevocationReason.

View Source
var (
	SubjectRequestMode_name = map[int32]string{
		0: "SUBJECT_REQUEST_MODE_UNSPECIFIED",
		1: "DEFAULT",
		2: "REFLECTED_SPIFFE",
	}
	SubjectRequestMode_value = map[string]int32{
		"SUBJECT_REQUEST_MODE_UNSPECIFIED": 0,
		"DEFAULT":                          1,
		"REFLECTED_SPIFFE":                 2,
	}
)

Enum value maps for SubjectRequestMode.

View Source
var (
	CertificateAuthority_Type_name = map[int32]string{
		0: "TYPE_UNSPECIFIED",
		1: "SELF_SIGNED",
		2: "SUBORDINATE",
	}
	CertificateAuthority_Type_value = map[string]int32{
		"TYPE_UNSPECIFIED": 0,
		"SELF_SIGNED":      1,
		"SUBORDINATE":      2,
	}
)

Enum value maps for CertificateAuthority_Type.

View Source
var (
	CertificateAuthority_State_name = map[int32]string{
		0: "STATE_UNSPECIFIED",
		1: "ENABLED",
		2: "DISABLED",
		3: "STAGED",
		4: "AWAITING_USER_ACTIVATION",
		5: "DELETED",
	}
	CertificateAuthority_State_value = map[string]int32{
		"STATE_UNSPECIFIED":        0,
		"ENABLED":                  1,
		"DISABLED":                 2,
		"STAGED":                   3,
		"AWAITING_USER_ACTIVATION": 4,
		"DELETED":                  5,
	}
)

Enum value maps for CertificateAuthority_State.

View Source
var (
	CertificateAuthority_SignHashAlgorithm_name = map[int32]string{
		0: "SIGN_HASH_ALGORITHM_UNSPECIFIED",
		1: "RSA_PSS_2048_SHA256",
		2: "RSA_PSS_3072_SHA256",
		3: "RSA_PSS_4096_SHA256",
		6: "RSA_PKCS1_2048_SHA256",
		7: "RSA_PKCS1_3072_SHA256",
		8: "RSA_PKCS1_4096_SHA256",
		4: "EC_P256_SHA256",
		5: "EC_P384_SHA384",
	}
	CertificateAuthority_SignHashAlgorithm_value = map[string]int32{
		"SIGN_HASH_ALGORITHM_UNSPECIFIED": 0,
		"RSA_PSS_2048_SHA256":             1,
		"RSA_PSS_3072_SHA256":             2,
		"RSA_PSS_4096_SHA256":             3,
		"RSA_PKCS1_2048_SHA256":           6,
		"RSA_PKCS1_3072_SHA256":           7,
		"RSA_PKCS1_4096_SHA256":           8,
		"EC_P256_SHA256":                  4,
		"EC_P384_SHA384":                  5,
	}
)

Enum value maps for CertificateAuthority_SignHashAlgorithm.

View Source
var (
	CaPool_Tier_name = map[int32]string{
		0: "TIER_UNSPECIFIED",
		1: "ENTERPRISE",
		2: "DEVOPS",
	}
	CaPool_Tier_value = map[string]int32{
		"TIER_UNSPECIFIED": 0,
		"ENTERPRISE":       1,
		"DEVOPS":           2,
	}
)

Enum value maps for CaPool_Tier.

View Source
var (
	CaPool_PublishingOptions_EncodingFormat_name = map[int32]string{
		0: "ENCODING_FORMAT_UNSPECIFIED",
		1: "PEM",
		2: "DER",
	}
	CaPool_PublishingOptions_EncodingFormat_value = map[string]int32{
		"ENCODING_FORMAT_UNSPECIFIED": 0,
		"PEM":                         1,
		"DER":                         2,
	}
)

Enum value maps for CaPool_PublishingOptions_EncodingFormat.

View Source
var (
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_name = map[int32]string{
		0: "EC_SIGNATURE_ALGORITHM_UNSPECIFIED",
		1: "ECDSA_P256",
		2: "ECDSA_P384",
		3: "EDDSA_25519",
	}
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_value = map[string]int32{
		"EC_SIGNATURE_ALGORITHM_UNSPECIFIED": 0,
		"ECDSA_P256":                         1,
		"ECDSA_P384":                         2,
		"EDDSA_25519":                        3,
	}
)

Enum value maps for CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm.

View Source
var (
	CertificateRevocationList_State_name = map[int32]string{
		0: "STATE_UNSPECIFIED",
		1: "ACTIVE",
		2: "SUPERSEDED",
	}
	CertificateRevocationList_State_value = map[string]int32{
		"STATE_UNSPECIFIED": 0,
		"ACTIVE":            1,
		"SUPERSEDED":        2,
	}
)

Enum value maps for CertificateRevocationList_State.

View Source
var (
	PublicKey_KeyFormat_name = map[int32]string{
		0: "KEY_FORMAT_UNSPECIFIED",
		1: "PEM",
	}
	PublicKey_KeyFormat_value = map[string]int32{
		"KEY_FORMAT_UNSPECIFIED": 0,
		"PEM":                    1,
	}
)

Enum value maps for PublicKey_KeyFormat.

View Source
var (
	CertificateExtensionConstraints_KnownCertificateExtension_name = map[int32]string{
		0: "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED",
		1: "BASE_KEY_USAGE",
		2: "EXTENDED_KEY_USAGE",
		3: "CA_OPTIONS",
		4: "POLICY_IDS",
		5: "AIA_OCSP_SERVERS",
		6: "NAME_CONSTRAINTS",
	}
	CertificateExtensionConstraints_KnownCertificateExtension_value = map[string]int32{
		"KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED": 0,
		"BASE_KEY_USAGE":     1,
		"EXTENDED_KEY_USAGE": 2,
		"CA_OPTIONS":         3,
		"POLICY_IDS":         4,
		"AIA_OCSP_SERVERS":   5,
		"NAME_CONSTRAINTS":   6,
	}
)

Enum value maps for CertificateExtensionConstraints_KnownCertificateExtension.

View Source
var File_google_cloud_security_privateca_v1_resources_proto protoreflect.FileDescriptor
View Source
var File_google_cloud_security_privateca_v1_service_proto protoreflect.FileDescriptor

Functions

func RegisterCertificateAuthorityServiceServer

func RegisterCertificateAuthorityServiceServer(s *grpc.Server, srv CertificateAuthorityServiceServer)

Types

type ActivateCertificateAuthorityRequest

type ActivateCertificateAuthorityRequest struct {

	// Required. The resource name for this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The signed CA certificate issued from
	// [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
	PemCaCertificate string `protobuf:"bytes,2,opt,name=pem_ca_certificate,json=pemCaCertificate,proto3" json:"pem_ca_certificate,omitempty"`
	// Required. Must include information about the issuer of
	// 'pem_ca_certificate', and any further issuers until the self-signed CA.
	SubordinateConfig *SubordinateConfig `protobuf:"bytes,3,opt,name=subordinate_config,json=subordinateConfig,proto3" json:"subordinate_config,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and
	// the request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].

func (*ActivateCertificateAuthorityRequest) Descriptor deprecated

func (*ActivateCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use ActivateCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*ActivateCertificateAuthorityRequest) GetName

func (*ActivateCertificateAuthorityRequest) GetPemCaCertificate

func (x *ActivateCertificateAuthorityRequest) GetPemCaCertificate() string

func (*ActivateCertificateAuthorityRequest) GetRequestId

func (x *ActivateCertificateAuthorityRequest) GetRequestId() string

func (*ActivateCertificateAuthorityRequest) GetSubordinateConfig

func (x *ActivateCertificateAuthorityRequest) GetSubordinateConfig() *SubordinateConfig

func (*ActivateCertificateAuthorityRequest) ProtoMessage

func (*ActivateCertificateAuthorityRequest) ProtoMessage()

func (*ActivateCertificateAuthorityRequest) ProtoReflect

func (*ActivateCertificateAuthorityRequest) Reset

func (*ActivateCertificateAuthorityRequest) String

type CaPool

type CaPool struct {

	// Output only. The resource name for this
	// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
	// `projects/*/locations/*/caPools/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. Immutable. The
	// [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	Tier CaPool_Tier `protobuf:"varint,2,opt,name=tier,proto3,enum=google.cloud.security.privateca.v1.CaPool_Tier" json:"tier,omitempty"`
	// Optional. The
	// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
	// to control how
	// [Certificates][google.cloud.security.privateca.v1.Certificate] will be
	// issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
	IssuancePolicy *CaPool_IssuancePolicy `protobuf:"bytes,3,opt,name=issuance_policy,json=issuancePolicy,proto3" json:"issuance_policy,omitempty"`
	// Optional. The
	// [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions]
	// to follow when issuing
	// [Certificates][google.cloud.security.privateca.v1.Certificate] from any
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in this [CaPool][google.cloud.security.privateca.v1.CaPool].
	PublishingOptions *CaPool_PublishingOptions `protobuf:"bytes,4,opt,name=publishing_options,json=publishingOptions,proto3" json:"publishing_options,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 153-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CaPool[google.cloud.security.privateca.v1.CaPool] represents a group of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] that form a trust anchor. A CaPool[google.cloud.security.privateca.v1.CaPool] can be used to manage issuance policies for one or more CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] resources and to rotate CA certificates in and out of the trust anchor.

func (*CaPool) Descriptor deprecated

func (*CaPool) Descriptor() ([]byte, []int)

Deprecated: Use CaPool.ProtoReflect.Descriptor instead.

func (*CaPool) GetIssuancePolicy

func (x *CaPool) GetIssuancePolicy() *CaPool_IssuancePolicy

func (*CaPool) GetLabels

func (x *CaPool) GetLabels() map[string]string

func (*CaPool) GetName

func (x *CaPool) GetName() string

func (*CaPool) GetPublishingOptions

func (x *CaPool) GetPublishingOptions() *CaPool_PublishingOptions

func (*CaPool) GetTier

func (x *CaPool) GetTier() CaPool_Tier

func (*CaPool) ProtoMessage

func (*CaPool) ProtoMessage()

func (*CaPool) ProtoReflect

func (x *CaPool) ProtoReflect() protoreflect.Message

func (*CaPool) Reset

func (x *CaPool) Reset()

func (*CaPool) String

func (x *CaPool) String() string

type CaPool_IssuancePolicy

type CaPool_IssuancePolicy struct {

	// Optional. If any
	// [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
	// is specified, then the certificate request's public key must match one of
	// the key types listed here. Otherwise, any key may be used.
	AllowedKeyTypes []*CaPool_IssuancePolicy_AllowedKeyType `protobuf:"bytes,1,rep,name=allowed_key_types,json=allowedKeyTypes,proto3" json:"allowed_key_types,omitempty"`
	// Optional. The maximum lifetime allowed for issued
	// [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
	// if the issuing
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// expires before a
	// [Certificate][google.cloud.security.privateca.v1.Certificate] resource's
	// requested maximum_lifetime, the effective lifetime will be explicitly
	// truncated to match it.
	MaximumLifetime *durationpb.Duration `protobuf:"bytes,2,opt,name=maximum_lifetime,json=maximumLifetime,proto3" json:"maximum_lifetime,omitempty"`
	// Optional. If specified, then only methods allowed in the
	// [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
	// may be used to issue
	// [Certificates][google.cloud.security.privateca.v1.Certificate].
	AllowedIssuanceModes *CaPool_IssuancePolicy_IssuanceModes `protobuf:"bytes,3,opt,name=allowed_issuance_modes,json=allowedIssuanceModes,proto3" json:"allowed_issuance_modes,omitempty"`
	// Optional. A set of X.509 values that will be applied to all certificates
	// issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
	// If a certificate request includes conflicting values for the same
	// properties, they will be overwritten by the values defined here. If a
	// certificate request uses a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// that defines conflicting
	// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
	// for the same properties, the certificate issuance request will fail.
	BaselineValues *X509Parameters `protobuf:"bytes,4,opt,name=baseline_values,json=baselineValues,proto3" json:"baseline_values,omitempty"`
	// Optional. Describes constraints on identities that may appear in
	// [Certificates][google.cloud.security.privateca.v1.Certificate] issued
	// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
	// is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
	// will not add restrictions on a certificate's identity.
	IdentityConstraints *CertificateIdentityConstraints `protobuf:"bytes,5,opt,name=identity_constraints,json=identityConstraints,proto3" json:"identity_constraints,omitempty"`
	// Optional. Describes the set of X.509 extensions that may appear in a
	// [Certificate][google.cloud.security.privateca.v1.Certificate] issued
	// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
	// certificate request sets extensions that don't appear in the
	// [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
	// those extensions will be dropped. If a certificate request uses a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// with
	// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
	// that don't appear here, the certificate issuance request will fail. If
	// this is omitted, then this
	// [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
	// restrictions on a certificate's X.509 extensions. These constraints do
	// not apply to X.509 extensions set in this
	// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
	// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
	PassthroughExtensions *CertificateExtensionConstraints `protobuf:"bytes,6,opt,name=passthrough_extensions,json=passthroughExtensions,proto3" json:"passthrough_extensions,omitempty"`
	// contains filtered or unexported fields
}

Defines controls over all certificate issuance within a CaPool[google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy) Descriptor deprecated

func (*CaPool_IssuancePolicy) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy) GetAllowedIssuanceModes

func (x *CaPool_IssuancePolicy) GetAllowedIssuanceModes() *CaPool_IssuancePolicy_IssuanceModes

func (*CaPool_IssuancePolicy) GetAllowedKeyTypes

func (*CaPool_IssuancePolicy) GetBaselineValues

func (x *CaPool_IssuancePolicy) GetBaselineValues() *X509Parameters

func (*CaPool_IssuancePolicy) GetIdentityConstraints

func (x *CaPool_IssuancePolicy) GetIdentityConstraints() *CertificateIdentityConstraints

func (*CaPool_IssuancePolicy) GetMaximumLifetime

func (x *CaPool_IssuancePolicy) GetMaximumLifetime() *durationpb.Duration

func (*CaPool_IssuancePolicy) GetPassthroughExtensions

func (x *CaPool_IssuancePolicy) GetPassthroughExtensions() *CertificateExtensionConstraints

func (*CaPool_IssuancePolicy) ProtoMessage

func (*CaPool_IssuancePolicy) ProtoMessage()

func (*CaPool_IssuancePolicy) ProtoReflect

func (x *CaPool_IssuancePolicy) ProtoReflect() protoreflect.Message

func (*CaPool_IssuancePolicy) Reset

func (x *CaPool_IssuancePolicy) Reset()

func (*CaPool_IssuancePolicy) String

func (x *CaPool_IssuancePolicy) String() string

type CaPool_IssuancePolicy_AllowedKeyType

type CaPool_IssuancePolicy_AllowedKeyType struct {

	// Types that are assignable to KeyType:
	//
	//	*CaPool_IssuancePolicy_AllowedKeyType_Rsa
	//	*CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve
	KeyType isCaPool_IssuancePolicy_AllowedKeyType_KeyType `protobuf_oneof:"key_type"`
	// contains filtered or unexported fields
}

Describes a "type" of key that may be used in a Certificate[google.cloud.security.privateca.v1.Certificate] issued from a CaPool[google.cloud.security.privateca.v1.CaPool]. Note that a single [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] may refer to either a fully-qualified key algorithm, such as RSA 4096, or a family of key algorithms, such as any RSA key.

func (*CaPool_IssuancePolicy_AllowedKeyType) Descriptor deprecated

func (*CaPool_IssuancePolicy_AllowedKeyType) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_AllowedKeyType) GetEllipticCurve

func (*CaPool_IssuancePolicy_AllowedKeyType) GetKeyType

func (m *CaPool_IssuancePolicy_AllowedKeyType) GetKeyType() isCaPool_IssuancePolicy_AllowedKeyType_KeyType

func (*CaPool_IssuancePolicy_AllowedKeyType) GetRsa

func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoMessage

func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoMessage()

func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoReflect

func (*CaPool_IssuancePolicy_AllowedKeyType) Reset

func (*CaPool_IssuancePolicy_AllowedKeyType) String

type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType

type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType struct {

	// Optional. A signature algorithm that must be used. If this is
	// omitted, any EC-based signature algorithm will be allowed.
	SignatureAlgorithm CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm `` /* 224-byte string literal not displayed */
	// contains filtered or unexported fields
}

Describes an Elliptic Curve key that may be used in a Certificate[google.cloud.security.privateca.v1.Certificate] issued from a CaPool[google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Descriptor deprecated

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_EcKeyType.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) GetSignatureAlgorithm

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoMessage

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoReflect

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Reset

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) String

type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm

type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm int32

Describes an elliptic curve-based signature algorithm that may be used in a Certificate[google.cloud.security.privateca.v1.Certificate] issued from a CaPool[google.cloud.security.privateca.v1.CaPool].

const (
	// Not specified. Signifies that any signature algorithm may be used.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EC_SIGNATURE_ALGORITHM_UNSPECIFIED CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 0
	// Refers to the Elliptic Curve Digital Signature Algorithm over the
	// NIST P-256 curve.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P256 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 1
	// Refers to the Elliptic Curve Digital Signature Algorithm over the
	// NIST P-384 curve.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P384 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 2
	// Refers to the Edwards-curve Digital Signature Algorithm over curve
	// 25519, as described in RFC 8410.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EDDSA_25519 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 3
)

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Descriptor

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Enum

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) EnumDescriptor deprecated

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm.Descriptor instead.

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Number

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) String

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Type

type CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve

type CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve struct {
	// Represents an allowed Elliptic Curve key type.
	EllipticCurve *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType `protobuf:"bytes,2,opt,name=elliptic_curve,json=ellipticCurve,proto3,oneof"`
}

type CaPool_IssuancePolicy_AllowedKeyType_Rsa

type CaPool_IssuancePolicy_AllowedKeyType_Rsa struct {
	// Represents an allowed RSA key type.
	Rsa *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType `protobuf:"bytes,1,opt,name=rsa,proto3,oneof"`
}

type CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType

type CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType struct {

	// Optional. The minimum allowed RSA modulus size (inclusive), in bits.
	// If this is not set, or if set to zero, the service-level min RSA
	// modulus size will continue to apply.
	MinModulusSize int64 `protobuf:"varint,1,opt,name=min_modulus_size,json=minModulusSize,proto3" json:"min_modulus_size,omitempty"`
	// Optional. The maximum allowed RSA modulus size (inclusive), in bits.
	// If this is not set, or if set to zero, the service will not enforce
	// an explicit upper bound on RSA modulus sizes.
	MaxModulusSize int64 `protobuf:"varint,2,opt,name=max_modulus_size,json=maxModulusSize,proto3" json:"max_modulus_size,omitempty"`
	// contains filtered or unexported fields
}

Describes an RSA key that may be used in a Certificate[google.cloud.security.privateca.v1.Certificate] issued from a CaPool[google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Descriptor deprecated

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMaxModulusSize

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMinModulusSize

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoMessage

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoReflect

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Reset

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) String

type CaPool_IssuancePolicy_IssuanceModes

type CaPool_IssuancePolicy_IssuanceModes struct {

	// Optional. When true, allows callers to create
	// [Certificates][google.cloud.security.privateca.v1.Certificate] by
	// specifying a CSR.
	AllowCsrBasedIssuance bool `` /* 129-byte string literal not displayed */
	// Optional. When true, allows callers to create
	// [Certificates][google.cloud.security.privateca.v1.Certificate] by
	// specifying a
	// [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
	AllowConfigBasedIssuance bool `` /* 138-byte string literal not displayed */
	// contains filtered or unexported fields
}

[IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] specifies the allowed ways in which [Certificates][google.cloud.security.privateca.v1.Certificate] may be requested from this CaPool[google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy_IssuanceModes) Descriptor deprecated

func (*CaPool_IssuancePolicy_IssuanceModes) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy_IssuanceModes.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_IssuanceModes) GetAllowConfigBasedIssuance

func (x *CaPool_IssuancePolicy_IssuanceModes) GetAllowConfigBasedIssuance() bool

func (*CaPool_IssuancePolicy_IssuanceModes) GetAllowCsrBasedIssuance

func (x *CaPool_IssuancePolicy_IssuanceModes) GetAllowCsrBasedIssuance() bool

func (*CaPool_IssuancePolicy_IssuanceModes) ProtoMessage

func (*CaPool_IssuancePolicy_IssuanceModes) ProtoMessage()

func (*CaPool_IssuancePolicy_IssuanceModes) ProtoReflect

func (*CaPool_IssuancePolicy_IssuanceModes) Reset

func (*CaPool_IssuancePolicy_IssuanceModes) String

type CaPool_PublishingOptions

type CaPool_PublishingOptions struct {

	// Optional. When true, publishes each
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
	// CA certificate and includes its URL in the "Authority Information Access"
	// X.509 extension in all issued
	// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
	// is false, the CA certificate will not be published and the corresponding
	// X.509 extension will not be written in issued certificates.
	PublishCaCert bool `protobuf:"varint,1,opt,name=publish_ca_cert,json=publishCaCert,proto3" json:"publish_ca_cert,omitempty"`
	// Optional. When true, publishes each
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
	// CRL and includes its URL in the "CRL Distribution Points" X.509 extension
	// in all issued
	// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
	// is false, CRLs will not be published and the corresponding X.509
	// extension will not be written in issued certificates. CRLs will expire 7
	// days from their creation. However, we will rebuild daily. CRLs are also
	// rebuilt shortly after a certificate is revoked.
	PublishCrl bool `protobuf:"varint,2,opt,name=publish_crl,json=publishCrl,proto3" json:"publish_crl,omitempty"`
	// Optional. Specifies the encoding format of each
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// resource's CA certificate and CRLs. If this is omitted, CA certificates
	// and CRLs will be published in PEM.
	EncodingFormat CaPool_PublishingOptions_EncodingFormat `` /* 184-byte string literal not displayed */
	// contains filtered or unexported fields
}

Options relating to the publication of each CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and CRLs and their inclusion as extensions in issued [Certificates][google.cloud.security.privateca.v1.Certificate]. The options set here apply to certificates issued by any CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] in the CaPool[google.cloud.security.privateca.v1.CaPool].

func (*CaPool_PublishingOptions) Descriptor deprecated

func (*CaPool_PublishingOptions) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_PublishingOptions.ProtoReflect.Descriptor instead.

func (*CaPool_PublishingOptions) GetEncodingFormat added in v1.16.0

func (*CaPool_PublishingOptions) GetPublishCaCert

func (x *CaPool_PublishingOptions) GetPublishCaCert() bool

func (*CaPool_PublishingOptions) GetPublishCrl

func (x *CaPool_PublishingOptions) GetPublishCrl() bool

func (*CaPool_PublishingOptions) ProtoMessage

func (*CaPool_PublishingOptions) ProtoMessage()

func (*CaPool_PublishingOptions) ProtoReflect

func (x *CaPool_PublishingOptions) ProtoReflect() protoreflect.Message

func (*CaPool_PublishingOptions) Reset

func (x *CaPool_PublishingOptions) Reset()

func (*CaPool_PublishingOptions) String

func (x *CaPool_PublishingOptions) String() string

type CaPool_PublishingOptions_EncodingFormat added in v1.16.0

type CaPool_PublishingOptions_EncodingFormat int32

Supported encoding formats for publishing.

const (
	// Not specified. By default, PEM format will be used.
	CaPool_PublishingOptions_ENCODING_FORMAT_UNSPECIFIED CaPool_PublishingOptions_EncodingFormat = 0
	// The
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
	// CA certificate and CRLs will be published in PEM format.
	CaPool_PublishingOptions_PEM CaPool_PublishingOptions_EncodingFormat = 1
	// The
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
	// CA certificate and CRLs will be published in DER format.
	CaPool_PublishingOptions_DER CaPool_PublishingOptions_EncodingFormat = 2
)

func (CaPool_PublishingOptions_EncodingFormat) Descriptor added in v1.16.0

func (CaPool_PublishingOptions_EncodingFormat) Enum added in v1.16.0

func (CaPool_PublishingOptions_EncodingFormat) EnumDescriptor deprecated added in v1.16.0

func (CaPool_PublishingOptions_EncodingFormat) EnumDescriptor() ([]byte, []int)

Deprecated: Use CaPool_PublishingOptions_EncodingFormat.Descriptor instead.

func (CaPool_PublishingOptions_EncodingFormat) Number added in v1.16.0

func (CaPool_PublishingOptions_EncodingFormat) String added in v1.16.0

func (CaPool_PublishingOptions_EncodingFormat) Type added in v1.16.0

type CaPool_Tier

type CaPool_Tier int32

The tier of a CaPool[google.cloud.security.privateca.v1.CaPool], indicating its supported functionality and/or billing SKU.

const (
	// Not specified.
	CaPool_TIER_UNSPECIFIED CaPool_Tier = 0
	// Enterprise tier.
	CaPool_ENTERPRISE CaPool_Tier = 1
	// DevOps tier.
	CaPool_DEVOPS CaPool_Tier = 2
)

func (CaPool_Tier) Descriptor

func (CaPool_Tier) Enum

func (x CaPool_Tier) Enum() *CaPool_Tier

func (CaPool_Tier) EnumDescriptor deprecated

func (CaPool_Tier) EnumDescriptor() ([]byte, []int)

Deprecated: Use CaPool_Tier.Descriptor instead.

func (CaPool_Tier) Number

func (x CaPool_Tier) Number() protoreflect.EnumNumber

func (CaPool_Tier) String

func (x CaPool_Tier) String() string

func (CaPool_Tier) Type

type Certificate

type Certificate struct {

	// Output only. The resource name for this
	// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
	// `projects/*/locations/*/caPools/*/certificates/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The config used to create a signed X.509 certificate.
	//
	// Types that are assignable to CertificateConfig:
	//
	//	*Certificate_PemCsr
	//	*Certificate_Config
	CertificateConfig isCertificate_CertificateConfig `protobuf_oneof:"certificate_config"`
	// Output only. The resource name of the issuing
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	IssuerCertificateAuthority string `` /* 141-byte string literal not displayed */
	// Required. Immutable. The desired lifetime of a certificate. Used to create
	// the "not_before_time" and "not_after_time" fields inside an X.509
	// certificate. Note that the lifetime may be truncated if it would extend
	// past the life of any certificate authority in the issuing chain.
	Lifetime *durationpb.Duration `protobuf:"bytes,5,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// Immutable. The resource name for a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// used to issue this certificate, in the format
	// `projects/*/locations/*/certificateTemplates/*`.
	// If this is specified, the caller must have the necessary permission to
	// use this template. If this is omitted, no template will be used.
	// This template must be in the same location as the
	// [Certificate][google.cloud.security.privateca.v1.Certificate].
	CertificateTemplate string `protobuf:"bytes,6,opt,name=certificate_template,json=certificateTemplate,proto3" json:"certificate_template,omitempty"`
	// Immutable. Specifies how the
	// [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity
	// fields are to be decided. If this is omitted, the `DEFAULT` subject mode
	// will be used.
	SubjectMode SubjectRequestMode `` /* 154-byte string literal not displayed */
	// Output only. Details regarding the revocation of this
	// [Certificate][google.cloud.security.privateca.v1.Certificate]. This
	// [Certificate][google.cloud.security.privateca.v1.Certificate] is considered
	// revoked if and only if this field is present.
	RevocationDetails *Certificate_RevocationDetails `protobuf:"bytes,8,opt,name=revocation_details,json=revocationDetails,proto3" json:"revocation_details,omitempty"`
	// Output only. The pem-encoded, signed X.509 certificate.
	PemCertificate string `protobuf:"bytes,9,opt,name=pem_certificate,json=pemCertificate,proto3" json:"pem_certificate,omitempty"`
	// Output only. A structured description of the issued X.509 certificate.
	CertificateDescription *CertificateDescription `` /* 128-byte string literal not displayed */
	// Output only. The chain that may be used to verify the X.509 certificate.
	// Expected to be in issuer-to-root order according to RFC 5246.
	PemCertificateChain []string `protobuf:"bytes,11,rep,name=pem_certificate_chain,json=pemCertificateChain,proto3" json:"pem_certificate_chain,omitempty"`
	// Output only. The time at which this
	// [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,12,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this
	// [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

A Certificate[google.cloud.security.privateca.v1.Certificate] corresponds to a signed X.509 certificate issued by a CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority].

func (*Certificate) Descriptor deprecated

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCertificateConfig

func (m *Certificate) GetCertificateConfig() isCertificate_CertificateConfig

func (*Certificate) GetCertificateDescription

func (x *Certificate) GetCertificateDescription() *CertificateDescription

func (*Certificate) GetCertificateTemplate

func (x *Certificate) GetCertificateTemplate() string

func (*Certificate) GetConfig

func (x *Certificate) GetConfig() *CertificateConfig

func (*Certificate) GetCreateTime

func (x *Certificate) GetCreateTime() *timestamppb.Timestamp

func (*Certificate) GetIssuerCertificateAuthority

func (x *Certificate) GetIssuerCertificateAuthority() string

func (*Certificate) GetLabels

func (x *Certificate) GetLabels() map[string]string

func (*Certificate) GetLifetime

func (x *Certificate) GetLifetime() *durationpb.Duration

func (*Certificate) GetName

func (x *Certificate) GetName() string

func (*Certificate) GetPemCertificate

func (x *Certificate) GetPemCertificate() string

func (*Certificate) GetPemCertificateChain

func (x *Certificate) GetPemCertificateChain() []string

func (*Certificate) GetPemCsr

func (x *Certificate) GetPemCsr() string

func (*Certificate) GetRevocationDetails

func (x *Certificate) GetRevocationDetails() *Certificate_RevocationDetails

func (*Certificate) GetSubjectMode

func (x *Certificate) GetSubjectMode() SubjectRequestMode

func (*Certificate) GetUpdateTime

func (x *Certificate) GetUpdateTime() *timestamppb.Timestamp

func (*Certificate) ProtoMessage

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset

func (x *Certificate) Reset()

func (*Certificate) String

func (x *Certificate) String() string

type CertificateAuthority

type CertificateAuthority struct {

	// Output only. The resource name for this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. Immutable. The
	// [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
	// this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	Type CertificateAuthority_Type `` /* 128-byte string literal not displayed */
	// Required. Immutable. The config used to create a self-signed X.509
	// certificate or CSR.
	Config *CertificateConfig `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
	// Required. Immutable. The desired lifetime of the CA certificate. Used to
	// create the "not_before_time" and "not_after_time" fields inside an X.509
	// certificate.
	Lifetime *durationpb.Duration `protobuf:"bytes,4,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// Required. Immutable. Used when issuing certificates for this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	// If this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// is a self-signed CertificateAuthority, this key is also used to sign the
	// self-signed CA certificate. Otherwise, it is used to sign a CSR.
	KeySpec *CertificateAuthority_KeyVersionSpec `protobuf:"bytes,5,opt,name=key_spec,json=keySpec,proto3" json:"key_spec,omitempty"`
	// Optional. If this is a subordinate
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
	// this field will be set with the subordinate configuration, which describes
	// its issuers. This may be updated, but this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// must continue to validate.
	SubordinateConfig *SubordinateConfig `protobuf:"bytes,6,opt,name=subordinate_config,json=subordinateConfig,proto3" json:"subordinate_config,omitempty"`
	// Output only. The
	// [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the
	// [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	Tier CaPool_Tier `protobuf:"varint,7,opt,name=tier,proto3,enum=google.cloud.security.privateca.v1.CaPool_Tier" json:"tier,omitempty"`
	// Output only. The
	// [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for
	// this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	State CertificateAuthority_State `` /* 131-byte string literal not displayed */
	// Output only. This
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
	// certificate chain, including the current
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
	// certificate. Ordered such that the root issuer is the final element
	// (consistent with RFC 5246). For a self-signed CA, this will only list the
	// current
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
	// certificate.
	PemCaCertificates []string `protobuf:"bytes,9,rep,name=pem_ca_certificates,json=pemCaCertificates,proto3" json:"pem_ca_certificates,omitempty"`
	// Output only. A structured description of this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
	// CA certificate and its issuers. Ordered as self-to-root.
	CaCertificateDescriptions []*CertificateDescription `` /* 139-byte string literal not displayed */
	// Immutable. The name of a Cloud Storage bucket where this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// will publish content, such as the CA certificate and CRLs. This must be a
	// bucket name, without any prefixes (such as `gs://`) or suffixes (such as
	// `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
	// would simply specify `my-bucket`. If not specified, a managed bucket will
	// be created.
	GcsBucket string `protobuf:"bytes,11,opt,name=gcs_bucket,json=gcsBucket,proto3" json:"gcs_bucket,omitempty"`
	// Output only. URLs for accessing content published by this CA, such as the
	// CA certificate and CRLs.
	AccessUrls *CertificateAuthority_AccessUrls `protobuf:"bytes,12,opt,name=access_urls,json=accessUrls,proto3" json:"access_urls,omitempty"`
	// Output only. The time at which this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// was last updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,14,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Output only. The time at which this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// was soft deleted, if it is in the
	// [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
	// state.
	DeleteTime *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=delete_time,json=deleteTime,proto3" json:"delete_time,omitempty"`
	// Output only. The time at which this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// will be permanently purged, if it is in the
	// [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
	// state.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,16,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] represents an individual Certificate Authority. A CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] can be used to create [Certificates][google.cloud.security.privateca.v1.Certificate].

func (*CertificateAuthority) Descriptor deprecated

func (*CertificateAuthority) Descriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority.ProtoReflect.Descriptor instead.

func (*CertificateAuthority) GetAccessUrls

func (*CertificateAuthority) GetCaCertificateDescriptions

func (x *CertificateAuthority) GetCaCertificateDescriptions() []*CertificateDescription

func (*CertificateAuthority) GetConfig

func (x *CertificateAuthority) GetConfig() *CertificateConfig

func (*CertificateAuthority) GetCreateTime

func (x *CertificateAuthority) GetCreateTime() *timestamppb.Timestamp

func (*CertificateAuthority) GetDeleteTime

func (x *CertificateAuthority) GetDeleteTime() *timestamppb.Timestamp

func (*CertificateAuthority) GetExpireTime

func (x *CertificateAuthority) GetExpireTime() *timestamppb.Timestamp

func (*CertificateAuthority) GetGcsBucket

func (x *CertificateAuthority) GetGcsBucket() string

func (*CertificateAuthority) GetKeySpec

func (*CertificateAuthority) GetLabels

func (x *CertificateAuthority) GetLabels() map[string]string

func (*CertificateAuthority) GetLifetime

func (x *CertificateAuthority) GetLifetime() *durationpb.Duration

func (*CertificateAuthority) GetName

func (x *CertificateAuthority) GetName() string

func (*CertificateAuthority) GetPemCaCertificates

func (x *CertificateAuthority) GetPemCaCertificates() []string

func (*CertificateAuthority) GetState

func (*CertificateAuthority) GetSubordinateConfig

func (x *CertificateAuthority) GetSubordinateConfig() *SubordinateConfig

func (*CertificateAuthority) GetTier

func (x *CertificateAuthority) GetTier() CaPool_Tier

func (*CertificateAuthority) GetType

func (*CertificateAuthority) GetUpdateTime

func (x *CertificateAuthority) GetUpdateTime() *timestamppb.Timestamp

func (*CertificateAuthority) ProtoMessage

func (*CertificateAuthority) ProtoMessage()

func (*CertificateAuthority) ProtoReflect

func (x *CertificateAuthority) ProtoReflect() protoreflect.Message

func (*CertificateAuthority) Reset

func (x *CertificateAuthority) Reset()

func (*CertificateAuthority) String

func (x *CertificateAuthority) String() string

type CertificateAuthorityServiceClient

type CertificateAuthorityServiceClient interface {
	// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
	// in a given Project, Location from a particular
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCertificate(ctx context.Context, in *CreateCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
	GetCertificate(ctx context.Context, in *GetCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
	ListCertificates(ctx context.Context, in *ListCertificatesRequest, opts ...grpc.CallOption) (*ListCertificatesResponse, error)
	// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
	RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
	// Currently, the only field you can update is the
	// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
	UpdateCertificate(ctx context.Context, in *UpdateCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Activate a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type
	// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
	// After the parent Certificate Authority signs a certificate signing request
	// from
	// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
	// this method can complete the activation process.
	ActivateCertificateAuthority(ctx context.Context, in *ActivateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Create a new
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in a given Project and Location.
	CreateCertificateAuthority(ctx context.Context, in *CreateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Disable a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DisableCertificateAuthority(ctx context.Context, in *DisableCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Enable a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	EnableCertificateAuthority(ctx context.Context, in *EnableCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Fetch a certificate signing request (CSR) from a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type
	// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
	// The CSR must then be signed by the desired parent Certificate Authority,
	// which could be another
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// resource, or could be an on-prem certificate authority. See also
	// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
	FetchCertificateAuthorityCsr(ctx context.Context, in *FetchCertificateAuthorityCsrRequest, opts ...grpc.CallOption) (*FetchCertificateAuthorityCsrResponse, error)
	// Returns a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	GetCertificateAuthority(ctx context.Context, in *GetCertificateAuthorityRequest, opts ...grpc.CallOption) (*CertificateAuthority, error)
	// Lists
	// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
	ListCertificateAuthorities(ctx context.Context, in *ListCertificateAuthoritiesRequest, opts ...grpc.CallOption) (*ListCertificateAuthoritiesResponse, error)
	// Undelete a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that has been deleted.
	UndeleteCertificateAuthority(ctx context.Context, in *UndeleteCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Delete a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DeleteCertificateAuthority(ctx context.Context, in *DeleteCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Update a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	UpdateCertificateAuthority(ctx context.Context, in *UpdateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCaPool(ctx context.Context, in *CreateCaPoolRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
	UpdateCaPool(ctx context.Context, in *UpdateCaPoolRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
	GetCaPool(ctx context.Context, in *GetCaPoolRequest, opts ...grpc.CallOption) (*CaPool, error)
	// Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
	ListCaPools(ctx context.Context, in *ListCaPoolsRequest, opts ...grpc.CallOption) (*ListCaPoolsResponse, error)
	// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
	DeleteCaPool(ctx context.Context, in *DeleteCaPoolRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// FetchCaCerts returns the current trust anchor for the
	// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
	// certificate chains for all certificate authorities in the ENABLED,
	// DISABLED, or STAGED states.
	FetchCaCerts(ctx context.Context, in *FetchCaCertsRequest, opts ...grpc.CallOption) (*FetchCaCertsResponse, error)
	// Returns a
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	GetCertificateRevocationList(ctx context.Context, in *GetCertificateRevocationListRequest, opts ...grpc.CallOption) (*CertificateRevocationList, error)
	// Lists
	// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
	ListCertificateRevocationLists(ctx context.Context, in *ListCertificateRevocationListsRequest, opts ...grpc.CallOption) (*ListCertificateRevocationListsResponse, error)
	// Update a
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	UpdateCertificateRevocationList(ctx context.Context, in *UpdateCertificateRevocationListRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Create a new
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// in a given Project and Location.
	CreateCertificateTemplate(ctx context.Context, in *CreateCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// DeleteCertificateTemplate deletes a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	DeleteCertificateTemplate(ctx context.Context, in *DeleteCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Returns a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	GetCertificateTemplate(ctx context.Context, in *GetCertificateTemplateRequest, opts ...grpc.CallOption) (*CertificateTemplate, error)
	// Lists
	// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
	ListCertificateTemplates(ctx context.Context, in *ListCertificateTemplatesRequest, opts ...grpc.CallOption) (*ListCertificateTemplatesResponse, error)
	// Update a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	UpdateCertificateTemplate(ctx context.Context, in *UpdateCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
}

CertificateAuthorityServiceClient is the client API for CertificateAuthorityService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

type CertificateAuthorityServiceServer

type CertificateAuthorityServiceServer interface {
	// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
	// in a given Project, Location from a particular
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCertificate(context.Context, *CreateCertificateRequest) (*Certificate, error)
	// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
	GetCertificate(context.Context, *GetCertificateRequest) (*Certificate, error)
	// Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
	ListCertificates(context.Context, *ListCertificatesRequest) (*ListCertificatesResponse, error)
	// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
	RevokeCertificate(context.Context, *RevokeCertificateRequest) (*Certificate, error)
	// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
	// Currently, the only field you can update is the
	// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
	UpdateCertificate(context.Context, *UpdateCertificateRequest) (*Certificate, error)
	// Activate a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type
	// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
	// After the parent Certificate Authority signs a certificate signing request
	// from
	// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
	// this method can complete the activation process.
	ActivateCertificateAuthority(context.Context, *ActivateCertificateAuthorityRequest) (*longrunningpb.Operation, error)
	// Create a new
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in a given Project and Location.
	CreateCertificateAuthority(context.Context, *CreateCertificateAuthorityRequest) (*longrunningpb.Operation, error)
	// Disable a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DisableCertificateAuthority(context.Context, *DisableCertificateAuthorityRequest) (*longrunningpb.Operation, error)
	// Enable a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	EnableCertificateAuthority(context.Context, *EnableCertificateAuthorityRequest) (*longrunningpb.Operation, error)
	// Fetch a certificate signing request (CSR) from a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type
	// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
	// The CSR must then be signed by the desired parent Certificate Authority,
	// which could be another
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// resource, or could be an on-prem certificate authority. See also
	// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
	FetchCertificateAuthorityCsr(context.Context, *FetchCertificateAuthorityCsrRequest) (*FetchCertificateAuthorityCsrResponse, error)
	// Returns a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	GetCertificateAuthority(context.Context, *GetCertificateAuthorityRequest) (*CertificateAuthority, error)
	// Lists
	// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
	ListCertificateAuthorities(context.Context, *ListCertificateAuthoritiesRequest) (*ListCertificateAuthoritiesResponse, error)
	// Undelete a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that has been deleted.
	UndeleteCertificateAuthority(context.Context, *UndeleteCertificateAuthorityRequest) (*longrunningpb.Operation, error)
	// Delete a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DeleteCertificateAuthority(context.Context, *DeleteCertificateAuthorityRequest) (*longrunningpb.Operation, error)
	// Update a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	UpdateCertificateAuthority(context.Context, *UpdateCertificateAuthorityRequest) (*longrunningpb.Operation, error)
	// Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCaPool(context.Context, *CreateCaPoolRequest) (*longrunningpb.Operation, error)
	// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
	UpdateCaPool(context.Context, *UpdateCaPoolRequest) (*longrunningpb.Operation, error)
	// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
	GetCaPool(context.Context, *GetCaPoolRequest) (*CaPool, error)
	// Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
	ListCaPools(context.Context, *ListCaPoolsRequest) (*ListCaPoolsResponse, error)
	// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
	DeleteCaPool(context.Context, *DeleteCaPoolRequest) (*longrunningpb.Operation, error)
	// FetchCaCerts returns the current trust anchor for the
	// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
	// certificate chains for all certificate authorities in the ENABLED,
	// DISABLED, or STAGED states.
	FetchCaCerts(context.Context, *FetchCaCertsRequest) (*FetchCaCertsResponse, error)
	// Returns a
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	GetCertificateRevocationList(context.Context, *GetCertificateRevocationListRequest) (*CertificateRevocationList, error)
	// Lists
	// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
	ListCertificateRevocationLists(context.Context, *ListCertificateRevocationListsRequest) (*ListCertificateRevocationListsResponse, error)
	// Update a
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	UpdateCertificateRevocationList(context.Context, *UpdateCertificateRevocationListRequest) (*longrunningpb.Operation, error)
	// Create a new
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// in a given Project and Location.
	CreateCertificateTemplate(context.Context, *CreateCertificateTemplateRequest) (*longrunningpb.Operation, error)
	// DeleteCertificateTemplate deletes a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	DeleteCertificateTemplate(context.Context, *DeleteCertificateTemplateRequest) (*longrunningpb.Operation, error)
	// Returns a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	GetCertificateTemplate(context.Context, *GetCertificateTemplateRequest) (*CertificateTemplate, error)
	// Lists
	// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
	ListCertificateTemplates(context.Context, *ListCertificateTemplatesRequest) (*ListCertificateTemplatesResponse, error)
	// Update a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	UpdateCertificateTemplate(context.Context, *UpdateCertificateTemplateRequest) (*longrunningpb.Operation, error)
}

CertificateAuthorityServiceServer is the server API for CertificateAuthorityService service.

type CertificateAuthority_AccessUrls

type CertificateAuthority_AccessUrls struct {

	// The URL where this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
	// CA certificate is published. This will only be set for CAs that have been
	// activated.
	CaCertificateAccessUrl string `` /* 131-byte string literal not displayed */
	// The URLs where this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
	// CRLs are published. This will only be set for CAs that have been
	// activated.
	CrlAccessUrls []string `protobuf:"bytes,2,rep,name=crl_access_urls,json=crlAccessUrls,proto3" json:"crl_access_urls,omitempty"`
	// contains filtered or unexported fields
}

URLs where a CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] will publish content.

func (*CertificateAuthority_AccessUrls) Descriptor deprecated

func (*CertificateAuthority_AccessUrls) Descriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_AccessUrls.ProtoReflect.Descriptor instead.

func (*CertificateAuthority_AccessUrls) GetCaCertificateAccessUrl

func (x *CertificateAuthority_AccessUrls) GetCaCertificateAccessUrl() string

func (*CertificateAuthority_AccessUrls) GetCrlAccessUrls

func (x *CertificateAuthority_AccessUrls) GetCrlAccessUrls() []string

func (*CertificateAuthority_AccessUrls) ProtoMessage

func (*CertificateAuthority_AccessUrls) ProtoMessage()

func (*CertificateAuthority_AccessUrls) ProtoReflect

func (*CertificateAuthority_AccessUrls) Reset

func (*CertificateAuthority_AccessUrls) String

type CertificateAuthority_KeyVersionSpec

type CertificateAuthority_KeyVersionSpec struct {

	// Types that are assignable to KeyVersion:
	//
	//	*CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion
	//	*CertificateAuthority_KeyVersionSpec_Algorithm
	KeyVersion isCertificateAuthority_KeyVersionSpec_KeyVersion `protobuf_oneof:"KeyVersion"`
	// contains filtered or unexported fields
}

A Cloud KMS key configuration that a CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] will use.

func (*CertificateAuthority_KeyVersionSpec) Descriptor deprecated

func (*CertificateAuthority_KeyVersionSpec) Descriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_KeyVersionSpec.ProtoReflect.Descriptor instead.

func (*CertificateAuthority_KeyVersionSpec) GetAlgorithm

func (*CertificateAuthority_KeyVersionSpec) GetCloudKmsKeyVersion

func (x *CertificateAuthority_KeyVersionSpec) GetCloudKmsKeyVersion() string

func (*CertificateAuthority_KeyVersionSpec) GetKeyVersion

func (m *CertificateAuthority_KeyVersionSpec) GetKeyVersion() isCertificateAuthority_KeyVersionSpec_KeyVersion

func (*CertificateAuthority_KeyVersionSpec) ProtoMessage

func (*CertificateAuthority_KeyVersionSpec) ProtoMessage()

func (*CertificateAuthority_KeyVersionSpec) ProtoReflect

func (*CertificateAuthority_KeyVersionSpec) Reset

func (*CertificateAuthority_KeyVersionSpec) String

type CertificateAuthority_KeyVersionSpec_Algorithm

type CertificateAuthority_KeyVersionSpec_Algorithm struct {
	// The algorithm to use for creating a managed Cloud KMS key for a for a
	// simplified experience. All managed keys will be have their
	// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
	Algorithm CertificateAuthority_SignHashAlgorithm `` /* 130-byte string literal not displayed */
}

type CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion

type CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion struct {
	// The resource name for an existing Cloud KMS CryptoKeyVersion in the
	// format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
	// This option enables full flexibility in the key's capabilities and
	// properties.
	CloudKmsKeyVersion string `protobuf:"bytes,1,opt,name=cloud_kms_key_version,json=cloudKmsKeyVersion,proto3,oneof"`
}

type CertificateAuthority_SignHashAlgorithm

type CertificateAuthority_SignHashAlgorithm int32

The algorithm of a Cloud KMS CryptoKeyVersion of a [CryptoKey][google.cloud.kms.v1.CryptoKey] with the [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value `ASYMMETRIC_SIGN`. These values correspond to the [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] values. For RSA signing algorithms, the PSS algorithms should be preferred, use PKCS1 algorithms if required for compatibility. For further recommendations, see https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.

const (
	// Not specified.
	CertificateAuthority_SIGN_HASH_ALGORITHM_UNSPECIFIED CertificateAuthority_SignHashAlgorithm = 0
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
	CertificateAuthority_RSA_PSS_2048_SHA256 CertificateAuthority_SignHashAlgorithm = 1
	// maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
	CertificateAuthority_RSA_PSS_3072_SHA256 CertificateAuthority_SignHashAlgorithm = 2
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
	CertificateAuthority_RSA_PSS_4096_SHA256 CertificateAuthority_SignHashAlgorithm = 3
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
	CertificateAuthority_RSA_PKCS1_2048_SHA256 CertificateAuthority_SignHashAlgorithm = 6
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
	CertificateAuthority_RSA_PKCS1_3072_SHA256 CertificateAuthority_SignHashAlgorithm = 7
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
	CertificateAuthority_RSA_PKCS1_4096_SHA256 CertificateAuthority_SignHashAlgorithm = 8
	// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
	CertificateAuthority_EC_P256_SHA256 CertificateAuthority_SignHashAlgorithm = 4
	// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
	CertificateAuthority_EC_P384_SHA384 CertificateAuthority_SignHashAlgorithm = 5
)

func (CertificateAuthority_SignHashAlgorithm) Descriptor

func (CertificateAuthority_SignHashAlgorithm) Enum

func (CertificateAuthority_SignHashAlgorithm) EnumDescriptor deprecated

func (CertificateAuthority_SignHashAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_SignHashAlgorithm.Descriptor instead.

func (CertificateAuthority_SignHashAlgorithm) Number

func (CertificateAuthority_SignHashAlgorithm) String

func (CertificateAuthority_SignHashAlgorithm) Type

type CertificateAuthority_State

type CertificateAuthority_State int32

The state of a CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority], indicating if it can be used.

const (
	// Not specified.
	CertificateAuthority_STATE_UNSPECIFIED CertificateAuthority_State = 0
	// Certificates can be issued from this CA. CRLs will be generated for this
	// CA. The CA will be part of the
	// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
	// will be used to issue certificates from the
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_ENABLED CertificateAuthority_State = 1
	// Certificates cannot be issued from this CA. CRLs will still be generated.
	// The CA will be part of the
	// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but
	// will not be used to issue certificates from the
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_DISABLED CertificateAuthority_State = 2
	// Certificates can be issued from this CA. CRLs will be generated for this
	// CA. The CA will be part of the
	// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but
	// will not be used to issue certificates from the
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_STAGED CertificateAuthority_State = 3
	// Certificates cannot be issued from this CA. CRLs will not be generated.
	// The CA will not be part of the
	// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
	// will not be used to issue certificates from the
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_AWAITING_USER_ACTIVATION CertificateAuthority_State = 4
	// Certificates cannot be issued from this CA. CRLs will not be generated.
	// The CA may still be recovered by calling
	// [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority]
	// before
	// [expire_time][google.cloud.security.privateca.v1.CertificateAuthority.expire_time].
	// The CA will not be part of the
	// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
	// will not be used to issue certificates from the
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_DELETED CertificateAuthority_State = 5
)

func (CertificateAuthority_State) Descriptor

func (CertificateAuthority_State) Enum

func (CertificateAuthority_State) EnumDescriptor deprecated

func (CertificateAuthority_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_State.Descriptor instead.

func (CertificateAuthority_State) Number

func (CertificateAuthority_State) String

func (CertificateAuthority_State) Type

type CertificateAuthority_Type

type CertificateAuthority_Type int32

The type of a CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority], indicating its issuing chain.

const (
	// Not specified.
	CertificateAuthority_TYPE_UNSPECIFIED CertificateAuthority_Type = 0
	// Self-signed CA.
	CertificateAuthority_SELF_SIGNED CertificateAuthority_Type = 1
	// Subordinate CA. Could be issued by a Private CA
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// or an unmanaged CA.
	CertificateAuthority_SUBORDINATE CertificateAuthority_Type = 2
)

func (CertificateAuthority_Type) Descriptor

func (CertificateAuthority_Type) Enum

func (CertificateAuthority_Type) EnumDescriptor deprecated

func (CertificateAuthority_Type) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_Type.Descriptor instead.

func (CertificateAuthority_Type) Number

func (CertificateAuthority_Type) String

func (x CertificateAuthority_Type) String() string

func (CertificateAuthority_Type) Type

type CertificateConfig

type CertificateConfig struct {

	// Required. Specifies some of the values in a certificate that are related to
	// the subject.
	SubjectConfig *CertificateConfig_SubjectConfig `protobuf:"bytes,1,opt,name=subject_config,json=subjectConfig,proto3" json:"subject_config,omitempty"`
	// Required. Describes how some of the technical X.509 fields in a certificate
	// should be populated.
	X509Config *X509Parameters `protobuf:"bytes,2,opt,name=x509_config,json=x509Config,proto3" json:"x509_config,omitempty"`
	// Optional. The public key that corresponds to this config. This is, for
	// example, used when issuing
	// [Certificates][google.cloud.security.privateca.v1.Certificate], but not
	// when creating a self-signed
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// or
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// CSR.
	PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// Optional. When specified this provides a custom SKI to be used in the
	// certificate. This should only be used to maintain a SKI of an existing CA
	// originally created outside CA service, which was not generated using method
	// (1) described in RFC 5280 section 4.2.1.2.
	SubjectKeyId *CertificateConfig_KeyId `protobuf:"bytes,4,opt,name=subject_key_id,json=subjectKeyId,proto3" json:"subject_key_id,omitempty"`
	// contains filtered or unexported fields
}

A CertificateConfig[google.cloud.security.privateca.v1.CertificateConfig] describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.

func (*CertificateConfig) Descriptor deprecated

func (*CertificateConfig) Descriptor() ([]byte, []int)

Deprecated: Use CertificateConfig.ProtoReflect.Descriptor instead.

func (*CertificateConfig) GetPublicKey

func (x *CertificateConfig) GetPublicKey() *PublicKey

func (*CertificateConfig) GetSubjectConfig

func (x *CertificateConfig) GetSubjectConfig() *CertificateConfig_SubjectConfig

func (*CertificateConfig) GetSubjectKeyId added in v1.15.6

func (x *CertificateConfig) GetSubjectKeyId() *CertificateConfig_KeyId

func (*CertificateConfig) GetX509Config

func (x *CertificateConfig) GetX509Config() *X509Parameters

func (*CertificateConfig) ProtoMessage

func (*CertificateConfig) ProtoMessage()

func (*CertificateConfig) ProtoReflect

func (x *CertificateConfig) ProtoReflect() protoreflect.Message

func (*CertificateConfig) Reset

func (x *CertificateConfig) Reset()

func (*CertificateConfig) String

func (x *CertificateConfig) String() string

type CertificateConfig_KeyId added in v1.15.6

type CertificateConfig_KeyId struct {

	// Required. The value of this KeyId encoded in lowercase hexadecimal. This
	// is most likely the 160 bit SHA-1 hash of the public key.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// contains filtered or unexported fields
}

A KeyId identifies a specific public key, usually by hashing the public key.

func (*CertificateConfig_KeyId) Descriptor deprecated added in v1.15.6

func (*CertificateConfig_KeyId) Descriptor() ([]byte, []int)

Deprecated: Use CertificateConfig_KeyId.ProtoReflect.Descriptor instead.

func (*CertificateConfig_KeyId) GetKeyId added in v1.15.6

func (x *CertificateConfig_KeyId) GetKeyId() string

func (*CertificateConfig_KeyId) ProtoMessage added in v1.15.6

func (*CertificateConfig_KeyId) ProtoMessage()

func (*CertificateConfig_KeyId) ProtoReflect added in v1.15.6

func (x *CertificateConfig_KeyId) ProtoReflect() protoreflect.Message

func (*CertificateConfig_KeyId) Reset added in v1.15.6

func (x *CertificateConfig_KeyId) Reset()

func (*CertificateConfig_KeyId) String added in v1.15.6

func (x *CertificateConfig_KeyId) String() string

type CertificateConfig_SubjectConfig

type CertificateConfig_SubjectConfig struct {

	// Optional. Contains distinguished name fields such as the common name,
	// location and organization.
	Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
	// Optional. The subject alternative name fields.
	SubjectAltName *SubjectAltNames `protobuf:"bytes,2,opt,name=subject_alt_name,json=subjectAltName,proto3" json:"subject_alt_name,omitempty"`
	// contains filtered or unexported fields
}

These values are used to create the distinguished name and subject alternative name fields in an X.509 certificate.

func (*CertificateConfig_SubjectConfig) Descriptor deprecated

func (*CertificateConfig_SubjectConfig) Descriptor() ([]byte, []int)

Deprecated: Use CertificateConfig_SubjectConfig.ProtoReflect.Descriptor instead.

func (*CertificateConfig_SubjectConfig) GetSubject

func (x *CertificateConfig_SubjectConfig) GetSubject() *Subject

func (*CertificateConfig_SubjectConfig) GetSubjectAltName

func (x *CertificateConfig_SubjectConfig) GetSubjectAltName() *SubjectAltNames

func (*CertificateConfig_SubjectConfig) ProtoMessage

func (*CertificateConfig_SubjectConfig) ProtoMessage()

func (*CertificateConfig_SubjectConfig) ProtoReflect

func (*CertificateConfig_SubjectConfig) Reset

func (*CertificateConfig_SubjectConfig) String

type CertificateDescription

type CertificateDescription struct {

	// Describes some of the values in a certificate that are related to the
	// subject and lifetime.
	SubjectDescription *CertificateDescription_SubjectDescription `protobuf:"bytes,1,opt,name=subject_description,json=subjectDescription,proto3" json:"subject_description,omitempty"`
	// Describes some of the technical X.509 fields in a certificate.
	X509Description *X509Parameters `protobuf:"bytes,2,opt,name=x509_description,json=x509Description,proto3" json:"x509_description,omitempty"`
	// The public key that corresponds to an issued certificate.
	PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// Provides a means of identifiying certificates that contain a particular
	// public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
	SubjectKeyId *CertificateDescription_KeyId `protobuf:"bytes,4,opt,name=subject_key_id,json=subjectKeyId,proto3" json:"subject_key_id,omitempty"`
	// Identifies the subject_key_id of the parent certificate, per
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.1
	AuthorityKeyId *CertificateDescription_KeyId `protobuf:"bytes,5,opt,name=authority_key_id,json=authorityKeyId,proto3" json:"authority_key_id,omitempty"`
	// Describes a list of locations to obtain CRL information, i.e.
	// the DistributionPoint.fullName described by
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.13
	CrlDistributionPoints []string `` /* 126-byte string literal not displayed */
	// Describes lists of issuer CA certificate URLs that appear in the
	// "Authority Information Access" extension in the certificate.
	AiaIssuingCertificateUrls []string `` /* 140-byte string literal not displayed */
	// The hash of the x.509 certificate.
	CertFingerprint *CertificateDescription_CertificateFingerprint `protobuf:"bytes,8,opt,name=cert_fingerprint,json=certFingerprint,proto3" json:"cert_fingerprint,omitempty"`
	// contains filtered or unexported fields
}

A CertificateDescription[google.cloud.security.privateca.v1.CertificateDescription] describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.

func (*CertificateDescription) Descriptor deprecated

func (*CertificateDescription) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription.ProtoReflect.Descriptor instead.

func (*CertificateDescription) GetAiaIssuingCertificateUrls

func (x *CertificateDescription) GetAiaIssuingCertificateUrls() []string

func (*CertificateDescription) GetAuthorityKeyId

func (x *CertificateDescription) GetAuthorityKeyId() *CertificateDescription_KeyId

func (*CertificateDescription) GetCertFingerprint

func (*CertificateDescription) GetCrlDistributionPoints

func (x *CertificateDescription) GetCrlDistributionPoints() []string

func (*CertificateDescription) GetPublicKey

func (x *CertificateDescription) GetPublicKey() *PublicKey

func (*CertificateDescription) GetSubjectDescription

func (*CertificateDescription) GetSubjectKeyId

func (*CertificateDescription) GetX509Description

func (x *CertificateDescription) GetX509Description() *X509Parameters

func (*CertificateDescription) ProtoMessage

func (*CertificateDescription) ProtoMessage()

func (*CertificateDescription) ProtoReflect

func (x *CertificateDescription) ProtoReflect() protoreflect.Message

func (*CertificateDescription) Reset

func (x *CertificateDescription) Reset()

func (*CertificateDescription) String

func (x *CertificateDescription) String() string

type CertificateDescription_CertificateFingerprint

type CertificateDescription_CertificateFingerprint struct {

	// The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
	Sha256Hash string `protobuf:"bytes,1,opt,name=sha256_hash,json=sha256Hash,proto3" json:"sha256_hash,omitempty"`
	// contains filtered or unexported fields
}

A group of fingerprints for the x509 certificate.

func (*CertificateDescription_CertificateFingerprint) Descriptor deprecated

Deprecated: Use CertificateDescription_CertificateFingerprint.ProtoReflect.Descriptor instead.

func (*CertificateDescription_CertificateFingerprint) GetSha256Hash

func (*CertificateDescription_CertificateFingerprint) ProtoMessage

func (*CertificateDescription_CertificateFingerprint) ProtoReflect

func (*CertificateDescription_CertificateFingerprint) Reset

func (*CertificateDescription_CertificateFingerprint) String

type CertificateDescription_KeyId

type CertificateDescription_KeyId struct {

	// Optional. The value of this KeyId encoded in lowercase hexadecimal. This
	// is most likely the 160 bit SHA-1 hash of the public key.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// contains filtered or unexported fields
}

A KeyId identifies a specific public key, usually by hashing the public key.

func (*CertificateDescription_KeyId) Descriptor deprecated

func (*CertificateDescription_KeyId) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription_KeyId.ProtoReflect.Descriptor instead.

func (*CertificateDescription_KeyId) GetKeyId

func (x *CertificateDescription_KeyId) GetKeyId() string

func (*CertificateDescription_KeyId) ProtoMessage

func (*CertificateDescription_KeyId) ProtoMessage()

func (*CertificateDescription_KeyId) ProtoReflect

func (*CertificateDescription_KeyId) Reset

func (x *CertificateDescription_KeyId) Reset()

func (*CertificateDescription_KeyId) String

type CertificateDescription_SubjectDescription

type CertificateDescription_SubjectDescription struct {

	// Contains distinguished name fields such as the common name, location and
	// / organization.
	Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
	// The subject alternative name fields.
	SubjectAltName *SubjectAltNames `protobuf:"bytes,2,opt,name=subject_alt_name,json=subjectAltName,proto3" json:"subject_alt_name,omitempty"`
	// The serial number encoded in lowercase hexadecimal.
	HexSerialNumber string `protobuf:"bytes,3,opt,name=hex_serial_number,json=hexSerialNumber,proto3" json:"hex_serial_number,omitempty"`
	// For convenience, the actual lifetime of an issued certificate.
	Lifetime *durationpb.Duration `protobuf:"bytes,4,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// The time at which the certificate becomes valid.
	NotBeforeTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=not_before_time,json=notBeforeTime,proto3" json:"not_before_time,omitempty"`
	// The time after which the certificate is expired.
	// Per RFC 5280, the validity period for a certificate is the period of time
	// from not_before_time through not_after_time, inclusive.
	// Corresponds to 'not_before_time' + 'lifetime' - 1 second.
	NotAfterTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=not_after_time,json=notAfterTime,proto3" json:"not_after_time,omitempty"`
	// contains filtered or unexported fields
}

These values describe fields in an issued X.509 certificate such as the distinguished name, subject alternative names, serial number, and lifetime.

func (*CertificateDescription_SubjectDescription) Descriptor deprecated

func (*CertificateDescription_SubjectDescription) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription_SubjectDescription.ProtoReflect.Descriptor instead.

func (*CertificateDescription_SubjectDescription) GetHexSerialNumber

func (x *CertificateDescription_SubjectDescription) GetHexSerialNumber() string

func (*CertificateDescription_SubjectDescription) GetLifetime

func (*CertificateDescription_SubjectDescription) GetNotAfterTime

func (*CertificateDescription_SubjectDescription) GetNotBeforeTime

func (*CertificateDescription_SubjectDescription) GetSubject

func (*CertificateDescription_SubjectDescription) GetSubjectAltName

func (*CertificateDescription_SubjectDescription) ProtoMessage

func (*CertificateDescription_SubjectDescription) ProtoReflect

func (*CertificateDescription_SubjectDescription) Reset

func (*CertificateDescription_SubjectDescription) String

type CertificateExtensionConstraints

type CertificateExtensionConstraints struct {

	// Optional. A set of named X.509 extensions. Will be combined with
	// [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions]
	// to determine the full set of X.509 extensions.
	KnownExtensions []CertificateExtensionConstraints_KnownCertificateExtension `` /* 212-byte string literal not displayed */
	// Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId]
	// identifying custom X.509 extensions. Will be combined with
	// [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions]
	// to determine the full set of X.509 extensions.
	AdditionalExtensions []*ObjectId `protobuf:"bytes,2,rep,name=additional_extensions,json=additionalExtensions,proto3" json:"additional_extensions,omitempty"`
	// contains filtered or unexported fields
}

Describes a set of X.509 extensions that may be part of some certificate issuance controls.

func (*CertificateExtensionConstraints) Descriptor deprecated

func (*CertificateExtensionConstraints) Descriptor() ([]byte, []int)

Deprecated: Use CertificateExtensionConstraints.ProtoReflect.Descriptor instead.

func (*CertificateExtensionConstraints) GetAdditionalExtensions

func (x *CertificateExtensionConstraints) GetAdditionalExtensions() []*ObjectId

func (*CertificateExtensionConstraints) GetKnownExtensions

func (*CertificateExtensionConstraints) ProtoMessage

func (*CertificateExtensionConstraints) ProtoMessage()

func (*CertificateExtensionConstraints) ProtoReflect

func (*CertificateExtensionConstraints) Reset

func (*CertificateExtensionConstraints) String

type CertificateExtensionConstraints_KnownCertificateExtension

type CertificateExtensionConstraints_KnownCertificateExtension int32

Describes well-known X.509 extensions that can appear in a Certificate[google.cloud.security.privateca.v1.Certificate], not including the SubjectAltNames[google.cloud.security.privateca.v1.SubjectAltNames] extension.

const (
	// Not specified.
	CertificateExtensionConstraints_KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED CertificateExtensionConstraints_KnownCertificateExtension = 0
	// Refers to a certificate's Key Usage extension, as described in [RFC 5280
	// section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
	// This corresponds to the
	// [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage]
	// field.
	CertificateExtensionConstraints_BASE_KEY_USAGE CertificateExtensionConstraints_KnownCertificateExtension = 1
	// Refers to a certificate's Extended Key Usage extension, as described in
	// [RFC 5280
	// section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
	// This corresponds to the
	// [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage]
	// message.
	CertificateExtensionConstraints_EXTENDED_KEY_USAGE CertificateExtensionConstraints_KnownCertificateExtension = 2
	// Refers to a certificate's Basic Constraints extension, as described in
	// [RFC 5280
	// section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
	// This corresponds to the
	// [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options]
	// field.
	CertificateExtensionConstraints_CA_OPTIONS CertificateExtensionConstraints_KnownCertificateExtension = 3
	// Refers to a certificate's Policy object identifiers, as described in
	// [RFC 5280
	// section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
	// This corresponds to the
	// [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids]
	// field.
	CertificateExtensionConstraints_POLICY_IDS CertificateExtensionConstraints_KnownCertificateExtension = 4
	// Refers to OCSP servers in a certificate's Authority Information Access
	// extension, as described in
	// [RFC 5280
	// section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
	// This corresponds to the
	// [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers]
	// field.
	CertificateExtensionConstraints_AIA_OCSP_SERVERS CertificateExtensionConstraints_KnownCertificateExtension = 5
	// Refers to Name Constraints extension as described in
	// [RFC 5280
	// section 4.2.1.10](https://tools.ietf.org/html/rfc5280#section-4.2.1.10)
	CertificateExtensionConstraints_NAME_CONSTRAINTS CertificateExtensionConstraints_KnownCertificateExtension = 6
)

func (CertificateExtensionConstraints_KnownCertificateExtension) Descriptor

func (CertificateExtensionConstraints_KnownCertificateExtension) Enum

func (CertificateExtensionConstraints_KnownCertificateExtension) EnumDescriptor deprecated

Deprecated: Use CertificateExtensionConstraints_KnownCertificateExtension.Descriptor instead.

func (CertificateExtensionConstraints_KnownCertificateExtension) Number

func (CertificateExtensionConstraints_KnownCertificateExtension) String

func (CertificateExtensionConstraints_KnownCertificateExtension) Type

type CertificateIdentityConstraints

type CertificateIdentityConstraints struct {

	// Optional. A CEL expression that may be used to validate the resolved X.509
	// Subject and/or Subject Alternative Name before a certificate is signed. To
	// see the full allowed syntax and some examples, see
	// https://cloud.google.com/certificate-authority-service/docs/using-cel
	CelExpression *expr.Expr `protobuf:"bytes,1,opt,name=cel_expression,json=celExpression,proto3" json:"cel_expression,omitempty"`
	// Required. If this is true, the
	// [Subject][google.cloud.security.privateca.v1.Subject] field may be copied
	// from a certificate request into the signed certificate. Otherwise, the
	// requested [Subject][google.cloud.security.privateca.v1.Subject] will be
	// discarded.
	AllowSubjectPassthrough *bool `` /* 139-byte string literal not displayed */
	// Required. If this is true, the
	// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
	// extension may be copied from a certificate request into the signed
	// certificate. Otherwise, the requested
	// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will
	// be discarded.
	AllowSubjectAltNamesPassthrough *bool `` /* 167-byte string literal not displayed */
	// contains filtered or unexported fields
}

Describes constraints on a Certificate[google.cloud.security.privateca.v1.Certificate]'s Subject[google.cloud.security.privateca.v1.Subject] and SubjectAltNames[google.cloud.security.privateca.v1.SubjectAltNames].

func (*CertificateIdentityConstraints) Descriptor deprecated

func (*CertificateIdentityConstraints) Descriptor() ([]byte, []int)

Deprecated: Use CertificateIdentityConstraints.ProtoReflect.Descriptor instead.

func (*CertificateIdentityConstraints) GetAllowSubjectAltNamesPassthrough

func (x *CertificateIdentityConstraints) GetAllowSubjectAltNamesPassthrough() bool

func (*CertificateIdentityConstraints) GetAllowSubjectPassthrough

func (x *CertificateIdentityConstraints) GetAllowSubjectPassthrough() bool

func (*CertificateIdentityConstraints) GetCelExpression

func (x *CertificateIdentityConstraints) GetCelExpression() *expr.Expr

func (*CertificateIdentityConstraints) ProtoMessage

func (*CertificateIdentityConstraints) ProtoMessage()

func (*CertificateIdentityConstraints) ProtoReflect

func (*CertificateIdentityConstraints) Reset

func (x *CertificateIdentityConstraints) Reset()

func (*CertificateIdentityConstraints) String

type CertificateRevocationList

type CertificateRevocationList struct {

	// Output only. The resource name for this
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
	// in the format `projects/*/locations/*/caPools/*certificateAuthorities/*/
	//
	//	certificateRevocationLists/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The CRL sequence number that appears in pem_crl.
	SequenceNumber int64 `protobuf:"varint,2,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"`
	// Output only. The revoked serial numbers that appear in pem_crl.
	RevokedCertificates []*CertificateRevocationList_RevokedCertificate `protobuf:"bytes,3,rep,name=revoked_certificates,json=revokedCertificates,proto3" json:"revoked_certificates,omitempty"`
	// Output only. The PEM-encoded X.509 CRL.
	PemCrl string `protobuf:"bytes,4,opt,name=pem_crl,json=pemCrl,proto3" json:"pem_crl,omitempty"`
	// Output only. The location where 'pem_crl' can be accessed.
	AccessUrl string `protobuf:"bytes,5,opt,name=access_url,json=accessUrl,proto3" json:"access_url,omitempty"`
	// Output only. The
	// [State][google.cloud.security.privateca.v1.CertificateRevocationList.State]
	// for this
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	State CertificateRevocationList_State `` /* 136-byte string literal not displayed */
	// Output only. The time at which this
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
	// was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
	// was updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Output only. The revision ID of this
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	// A new revision is committed whenever a new CRL is published. The format is
	// an 8-character hexadecimal string.
	RevisionId string `protobuf:"bytes,9,opt,name=revision_id,json=revisionId,proto3" json:"revision_id,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CertificateRevocationList[google.cloud.security.privateca.v1.CertificateRevocationList] corresponds to a signed X.509 certificate Revocation List (CRL). A CRL contains the serial numbers of certificates that should no longer be trusted.

func (*CertificateRevocationList) Descriptor deprecated

func (*CertificateRevocationList) Descriptor() ([]byte, []int)

Deprecated: Use CertificateRevocationList.ProtoReflect.Descriptor instead.

func (*CertificateRevocationList) GetAccessUrl

func (x *CertificateRevocationList) GetAccessUrl() string

func (*CertificateRevocationList) GetCreateTime

func (x *CertificateRevocationList) GetCreateTime() *timestamppb.Timestamp

func (*CertificateRevocationList) GetLabels

func (x *CertificateRevocationList) GetLabels() map[string]string

func (*CertificateRevocationList) GetName

func (x *CertificateRevocationList) GetName() string

func (*CertificateRevocationList) GetPemCrl

func (x *CertificateRevocationList) GetPemCrl() string

func (*CertificateRevocationList) GetRevisionId

func (x *CertificateRevocationList) GetRevisionId() string

func (*CertificateRevocationList) GetRevokedCertificates

func (*CertificateRevocationList) GetSequenceNumber

func (x *CertificateRevocationList) GetSequenceNumber() int64

func (*CertificateRevocationList) GetState

func (*CertificateRevocationList) GetUpdateTime

func (x *CertificateRevocationList) GetUpdateTime() *timestamppb.Timestamp

func (*CertificateRevocationList) ProtoMessage

func (*CertificateRevocationList) ProtoMessage()

func (*CertificateRevocationList) ProtoReflect

func (*CertificateRevocationList) Reset

func (x *CertificateRevocationList) Reset()

func (*CertificateRevocationList) String

func (x *CertificateRevocationList) String() string

type CertificateRevocationList_RevokedCertificate

type CertificateRevocationList_RevokedCertificate struct {

	// The resource name for the
	// [Certificate][google.cloud.security.privateca.v1.Certificate] in the
	// format `projects/*/locations/*/caPools/*/certificates/*`.
	Certificate string `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// The serial number of the
	// [Certificate][google.cloud.security.privateca.v1.Certificate].
	HexSerialNumber string `protobuf:"bytes,2,opt,name=hex_serial_number,json=hexSerialNumber,proto3" json:"hex_serial_number,omitempty"`
	// The reason the
	// [Certificate][google.cloud.security.privateca.v1.Certificate] was
	// revoked.
	RevocationReason RevocationReason `` /* 167-byte string literal not displayed */
	// contains filtered or unexported fields
}

Describes a revoked Certificate[google.cloud.security.privateca.v1.Certificate].

func (*CertificateRevocationList_RevokedCertificate) Descriptor deprecated

Deprecated: Use CertificateRevocationList_RevokedCertificate.ProtoReflect.Descriptor instead.

func (*CertificateRevocationList_RevokedCertificate) GetCertificate

func (*CertificateRevocationList_RevokedCertificate) GetHexSerialNumber

func (x *CertificateRevocationList_RevokedCertificate) GetHexSerialNumber() string

func (*CertificateRevocationList_RevokedCertificate) GetRevocationReason

func (*CertificateRevocationList_RevokedCertificate) ProtoMessage

func (*CertificateRevocationList_RevokedCertificate) ProtoReflect

func (*CertificateRevocationList_RevokedCertificate) Reset

func (*CertificateRevocationList_RevokedCertificate) String

type CertificateRevocationList_State

type CertificateRevocationList_State int32

The state of a CertificateRevocationList[google.cloud.security.privateca.v1.CertificateRevocationList], indicating if it is current.

const (
	// Not specified.
	CertificateRevocationList_STATE_UNSPECIFIED CertificateRevocationList_State = 0
	// The
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
	// is up to date.
	CertificateRevocationList_ACTIVE CertificateRevocationList_State = 1
	// The
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
	// is no longer current.
	CertificateRevocationList_SUPERSEDED CertificateRevocationList_State = 2
)

func (CertificateRevocationList_State) Descriptor

func (CertificateRevocationList_State) Enum

func (CertificateRevocationList_State) EnumDescriptor deprecated

func (CertificateRevocationList_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateRevocationList_State.Descriptor instead.

func (CertificateRevocationList_State) Number

func (CertificateRevocationList_State) String

func (CertificateRevocationList_State) Type

type CertificateTemplate

type CertificateTemplate struct {

	// Output only. The resource name for this
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// in the format `projects/*/locations/*/certificateTemplates/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. The maximum lifetime allowed for issued
	// [Certificates][google.cloud.security.privateca.v1.Certificate] that use
	// this template. If the issuing
	// [CaPool][google.cloud.security.privateca.v1.CaPool] resource's
	// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
	// specifies a
	// [maximum_lifetime][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.maximum_lifetime]
	// the minimum of the two durations will be the maximum lifetime for issued
	// [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
	// if the issuing
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// expires before a
	// [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
	// maximum_lifetime, the effective lifetime will be explicitly truncated
	//
	//	to match it.
	MaximumLifetime *durationpb.Duration `protobuf:"bytes,9,opt,name=maximum_lifetime,json=maximumLifetime,proto3" json:"maximum_lifetime,omitempty"`
	// Optional. A set of X.509 values that will be applied to all issued
	// certificates that use this template. If the certificate request includes
	// conflicting values for the same properties, they will be overwritten by the
	// values defined here. If the issuing
	// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
	// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
	// defines conflicting
	// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
	// for the same properties, the certificate issuance request will fail.
	PredefinedValues *X509Parameters `protobuf:"bytes,2,opt,name=predefined_values,json=predefinedValues,proto3" json:"predefined_values,omitempty"`
	// Optional. Describes constraints on identities that may be appear in
	// [Certificates][google.cloud.security.privateca.v1.Certificate] issued using
	// this template. If this is omitted, then this template will not add
	// restrictions on a certificate's identity.
	IdentityConstraints *CertificateIdentityConstraints `protobuf:"bytes,3,opt,name=identity_constraints,json=identityConstraints,proto3" json:"identity_constraints,omitempty"`
	// Optional. Describes the set of X.509 extensions that may appear in a
	// [Certificate][google.cloud.security.privateca.v1.Certificate] issued using
	// this
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	// If a certificate request sets extensions that don't appear in the
	// [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions],
	// those extensions will be dropped. If the issuing
	// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
	// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
	// defines
	// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
	// that don't appear here, the certificate issuance request will fail. If this
	// is omitted, then this template will not add restrictions on a certificate's
	// X.509 extensions. These constraints do not apply to X.509 extensions set in
	// this
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s
	// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
	PassthroughExtensions *CertificateExtensionConstraints `protobuf:"bytes,4,opt,name=passthrough_extensions,json=passthroughExtensions,proto3" json:"passthrough_extensions,omitempty"`
	// Optional. A human-readable description of scenarios this template is
	// intended for.
	Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`
	// Output only. The time at which this
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// was updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 153-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CertificateTemplate[google.cloud.security.privateca.v1.CertificateTemplate] refers to a managed template for certificate issuance.

func (*CertificateTemplate) Descriptor deprecated

func (*CertificateTemplate) Descriptor() ([]byte, []int)

Deprecated: Use CertificateTemplate.ProtoReflect.Descriptor instead.

func (*CertificateTemplate) GetCreateTime

func (x *CertificateTemplate) GetCreateTime() *timestamppb.Timestamp

func (*CertificateTemplate) GetDescription

func (x *CertificateTemplate) GetDescription() string

func (*CertificateTemplate) GetIdentityConstraints

func (x *CertificateTemplate) GetIdentityConstraints() *CertificateIdentityConstraints

func (*CertificateTemplate) GetLabels

func (x *CertificateTemplate) GetLabels() map[string]string

func (*CertificateTemplate) GetMaximumLifetime added in v1.15.6

func (x *CertificateTemplate) GetMaximumLifetime() *durationpb.Duration

func (*CertificateTemplate) GetName

func (x *CertificateTemplate) GetName() string

func (*CertificateTemplate) GetPassthroughExtensions

func (x *CertificateTemplate) GetPassthroughExtensions() *CertificateExtensionConstraints

func (*CertificateTemplate) GetPredefinedValues

func (x *CertificateTemplate) GetPredefinedValues() *X509Parameters

func (*CertificateTemplate) GetUpdateTime

func (x *CertificateTemplate) GetUpdateTime() *timestamppb.Timestamp

func (*CertificateTemplate) ProtoMessage

func (*CertificateTemplate) ProtoMessage()

func (*CertificateTemplate) ProtoReflect

func (x *CertificateTemplate) ProtoReflect() protoreflect.Message

func (*CertificateTemplate) Reset

func (x *CertificateTemplate) Reset()

func (*CertificateTemplate) String

func (x *CertificateTemplate) String() string

type Certificate_Config

type Certificate_Config struct {
	// Immutable. A description of the certificate and key that does not require
	// X.509 or ASN.1.
	Config *CertificateConfig `protobuf:"bytes,3,opt,name=config,proto3,oneof"`
}

type Certificate_PemCsr

type Certificate_PemCsr struct {
	// Immutable. A pem-encoded X.509 certificate signing request (CSR).
	PemCsr string `protobuf:"bytes,2,opt,name=pem_csr,json=pemCsr,proto3,oneof"`
}

type Certificate_RevocationDetails

type Certificate_RevocationDetails struct {

	// Indicates why a
	// [Certificate][google.cloud.security.privateca.v1.Certificate] was
	// revoked.
	RevocationState RevocationReason `` /* 164-byte string literal not displayed */
	// The time at which this
	// [Certificate][google.cloud.security.privateca.v1.Certificate] was
	// revoked.
	RevocationTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=revocation_time,json=revocationTime,proto3" json:"revocation_time,omitempty"`
	// contains filtered or unexported fields
}

Describes fields that are relavent to the revocation of a Certificate[google.cloud.security.privateca.v1.Certificate].

func (*Certificate_RevocationDetails) Descriptor deprecated

func (*Certificate_RevocationDetails) Descriptor() ([]byte, []int)

Deprecated: Use Certificate_RevocationDetails.ProtoReflect.Descriptor instead.

func (*Certificate_RevocationDetails) GetRevocationState

func (x *Certificate_RevocationDetails) GetRevocationState() RevocationReason

func (*Certificate_RevocationDetails) GetRevocationTime

func (x *Certificate_RevocationDetails) GetRevocationTime() *timestamppb.Timestamp

func (*Certificate_RevocationDetails) ProtoMessage

func (*Certificate_RevocationDetails) ProtoMessage()

func (*Certificate_RevocationDetails) ProtoReflect

func (*Certificate_RevocationDetails) Reset

func (x *Certificate_RevocationDetails) Reset()

func (*Certificate_RevocationDetails) String

type CreateCaPoolRequest

type CreateCaPoolRequest struct {

	// Required. The resource name of the location associated with the
	// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	CaPoolId string `protobuf:"bytes,2,opt,name=ca_pool_id,json=caPoolId,proto3" json:"ca_pool_id,omitempty"`
	// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
	// initial field values.
	CaPool *CaPool `protobuf:"bytes,3,opt,name=ca_pool,json=caPool,proto3" json:"ca_pool,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and
	// the request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.CreateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool].

func (*CreateCaPoolRequest) Descriptor deprecated

func (*CreateCaPoolRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCaPoolRequest.ProtoReflect.Descriptor instead.

func (*CreateCaPoolRequest) GetCaPool

func (x *CreateCaPoolRequest) GetCaPool() *CaPool

func (*CreateCaPoolRequest) GetCaPoolId

func (x *CreateCaPoolRequest) GetCaPoolId() string

func (*CreateCaPoolRequest) GetParent

func (x *CreateCaPoolRequest) GetParent() string

func (*CreateCaPoolRequest) GetRequestId

func (x *CreateCaPoolRequest) GetRequestId() string

func (*CreateCaPoolRequest) ProtoMessage

func (*CreateCaPoolRequest) ProtoMessage()

func (*CreateCaPoolRequest) ProtoReflect

func (x *CreateCaPoolRequest) ProtoReflect() protoreflect.Message

func (*CreateCaPoolRequest) Reset

func (x *CreateCaPoolRequest) Reset()

func (*CreateCaPoolRequest) String

func (x *CreateCaPoolRequest) String() string

type CreateCertificateAuthorityRequest

type CreateCertificateAuthorityRequest struct {

	// Required. The resource name of the
	// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
	// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
	// in the format `projects/*/locations/*/caPools/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	CertificateAuthorityId string `` /* 129-byte string literal not displayed */
	// Required. A
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// with initial field values.
	CertificateAuthority *CertificateAuthority `protobuf:"bytes,3,opt,name=certificate_authority,json=certificateAuthority,proto3" json:"certificate_authority,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and
	// the request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority].

func (*CreateCertificateAuthorityRequest) Descriptor deprecated

func (*CreateCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*CreateCertificateAuthorityRequest) GetCertificateAuthority

func (x *CreateCertificateAuthorityRequest) GetCertificateAuthority() *CertificateAuthority

func (*CreateCertificateAuthorityRequest) GetCertificateAuthorityId

func (x *CreateCertificateAuthorityRequest) GetCertificateAuthorityId() string

func (*CreateCertificateAuthorityRequest) GetParent

func (*CreateCertificateAuthorityRequest) GetRequestId

func (x *CreateCertificateAuthorityRequest) GetRequestId() string

func (*CreateCertificateAuthorityRequest) ProtoMessage

func (*CreateCertificateAuthorityRequest) ProtoMessage()

func (*CreateCertificateAuthorityRequest) ProtoReflect

func (*CreateCertificateAuthorityRequest) Reset

func (*CreateCertificateAuthorityRequest) String

type CreateCertificateRequest

type CreateCertificateRequest struct {

	// Required. The resource name of the
	// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
	// [Certificate][google.cloud.security.privateca.v1.Certificate], in the
	// format `projects/*/locations/*/caPools/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in the Enterprise [CertificateAuthority.Tier][], but is optional and its
	// value is ignored otherwise.
	CertificateId string `protobuf:"bytes,2,opt,name=certificate_id,json=certificateId,proto3" json:"certificate_id,omitempty"`
	// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
	// with initial field values.
	Certificate *Certificate `protobuf:"bytes,3,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and the
	// request times out. If you make the request again with the same request ID,
	// the server can check if original operation with the same request ID was
	// received, and if so, will ignore the second request. This prevents clients
	// from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// Optional. If this is true, no
	// [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
	// be persisted regardless of the
	// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
	// [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
	// [Certificate][google.cloud.security.privateca.v1.Certificate] will not
	// contain the
	// [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
	// field.
	ValidateOnly bool `protobuf:"varint,5,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
	// Optional. The resource ID of the
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that should issue the certificate.  This optional field will ignore the
	// load-balancing scheme of the Pool and directly issue the certificate from
	// the CA with the specified ID, contained in the same
	// [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
	// Per-CA quota rules apply. If left empty, a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
	// by the service. For example, to issue a
	// [Certificate][google.cloud.security.privateca.v1.Certificate] from a
	// Certificate Authority with resource name
	// "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
	// you can set the
	// [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
	// to "projects/my-project/locations/us-central1/caPools/my-pool" and the
	// [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
	// to "my-ca".
	IssuingCertificateAuthorityId string `` /* 152-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].

func (*CreateCertificateRequest) Descriptor deprecated

func (*CreateCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCertificateRequest.ProtoReflect.Descriptor instead.

func (*CreateCertificateRequest) GetCertificate

func (x *CreateCertificateRequest) GetCertificate() *Certificate

func (*CreateCertificateRequest) GetCertificateId

func (x *CreateCertificateRequest) GetCertificateId() string

func (*CreateCertificateRequest) GetIssuingCertificateAuthorityId

func (x *CreateCertificateRequest) GetIssuingCertificateAuthorityId() string

func (*CreateCertificateRequest) GetParent

func (x *CreateCertificateRequest) GetParent() string

func (*CreateCertificateRequest) GetRequestId

func (x *CreateCertificateRequest) GetRequestId() string

func (*CreateCertificateRequest) GetValidateOnly

func (x *CreateCertificateRequest) GetValidateOnly() bool

func (*CreateCertificateRequest) ProtoMessage

func (*CreateCertificateRequest) ProtoMessage()

func (*CreateCertificateRequest) ProtoReflect

func (x *CreateCertificateRequest) ProtoReflect() protoreflect.Message

func (*CreateCertificateRequest) Reset

func (x *CreateCertificateRequest) Reset()

func (*CreateCertificateRequest) String

func (x *CreateCertificateRequest) String() string

type CreateCertificateTemplateRequest

type CreateCertificateTemplateRequest struct {

	// Required. The resource name of the location associated with the
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
	// in the format `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	CertificateTemplateId string `` /* 126-byte string literal not displayed */
	// Required. A
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// with initial field values.
	CertificateTemplate *CertificateTemplate `protobuf:"bytes,3,opt,name=certificate_template,json=certificateTemplate,proto3" json:"certificate_template,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and
	// the request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.CreateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate].

func (*CreateCertificateTemplateRequest) Descriptor deprecated

func (*CreateCertificateTemplateRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCertificateTemplateRequest.ProtoReflect.Descriptor instead.

func (*CreateCertificateTemplateRequest) GetCertificateTemplate

func (x *CreateCertificateTemplateRequest) GetCertificateTemplate() *CertificateTemplate

func (*CreateCertificateTemplateRequest) GetCertificateTemplateId

func (x *CreateCertificateTemplateRequest) GetCertificateTemplateId() string

func (*CreateCertificateTemplateRequest) GetParent

func (*CreateCertificateTemplateRequest) GetRequestId

func (x *CreateCertificateTemplateRequest) GetRequestId() string

func (*CreateCertificateTemplateRequest) ProtoMessage

func (*CreateCertificateTemplateRequest) ProtoMessage()

func (*CreateCertificateTemplateRequest) ProtoReflect

func (*CreateCertificateTemplateRequest) Reset

func (*CreateCertificateTemplateRequest) String

type DeleteCaPoolRequest

type DeleteCaPoolRequest struct {

	// Required. The resource name for this
	// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
	// `projects/*/locations/*/caPools/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and
	// the request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// Optional. This field allows this pool to be deleted even if it's being
	// depended on by another resource. However, doing so may result in unintended
	// and unrecoverable effects on any dependent resources since the pool will
	// no longer be able to issue certificates.
	IgnoreDependentResources bool `` /* 136-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.DeleteCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool].

func (*DeleteCaPoolRequest) Descriptor deprecated

func (*DeleteCaPoolRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteCaPoolRequest.ProtoReflect.Descriptor instead.

func (*DeleteCaPoolRequest) GetIgnoreDependentResources added in v1.14.0

func (x *DeleteCaPoolRequest) GetIgnoreDependentResources() bool

func (*DeleteCaPoolRequest) GetName

func (x *DeleteCaPoolRequest) GetName() string

func (*DeleteCaPoolRequest) GetRequestId

func (x *DeleteCaPoolRequest) GetRequestId() string

func (*DeleteCaPoolRequest) ProtoMessage

func (*DeleteCaPoolRequest) ProtoMessage()

func (*DeleteCaPoolRequest) ProtoReflect

func (x *DeleteCaPoolRequest) ProtoReflect() protoreflect.Message

func (*DeleteCaPoolRequest) Reset

func (x *DeleteCaPoolRequest) Reset()

func (*DeleteCaPoolRequest) String

func (x *DeleteCaPoolRequest) String() string

type DeleteCertificateAuthorityRequest

type DeleteCertificateAuthorityRequest struct {

	// Required. The resource name for this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and
	// the request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// Optional. This field allows the CA to be deleted even if the CA has
	// active certs. Active certs include both unrevoked and unexpired certs.
	IgnoreActiveCertificates bool `` /* 136-byte string literal not displayed */
	// Optional. If this flag is set, the Certificate Authority will be deleted as
	// soon as possible without a 30-day grace period where undeletion would have
	// been allowed. If you proceed, there will be no way to recover this CA.
	SkipGracePeriod bool `protobuf:"varint,5,opt,name=skip_grace_period,json=skipGracePeriod,proto3" json:"skip_grace_period,omitempty"`
	// Optional. This field allows this CA to be deleted even if it's being
	// depended on by another resource. However, doing so may result in unintended
	// and unrecoverable effects on any dependent resources since the CA will
	// no longer be able to issue certificates.
	IgnoreDependentResources bool `` /* 136-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.DeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority].

func (*DeleteCertificateAuthorityRequest) Descriptor deprecated

func (*DeleteCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*DeleteCertificateAuthorityRequest) GetIgnoreActiveCertificates

func (x *DeleteCertificateAuthorityRequest) GetIgnoreActiveCertificates() bool

func (*DeleteCertificateAuthorityRequest) GetIgnoreDependentResources added in v1.14.0

func (x *DeleteCertificateAuthorityRequest) GetIgnoreDependentResources() bool

func (*DeleteCertificateAuthorityRequest) GetName

func (*DeleteCertificateAuthorityRequest) GetRequestId

func (x *DeleteCertificateAuthorityRequest) GetRequestId() string

func (*DeleteCertificateAuthorityRequest) GetSkipGracePeriod

func (x *DeleteCertificateAuthorityRequest) GetSkipGracePeriod() bool

func (*DeleteCertificateAuthorityRequest) ProtoMessage

func (*DeleteCertificateAuthorityRequest) ProtoMessage()

func (*DeleteCertificateAuthorityRequest) ProtoReflect

func (*DeleteCertificateAuthorityRequest) Reset

func (*DeleteCertificateAuthorityRequest) String

type DeleteCertificateTemplateRequest

type DeleteCertificateTemplateRequest struct {

	// Required. The resource name for this
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// in the format `projects/*/locations/*/certificateTemplates/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and
	// the request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.DeleteCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate].

func (*DeleteCertificateTemplateRequest) Descriptor deprecated

func (*DeleteCertificateTemplateRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteCertificateTemplateRequest.ProtoReflect.Descriptor instead.

func (*DeleteCertificateTemplateRequest) GetName

func (*DeleteCertificateTemplateRequest) GetRequestId

func (x *DeleteCertificateTemplateRequest) GetRequestId() string

func (*DeleteCertificateTemplateRequest) ProtoMessage

func (*DeleteCertificateTemplateRequest) ProtoMessage()

func (*DeleteCertificateTemplateRequest) ProtoReflect

func (*DeleteCertificateTemplateRequest) Reset

func (*DeleteCertificateTemplateRequest) String

type DisableCertificateAuthorityRequest

type DisableCertificateAuthorityRequest struct {

	// Required. The resource name for this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and
	// the request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// Optional. This field allows this CA to be disabled even if it's being
	// depended on by another resource. However, doing so may result in unintended
	// and unrecoverable effects on any dependent resources since the CA will
	// no longer be able to issue certificates.
	IgnoreDependentResources bool `` /* 136-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority].

func (*DisableCertificateAuthorityRequest) Descriptor deprecated

func (*DisableCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use DisableCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*DisableCertificateAuthorityRequest) GetIgnoreDependentResources added in v1.14.0

func (x *DisableCertificateAuthorityRequest) GetIgnoreDependentResources() bool

func (*DisableCertificateAuthorityRequest) GetName

func (*DisableCertificateAuthorityRequest) GetRequestId

func (x *DisableCertificateAuthorityRequest) GetRequestId() string

func (*DisableCertificateAuthorityRequest) ProtoMessage

func (*DisableCertificateAuthorityRequest) ProtoMessage()

func (*DisableCertificateAuthorityRequest) ProtoReflect

func (*DisableCertificateAuthorityRequest) Reset

func (*DisableCertificateAuthorityRequest) String

type EnableCertificateAuthorityRequest

type EnableCertificateAuthorityRequest struct {

	// Required. The resource name for this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and
	// the request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority].

func (*EnableCertificateAuthorityRequest) Descriptor deprecated

func (*EnableCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use EnableCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*EnableCertificateAuthorityRequest) GetName

func (*EnableCertificateAuthorityRequest) GetRequestId

func (x *EnableCertificateAuthorityRequest) GetRequestId() string

func (*EnableCertificateAuthorityRequest) ProtoMessage

func (*EnableCertificateAuthorityRequest) ProtoMessage()

func (*EnableCertificateAuthorityRequest) ProtoReflect

func (*EnableCertificateAuthorityRequest) Reset

func (*EnableCertificateAuthorityRequest) String

type FetchCaCertsRequest

type FetchCaCertsRequest struct {

	// Required. The resource name for the
	// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
	// `projects/*/locations/*/caPools/*`.
	CaPool string `protobuf:"bytes,1,opt,name=ca_pool,json=caPool,proto3" json:"ca_pool,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that
	// if you must retry your request, the server will know to ignore the request
	// if it has already been completed. The server will guarantee that for at
	// least 60 minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and
	// the request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].

func (*FetchCaCertsRequest) Descriptor deprecated

func (*FetchCaCertsRequest) Descriptor() ([]byte, []int)

Deprecated: Use FetchCaCertsRequest.ProtoReflect.Descriptor instead.

func (*FetchCaCertsRequest) GetCaPool

func (x *FetchCaCertsRequest) GetCaPool() string

func (*FetchCaCertsRequest) GetRequestId

func (x *FetchCaCertsRequest) GetRequestId() string

func (*FetchCaCertsRequest) ProtoMessage

func (*FetchCaCertsRequest) ProtoMessage()

func (*FetchCaCertsRequest) ProtoReflect

func (x *FetchCaCertsRequest) ProtoReflect() protoreflect.Message

func (*FetchCaCertsRequest) Reset

func (x *FetchCaCertsRequest) Reset()

func (*FetchCaCertsRequest) String

func (x *FetchCaCertsRequest) String() string

type FetchCaCertsResponse

type FetchCaCertsResponse struct {

	// The PEM encoded CA certificate chains of all certificate authorities in
	// this [CaPool][google.cloud.security.privateca.v1.CaPool] in the ENABLED,
	// DISABLED, or STAGED states.
	CaCerts []*FetchCaCertsResponse_CertChain `protobuf:"bytes,1,rep,name=ca_certs,json=caCerts,proto3" json:"ca_certs,omitempty"`
	// contains filtered or unexported fields
}

Response message for [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].

func (*FetchCaCertsResponse) Descriptor deprecated

func (*FetchCaCertsResponse) Descriptor() ([]byte, []int)

Deprecated: Use FetchCaCertsResponse.ProtoReflect.Descriptor instead.

func (*FetchCaCertsResponse) GetCaCerts

func (*FetchCaCertsResponse) ProtoMessage

func (*FetchCaCertsResponse) ProtoMessage()

func (*FetchCaCertsResponse) ProtoReflect

func (x *FetchCaCertsResponse) ProtoReflect() protoreflect.Message

func (*FetchCaCertsResponse) Reset

func (x *FetchCaCertsResponse) Reset()

func (*FetchCaCertsResponse) String

func (x *FetchCaCertsResponse) String() string

type FetchCaCertsResponse_CertChain

type FetchCaCertsResponse_CertChain struct {

	// The certificates that form the CA chain, from leaf to root order.
	Certificates []string `protobuf:"bytes,1,rep,name=certificates,proto3" json:"certificates,omitempty"`
	// contains filtered or unexported fields
}

func (*FetchCaCertsResponse_CertChain) Descriptor deprecated

func (*FetchCaCertsResponse_CertChain) Descriptor() ([]byte, []int)

Deprecated: Use FetchCaCertsResponse_CertChain.ProtoReflect.Descriptor instead.

func (*FetchCaCertsResponse_CertChain) GetCertificates

func (x *FetchCaCertsResponse_CertChain) GetCertificates() []string

func (*FetchCaCertsResponse_CertChain) ProtoMessage

func (*FetchCaCertsResponse_CertChain) ProtoMessage()

func (*FetchCaCertsResponse_CertChain) ProtoReflect

func (*FetchCaCertsResponse_CertChain) Reset

func (x *FetchCaCertsResponse_CertChain) Reset()

func (*FetchCaCertsResponse_CertChain) String

type FetchCertificateAuthorityCsrRequest

type FetchCertificateAuthorityCsrRequest struct {

	// Required. The resource name for this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].

func (*FetchCertificateAuthorityCsrRequest) Descriptor deprecated

func (*FetchCertificateAuthorityCsrRequest) Descriptor() ([]byte, []int)

Deprecated: Use FetchCertificateAuthorityCsrRequest.ProtoReflect.Descriptor instead.

func (*FetchCertificateAuthorityCsrRequest) GetName

func (*FetchCertificateAuthorityCsrRequest) ProtoMessage

func (*FetchCertificateAuthorityCsrRequest) ProtoMessage()

func (*FetchCertificateAuthorityCsrRequest) ProtoReflect

func (*FetchCertificateAuthorityCsrRequest) Reset

func (*FetchCertificateAuthorityCsrRequest) String

type FetchCertificateAuthorityCsrResponse

type FetchCertificateAuthorityCsrResponse struct {

	// Output only. The PEM-encoded signed certificate signing request (CSR).
	PemCsr string `protobuf:"bytes,1,opt,name=pem_csr,json=pemCsr,proto3" json:"pem_csr,omitempty"`
	// contains filtered or unexported fields
}

Response message for [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].

func (*FetchCertificateAuthorityCsrResponse) Descriptor deprecated

func (*FetchCertificateAuthorityCsrResponse) Descriptor() ([]byte, []int)

Deprecated: Use FetchCertificateAuthorityCsrResponse.ProtoReflect.Descriptor instead.

func (*FetchCertificateAuthorityCsrResponse) GetPemCsr

func (*FetchCertificateAuthorityCsrResponse) ProtoMessage

func (*FetchCertificateAuthorityCsrResponse) ProtoMessage()

func (*FetchCertificateAuthorityCsrResponse) ProtoReflect

func (*FetchCertificateAuthorityCsrResponse) Reset

func (*FetchCertificateAuthorityCsrResponse) String

type GetCaPoolRequest

type GetCaPoolRequest struct {

	// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
	// [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].

func (*GetCaPoolRequest) Descriptor deprecated

func (*GetCaPoolRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCaPoolRequest.ProtoReflect.Descriptor instead.

func (*GetCaPoolRequest) GetName

func (x *GetCaPoolRequest) GetName() string

func (*GetCaPoolRequest) ProtoMessage

func (*GetCaPoolRequest) ProtoMessage()

func (*GetCaPoolRequest) ProtoReflect

func (x *GetCaPoolRequest) ProtoReflect() protoreflect.Message

func (*GetCaPoolRequest) Reset

func (x *GetCaPoolRequest) Reset()

func (*GetCaPoolRequest) String

func (x *GetCaPoolRequest) String() string

type GetCertificateAuthorityRequest

type GetCertificateAuthorityRequest struct {

	// Required. The
	// [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].

func (*GetCertificateAuthorityRequest) Descriptor deprecated

func (*GetCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*GetCertificateAuthorityRequest) GetName

func (*GetCertificateAuthorityRequest) ProtoMessage

func (*GetCertificateAuthorityRequest) ProtoMessage()

func (*GetCertificateAuthorityRequest) ProtoReflect

func (*GetCertificateAuthorityRequest) Reset

func (x *GetCertificateAuthorityRequest) Reset()

func (*GetCertificateAuthorityRequest) String

type GetCertificateRequest

type GetCertificateRequest struct {

	// Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
	// of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
	// get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate].

func (*GetCertificateRequest) Descriptor deprecated

func (*GetCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCertificateRequest.ProtoReflect.Descriptor instead.

func (*GetCertificateRequest) GetName

func (x *GetCertificateRequest) GetName() string

func (*GetCertificateRequest) ProtoMessage

func (*GetCertificateRequest) ProtoMessage()

func (*GetCertificateRequest) ProtoReflect

func (x *GetCertificateRequest) ProtoReflect() protoreflect.Message

func (*GetCertificateRequest) Reset

func (x *GetCertificateRequest) Reset()

func (*GetCertificateRequest) String

func (x *GetCertificateRequest) String() string

type GetCertificateRevocationListRequest

type GetCertificateRevocationListRequest struct {

	// Required. The
	// [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
	// of the
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
	// to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList].

func (*GetCertificateRevocationListRequest) Descriptor deprecated

func (*GetCertificateRevocationListRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCertificateRevocationListRequest.ProtoReflect.Descriptor instead.

func (*GetCertificateRevocationListRequest) GetName

func (*GetCertificateRevocationListRequest) ProtoMessage

func (*GetCertificateRevocationListRequest) ProtoMessage()

func (*GetCertificateRevocationListRequest) ProtoReflect

func (*GetCertificateRevocationListRequest) Reset

func (*GetCertificateRevocationListRequest) String

type GetCertificateTemplateRequest

type GetCertificateTemplateRequest struct {

	// Required. The
	// [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.GetCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate].

func (*GetCertificateTemplateRequest) Descriptor deprecated

func (*GetCertificateTemplateRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCertificateTemplateRequest.ProtoReflect.Descriptor instead.

func (*GetCertificateTemplateRequest) GetName

func (*GetCertificateTemplateRequest) ProtoMessage

func (*GetCertificateTemplateRequest) ProtoMessage()

func (*GetCertificateTemplateRequest) ProtoReflect

func (*GetCertificateTemplateRequest) Reset

func (x *GetCertificateTemplateRequest) Reset()

func (*GetCertificateTemplateRequest) String

type KeyUsage

type KeyUsage struct {

	// Describes high-level ways in which a key may be used.
	BaseKeyUsage *KeyUsage_KeyUsageOptions `protobuf:"bytes,1,opt,name=base_key_usage,json=baseKeyUsage,proto3" json:"base_key_usage,omitempty"`
	// Detailed scenarios in which a key may be used.
	ExtendedKeyUsage *KeyUsage_ExtendedKeyUsageOptions `protobuf:"bytes,2,opt,name=extended_key_usage,json=extendedKeyUsage,proto3" json:"extended_key_usage,omitempty"`
	// Used to describe extended key usages that are not listed in the
	// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
	// message.
	UnknownExtendedKeyUsages []*ObjectId `` /* 137-byte string literal not displayed */
	// contains filtered or unexported fields
}

A KeyUsage[google.cloud.security.privateca.v1.KeyUsage] describes key usage values that may appear in an X.509 certificate.

func (*KeyUsage)