google-cloud-security-private_ca-v1 0.4.0 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (23) hide show
  1. checksums.yaml +4 -4
  2. data/AUTHENTICATION.md +1 -1
  3. data/README.md +2 -2
  4. data/lib/google/cloud/security/private_ca/v1/bindings_override.rb +185 -0
  5. data/lib/google/cloud/security/private_ca/v1/certificate_authority_service/client.rb +415 -330
  6. data/lib/google/cloud/security/private_ca/v1/certificate_authority_service/operations.rb +12 -14
  7. data/lib/google/cloud/security/private_ca/v1/certificate_authority_service/rest/client.rb +2877 -0
  8. data/lib/google/cloud/security/private_ca/v1/certificate_authority_service/rest/operations.rb +795 -0
  9. data/lib/google/cloud/security/private_ca/v1/certificate_authority_service/rest/service_stub.rb +1776 -0
  10. data/lib/google/cloud/security/private_ca/v1/certificate_authority_service/rest.rb +58 -0
  11. data/lib/google/cloud/security/private_ca/v1/certificate_authority_service.rb +10 -3
  12. data/lib/google/cloud/security/private_ca/v1/rest.rb +40 -0
  13. data/lib/google/cloud/security/private_ca/v1/version.rb +1 -1
  14. data/lib/google/cloud/security/private_ca/v1.rb +7 -2
  15. data/lib/google/cloud/security/privateca/v1/resources_pb.rb +14 -0
  16. data/lib/google/cloud/security/privateca/v1/service_services_pb.rb +64 -32
  17. data/proto_docs/google/api/client.rb +318 -0
  18. data/proto_docs/google/api/launch_stage.rb +71 -0
  19. data/proto_docs/google/cloud/security/privateca/v1/resources.rb +588 -302
  20. data/proto_docs/google/cloud/security/privateca/v1/service.rb +297 -223
  21. data/proto_docs/google/protobuf/empty.rb +0 -2
  22. data/proto_docs/google/rpc/status.rb +4 -2
  23. metadata +22 -12
@@ -22,77 +22,113 @@ module Google
22
22
  module Security
23
23
  module PrivateCA
24
24
  module V1
25
- # A {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} represents an individual Certificate Authority.
26
- # A {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} can be used to create {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}.
25
+ # A
26
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
27
+ # represents an individual Certificate Authority. A
28
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
29
+ # can be used to create
30
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}.
27
31
  # @!attribute [r] name
28
32
  # @return [::String]
29
- # Output only. The resource name for this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} in the
30
- # format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
33
+ # Output only. The resource name for this
34
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
35
+ # in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
31
36
  # @!attribute [rw] type
32
37
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::Type]
33
- # Required. Immutable. The {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::Type Type} of this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}.
38
+ # Required. Immutable. The
39
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::Type Type} of
40
+ # this
41
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}.
34
42
  # @!attribute [rw] config
35
43
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateConfig]
36
- # Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
44
+ # Required. Immutable. The config used to create a self-signed X.509
45
+ # certificate or CSR.
37
46
  # @!attribute [rw] lifetime
38
47
  # @return [::Google::Protobuf::Duration]
39
- # Required. Immutable. The desired lifetime of the CA certificate. Used to create the
40
- # "not_before_time" and "not_after_time" fields inside an X.509
48
+ # Required. Immutable. The desired lifetime of the CA certificate. Used to
49
+ # create the "not_before_time" and "not_after_time" fields inside an X.509
41
50
  # certificate.
42
51
  # @!attribute [rw] key_spec
43
52
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::KeyVersionSpec]
44
- # Required. Immutable. Used when issuing certificates for this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}. If this
45
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} is a self-signed CertificateAuthority, this key
46
- # is also used to sign the self-signed CA certificate. Otherwise, it
47
- # is used to sign a CSR.
53
+ # Required. Immutable. Used when issuing certificates for this
54
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}.
55
+ # If this
56
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
57
+ # is a self-signed CertificateAuthority, this key is also used to sign the
58
+ # self-signed CA certificate. Otherwise, it is used to sign a CSR.
48
59
  # @!attribute [rw] subordinate_config
49
60
  # @return [::Google::Cloud::Security::PrivateCA::V1::SubordinateConfig]
50
- # Optional. If this is a subordinate {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, this field will be set
51
- # with the subordinate configuration, which describes its issuers. This may
52
- # be updated, but this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} must continue to validate.
61
+ # Optional. If this is a subordinate
62
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority},
63
+ # this field will be set with the subordinate configuration, which describes
64
+ # its issuers. This may be updated, but this
65
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
66
+ # must continue to validate.
53
67
  # @!attribute [r] tier
54
68
  # @return [::Google::Cloud::Security::PrivateCA::V1::CaPool::Tier]
55
- # Output only. The {::Google::Cloud::Security::PrivateCA::V1::CaPool::Tier CaPool.Tier} of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool} that includes this
69
+ # Output only. The
70
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::Tier CaPool.Tier} of the
71
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool} that includes this
56
72
  # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}.
57
73
  # @!attribute [r] state
58
74
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::State]
59
- # Output only. The {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::State State} for this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}.
75
+ # Output only. The
76
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::State State} for
77
+ # this
78
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}.
60
79
  # @!attribute [r] pem_ca_certificates
61
80
  # @return [::Array<::String>]
62
- # Output only. This {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s certificate chain, including the current
63
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s certificate. Ordered such that the root issuer
64
- # is the final element (consistent with RFC 5246). For a self-signed CA, this
65
- # will only list the current {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s certificate.
81
+ # Output only. This
82
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s
83
+ # certificate chain, including the current
84
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s
85
+ # certificate. Ordered such that the root issuer is the final element
86
+ # (consistent with RFC 5246). For a self-signed CA, this will only list the
87
+ # current
88
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s
89
+ # certificate.
66
90
  # @!attribute [r] ca_certificate_descriptions
67
91
  # @return [::Array<::Google::Cloud::Security::PrivateCA::V1::CertificateDescription>]
68
- # Output only. A structured description of this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate
69
- # and its issuers. Ordered as self-to-root.
92
+ # Output only. A structured description of this
93
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s
94
+ # CA certificate and its issuers. Ordered as self-to-root.
70
95
  # @!attribute [rw] gcs_bucket
71
96
  # @return [::String]
72
- # Immutable. The name of a Cloud Storage bucket where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will
73
- # publish content, such as the CA certificate and CRLs. This must be a bucket
74
- # name, without any prefixes (such as `gs://`) or suffixes (such as
97
+ # Immutable. The name of a Cloud Storage bucket where this
98
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
99
+ # will publish content, such as the CA certificate and CRLs. This must be a
100
+ # bucket name, without any prefixes (such as `gs://`) or suffixes (such as
75
101
  # `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
76
102
  # would simply specify `my-bucket`. If not specified, a managed bucket will
77
103
  # be created.
78
104
  # @!attribute [r] access_urls
79
105
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::AccessUrls]
80
- # Output only. URLs for accessing content published by this CA, such as the CA certificate
81
- # and CRLs.
106
+ # Output only. URLs for accessing content published by this CA, such as the
107
+ # CA certificate and CRLs.
82
108
  # @!attribute [r] create_time
83
109
  # @return [::Google::Protobuf::Timestamp]
84
- # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} was created.
110
+ # Output only. The time at which this
111
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
112
+ # was created.
85
113
  # @!attribute [r] update_time
86
114
  # @return [::Google::Protobuf::Timestamp]
87
- # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} was last updated.
115
+ # Output only. The time at which this
116
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
117
+ # was last updated.
88
118
  # @!attribute [r] delete_time
89
119
  # @return [::Google::Protobuf::Timestamp]
90
- # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} was soft deleted, if
91
- # it is in the {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::State::DELETED DELETED} state.
120
+ # Output only. The time at which this
121
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
122
+ # was soft deleted, if it is in the
123
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::State::DELETED DELETED}
124
+ # state.
92
125
  # @!attribute [r] expire_time
93
126
  # @return [::Google::Protobuf::Timestamp]
94
- # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will be permanently purged,
95
- # if it is in the {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::State::DELETED DELETED} state.
127
+ # Output only. The time at which this
128
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
129
+ # will be permanently purged, if it is in the
130
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::State::DELETED DELETED}
131
+ # state.
96
132
  # @!attribute [rw] labels
97
133
  # @return [::Google::Protobuf::Map{::String => ::String}]
98
134
  # Optional. Labels with user-defined metadata.
@@ -100,21 +136,29 @@ module Google
100
136
  include ::Google::Protobuf::MessageExts
101
137
  extend ::Google::Protobuf::MessageExts::ClassMethods
102
138
 
103
- # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
139
+ # URLs where a
140
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
141
+ # will publish content.
104
142
  # @!attribute [rw] ca_certificate_access_url
105
143
  # @return [::String]
106
- # The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
107
- # published. This will only be set for CAs that have been activated.
144
+ # The URL where this
145
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s
146
+ # CA certificate is published. This will only be set for CAs that have been
147
+ # activated.
108
148
  # @!attribute [rw] crl_access_urls
109
149
  # @return [::Array<::String>]
110
- # The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
111
- # will only be set for CAs that have been activated.
150
+ # The URLs where this
151
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s
152
+ # CRLs are published. This will only be set for CAs that have been
153
+ # activated.
112
154
  class AccessUrls
113
155
  include ::Google::Protobuf::MessageExts
114
156
  extend ::Google::Protobuf::MessageExts::ClassMethods
115
157
  end
116
158
 
117
- # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
159
+ # A Cloud KMS key configuration that a
160
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
161
+ # will use.
118
162
  # @!attribute [rw] cloud_kms_key_version
119
163
  # @return [::String]
120
164
  # The resource name for an existing Cloud KMS CryptoKeyVersion in the
@@ -141,7 +185,9 @@ module Google
141
185
  extend ::Google::Protobuf::MessageExts::ClassMethods
142
186
  end
143
187
 
144
- # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
188
+ # The type of a
189
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority},
190
+ # indicating its issuing chain.
145
191
  module Type
146
192
  # Not specified.
147
193
  TYPE_UNSPECIFIED = 0
@@ -149,42 +195,56 @@ module Google
149
195
  # Self-signed CA.
150
196
  SELF_SIGNED = 1
151
197
 
152
- # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
198
+ # Subordinate CA. Could be issued by a Private CA
199
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
153
200
  # or an unmanaged CA.
154
201
  SUBORDINATE = 2
155
202
  end
156
203
 
157
- # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
204
+ # The state of a
205
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority},
206
+ # indicating if it can be used.
158
207
  module State
159
208
  # Not specified.
160
209
  STATE_UNSPECIFIED = 0
161
210
 
162
211
  # Certificates can be issued from this CA. CRLs will be generated for this
163
- # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
164
- # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
212
+ # CA. The CA will be part of the
213
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and
214
+ # will be used to issue certificates from the
215
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
165
216
  ENABLED = 1
166
217
 
167
218
  # Certificates cannot be issued from this CA. CRLs will still be generated.
168
- # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
169
- # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
219
+ # The CA will be part of the
220
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but
221
+ # will not be used to issue certificates from the
222
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
170
223
  DISABLED = 2
171
224
 
172
225
  # Certificates can be issued from this CA. CRLs will be generated for this
173
- # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
174
- # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
226
+ # CA. The CA will be part of the
227
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but
228
+ # will not be used to issue certificates from the
229
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
175
230
  STAGED = 3
176
231
 
177
232
  # Certificates cannot be issued from this CA. CRLs will not be generated.
178
- # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
179
- # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
233
+ # The CA will not be part of the
234
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and
235
+ # will not be used to issue certificates from the
236
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
180
237
  AWAITING_USER_ACTIVATION = 4
181
238
 
182
239
  # Certificates cannot be issued from this CA. CRLs will not be generated.
183
240
  # The CA may still be recovered by calling
184
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
241
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority}
242
+ # before
185
243
  # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
186
- # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
187
- # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
244
+ # The CA will not be part of the
245
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and
246
+ # will not be used to issue certificates from the
247
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
188
248
  DELETED = 5
189
249
  end
190
250
 
@@ -228,26 +288,37 @@ module Google
228
288
  end
229
289
 
230
290
  # A {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool} represents a group of
231
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthorities} that form a trust anchor. A
232
- # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool} can be used to manage issuance policies for one or more
233
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} resources and to rotate CA certificates in and out
234
- # of the trust anchor.
291
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthorities}
292
+ # that form a trust anchor. A
293
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool} can be used to manage
294
+ # issuance policies for one or more
295
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
296
+ # resources and to rotate CA certificates in and out of the trust anchor.
235
297
  # @!attribute [r] name
236
298
  # @return [::String]
237
- # Output only. The resource name for this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool} in the
238
- # format `projects/*/locations/*/caPools/*`.
299
+ # Output only. The resource name for this
300
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool} in the format
301
+ # `projects/*/locations/*/caPools/*`.
239
302
  # @!attribute [rw] tier
240
303
  # @return [::Google::Cloud::Security::PrivateCA::V1::CaPool::Tier]
241
- # Required. Immutable. The {::Google::Cloud::Security::PrivateCA::V1::CaPool::Tier Tier} of this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
304
+ # Required. Immutable. The
305
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::Tier Tier} of this
306
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
242
307
  # @!attribute [rw] issuance_policy
243
308
  # @return [::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy]
244
- # Optional. The {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy IssuancePolicy} to control how {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}
245
- # will be issued from this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
309
+ # Optional. The
310
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy IssuancePolicy}
311
+ # to control how
312
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} will be
313
+ # issued from this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
246
314
  # @!attribute [rw] publishing_options
247
315
  # @return [::Google::Cloud::Security::PrivateCA::V1::CaPool::PublishingOptions]
248
- # Optional. The {::Google::Cloud::Security::PrivateCA::V1::CaPool::PublishingOptions PublishingOptions} to follow when issuing
249
- # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} from any {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} in this
250
- # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
316
+ # Optional. The
317
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::PublishingOptions PublishingOptions}
318
+ # to follow when issuing
319
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} from any
320
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
321
+ # in this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
251
322
  # @!attribute [rw] labels
252
323
  # @return [::Google::Protobuf::Map{::String => ::String}]
253
324
  # Optional. Labels with user-defined metadata.
@@ -255,83 +326,108 @@ module Google
255
326
  include ::Google::Protobuf::MessageExts
256
327
  extend ::Google::Protobuf::MessageExts::ClassMethods
257
328
 
258
- # Options relating to the publication of each {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA
259
- # certificate and CRLs and their inclusion as extensions in issued
260
- # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}. The options set here apply to certificates
261
- # issued by any {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} in the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
329
+ # Options relating to the publication of each
330
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s
331
+ # CA certificate and CRLs and their inclusion as extensions in issued
332
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}. The options
333
+ # set here apply to certificates issued by any
334
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
335
+ # in the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
262
336
  # @!attribute [rw] publish_ca_cert
263
337
  # @return [::Boolean]
264
- # Optional. When true, publishes each {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate and
265
- # includes its URL in the "Authority Information Access" X.509 extension
266
- # in all issued {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}. If this is false, the CA
267
- # certificate will not be published and the corresponding X.509 extension
268
- # will not be written in issued certificates.
338
+ # Optional. When true, publishes each
339
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s
340
+ # CA certificate and includes its URL in the "Authority Information Access"
341
+ # X.509 extension in all issued
342
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}. If this
343
+ # is false, the CA certificate will not be published and the corresponding
344
+ # X.509 extension will not be written in issued certificates.
269
345
  # @!attribute [rw] publish_crl
270
346
  # @return [::Boolean]
271
- # Optional. When true, publishes each {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRL and includes its
272
- # URL in the "CRL Distribution Points" X.509 extension in all issued
273
- # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}. If this is false, CRLs will not be published
274
- # and the corresponding X.509 extension will not be written in issued
275
- # certificates.
276
- # CRLs will expire 7 days from their creation. However, we will rebuild
277
- # daily. CRLs are also rebuilt shortly after a certificate is revoked.
347
+ # Optional. When true, publishes each
348
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s
349
+ # CRL and includes its URL in the "CRL Distribution Points" X.509 extension
350
+ # in all issued
351
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}. If this
352
+ # is false, CRLs will not be published and the corresponding X.509
353
+ # extension will not be written in issued certificates. CRLs will expire 7
354
+ # days from their creation. However, we will rebuild daily. CRLs are also
355
+ # rebuilt shortly after a certificate is revoked.
278
356
  class PublishingOptions
279
357
  include ::Google::Protobuf::MessageExts
280
358
  extend ::Google::Protobuf::MessageExts::ClassMethods
281
359
  end
282
360
 
283
- # Defines controls over all certificate issuance within a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
361
+ # Defines controls over all certificate issuance within a
362
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
284
363
  # @!attribute [rw] allowed_key_types
285
364
  # @return [::Array<::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType>]
286
- # Optional. If any {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType AllowedKeyType} is specified, then the certificate request's
287
- # public key must match one of the key types listed here. Otherwise,
288
- # any key may be used.
365
+ # Optional. If any
366
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType AllowedKeyType}
367
+ # is specified, then the certificate request's public key must match one of
368
+ # the key types listed here. Otherwise, any key may be used.
289
369
  # @!attribute [rw] maximum_lifetime
290
370
  # @return [::Google::Protobuf::Duration]
291
- # Optional. The maximum lifetime allowed for issued {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}. Note
292
- # that if the issuing {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} expires before a
293
- # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}'s requested maximum_lifetime, the effective lifetime will
294
- # be explicitly truncated to match it.
371
+ # Optional. The maximum lifetime allowed for issued
372
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}. Note that
373
+ # if the issuing
374
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
375
+ # expires before a
376
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}'s requested
377
+ # maximum_lifetime, the effective lifetime will be explicitly truncated to
378
+ # match it.
295
379
  # @!attribute [rw] allowed_issuance_modes
296
380
  # @return [::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::IssuanceModes]
297
- # Optional. If specified, then only methods allowed in the {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::IssuanceModes IssuanceModes} may be
298
- # used to issue {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}.
381
+ # Optional. If specified, then only methods allowed in the
382
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::IssuanceModes IssuanceModes}
383
+ # may be used to issue
384
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}.
299
385
  # @!attribute [rw] baseline_values
300
386
  # @return [::Google::Cloud::Security::PrivateCA::V1::X509Parameters]
301
- # Optional. A set of X.509 values that will be applied to all certificates issued
302
- # through this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}. If a certificate request includes conflicting
303
- # values for the same properties, they will be overwritten by the values
304
- # defined here. If a certificate request uses a {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}
387
+ # Optional. A set of X.509 values that will be applied to all certificates
388
+ # issued through this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
389
+ # If a certificate request includes conflicting values for the same
390
+ # properties, they will be overwritten by the values defined here. If a
391
+ # certificate request uses a
392
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}
305
393
  # that defines conflicting
306
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate#predefined_values predefined_values} for the same
307
- # properties, the certificate issuance request will fail.
394
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate#predefined_values predefined_values}
395
+ # for the same properties, the certificate issuance request will fail.
308
396
  # @!attribute [rw] identity_constraints
309
397
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateIdentityConstraints]
310
398
  # Optional. Describes constraints on identities that may appear in
311
- # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} issued through this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
312
- # If this is omitted, then this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool} will not add restrictions on a
313
- # certificate's identity.
399
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} issued
400
+ # through this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}. If this
401
+ # is omitted, then this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}
402
+ # will not add restrictions on a certificate's identity.
314
403
  # @!attribute [rw] passthrough_extensions
315
404
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints]
316
405
  # Optional. Describes the set of X.509 extensions that may appear in a
317
- # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued through this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}. If a certificate request
318
- # sets extensions that don't appear in the {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy#passthrough_extensions passthrough_extensions},
406
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued
407
+ # through this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}. If a
408
+ # certificate request sets extensions that don't appear in the
409
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy#passthrough_extensions passthrough_extensions},
319
410
  # those extensions will be dropped. If a certificate request uses a
320
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate} with
321
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate#predefined_values predefined_values} that don't
322
- # appear here, the certificate issuance request will fail. If this is
323
- # omitted, then this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool} will not add restrictions on a
324
- # certificate's X.509 extensions. These constraints do not apply to X.509
325
- # extensions set in this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy#baseline_values baseline_values}.
411
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}
412
+ # with
413
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate#predefined_values predefined_values}
414
+ # that don't appear here, the certificate issuance request will fail. If
415
+ # this is omitted, then this
416
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool} will not add
417
+ # restrictions on a certificate's X.509 extensions. These constraints do
418
+ # not apply to X.509 extensions set in this
419
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s
420
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy#baseline_values baseline_values}.
326
421
  class IssuancePolicy
327
422
  include ::Google::Protobuf::MessageExts
328
423
  extend ::Google::Protobuf::MessageExts::ClassMethods
329
424
 
330
- # Describes a "type" of key that may be used in a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued
331
- # from a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
332
- # Note that a single {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType AllowedKeyType} may refer to either a
333
- # fully-qualified key algorithm, such as RSA 4096, or a family of key
334
- # algorithms, such as any RSA key.
425
+ # Describes a "type" of key that may be used in a
426
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued from
427
+ # a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}. Note that a single
428
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType AllowedKeyType}
429
+ # may refer to either a fully-qualified key algorithm, such as RSA 4096, or
430
+ # a family of key algorithms, such as any RSA key.
335
431
  # @!attribute [rw] rsa
336
432
  # @return [::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType::RsaKeyType]
337
433
  # Represents an allowed RSA key type.
@@ -342,35 +438,39 @@ module Google
342
438
  include ::Google::Protobuf::MessageExts
343
439
  extend ::Google::Protobuf::MessageExts::ClassMethods
344
440
 
345
- # Describes an RSA key that may be used in a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued from
346
- # a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
441
+ # Describes an RSA key that may be used in a
442
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued
443
+ # from a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
347
444
  # @!attribute [rw] min_modulus_size
348
445
  # @return [::Integer]
349
- # Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
350
- # not set, or if set to zero, the service-level min RSA modulus size
351
- # will continue to apply.
446
+ # Optional. The minimum allowed RSA modulus size (inclusive), in bits.
447
+ # If this is not set, or if set to zero, the service-level min RSA
448
+ # modulus size will continue to apply.
352
449
  # @!attribute [rw] max_modulus_size
353
450
  # @return [::Integer]
354
- # Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
355
- # not set, or if set to zero, the service will not enforce an explicit
356
- # upper bound on RSA modulus sizes.
451
+ # Optional. The maximum allowed RSA modulus size (inclusive), in bits.
452
+ # If this is not set, or if set to zero, the service will not enforce
453
+ # an explicit upper bound on RSA modulus sizes.
357
454
  class RsaKeyType
358
455
  include ::Google::Protobuf::MessageExts
359
456
  extend ::Google::Protobuf::MessageExts::ClassMethods
360
457
  end
361
458
 
362
- # Describes an Elliptic Curve key that may be used in a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}
363
- # issued from a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
459
+ # Describes an Elliptic Curve key that may be used in a
460
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued
461
+ # from a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
364
462
  # @!attribute [rw] signature_algorithm
365
463
  # @return [::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::AllowedKeyType::EcKeyType::EcSignatureAlgorithm]
366
- # Optional. A signature algorithm that must be used. If this is omitted, any
367
- # EC-based signature algorithm will be allowed.
464
+ # Optional. A signature algorithm that must be used. If this is
465
+ # omitted, any EC-based signature algorithm will be allowed.
368
466
  class EcKeyType
369
467
  include ::Google::Protobuf::MessageExts
370
468
  extend ::Google::Protobuf::MessageExts::ClassMethods
371
469
 
372
470
  # Describes an elliptic curve-based signature algorithm that may be
373
- # used in a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued from a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
471
+ # used in a
472
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued
473
+ # from a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
374
474
  module EcSignatureAlgorithm
375
475
  # Not specified. Signifies that any signature algorithm may be used.
376
476
  EC_SIGNATURE_ALGORITHM_UNSPECIFIED = 0
@@ -390,17 +490,21 @@ module Google
390
490
  end
391
491
  end
392
492
 
393
- # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::IssuanceModes IssuanceModes} specifies the allowed ways in which
394
- # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} may be requested from this
395
- # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
493
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy::IssuanceModes IssuanceModes}
494
+ # specifies the allowed ways in which
495
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} may be
496
+ # requested from this {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
396
497
  # @!attribute [rw] allow_csr_based_issuance
397
498
  # @return [::Boolean]
398
- # Optional. When true, allows callers to create {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} by
499
+ # Optional. When true, allows callers to create
500
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} by
399
501
  # specifying a CSR.
400
502
  # @!attribute [rw] allow_config_based_issuance
401
503
  # @return [::Boolean]
402
- # Optional. When true, allows callers to create {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} by
403
- # specifying a {::Google::Cloud::Security::PrivateCA::V1::CertificateConfig CertificateConfig}.
504
+ # Optional. When true, allows callers to create
505
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} by
506
+ # specifying a
507
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateConfig CertificateConfig}.
404
508
  class IssuanceModes
405
509
  include ::Google::Protobuf::MessageExts
406
510
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -416,8 +520,8 @@ module Google
416
520
  extend ::Google::Protobuf::MessageExts::ClassMethods
417
521
  end
418
522
 
419
- # The tier of a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}, indicating its supported functionality and/or
420
- # billing SKU.
523
+ # The tier of a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool},
524
+ # indicating its supported functionality and/or billing SKU.
421
525
  module Tier
422
526
  # Not specified.
423
527
  TIER_UNSPECIFIED = 0
@@ -430,14 +534,15 @@ module Google
430
534
  end
431
535
  end
432
536
 
433
- # A {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList} corresponds to a signed X.509 certificate
434
- # Revocation List (CRL). A CRL contains the serial numbers of certificates that
435
- # should no longer be trusted.
537
+ # A
538
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}
539
+ # corresponds to a signed X.509 certificate Revocation List (CRL). A CRL
540
+ # contains the serial numbers of certificates that should no longer be trusted.
436
541
  # @!attribute [r] name
437
542
  # @return [::String]
438
- # Output only. The resource name for this {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList} in
439
- # the format
440
- # `projects/*/locations/*/caPools/*certificateAuthorities/*/
543
+ # Output only. The resource name for this
544
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}
545
+ # in the format `projects/*/locations/*/caPools/*certificateAuthorities/*/
441
546
  # certificateRevocationLists/*`.
442
547
  # @!attribute [r] sequence_number
443
548
  # @return [::Integer]
@@ -453,18 +558,26 @@ module Google
453
558
  # Output only. The location where 'pem_crl' can be accessed.
454
559
  # @!attribute [r] state
455
560
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList::State]
456
- # Output only. The {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList::State State} for this {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}.
561
+ # Output only. The
562
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList::State State}
563
+ # for this
564
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}.
457
565
  # @!attribute [r] create_time
458
566
  # @return [::Google::Protobuf::Timestamp]
459
- # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList} was created.
567
+ # Output only. The time at which this
568
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}
569
+ # was created.
460
570
  # @!attribute [r] update_time
461
571
  # @return [::Google::Protobuf::Timestamp]
462
- # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList} was updated.
572
+ # Output only. The time at which this
573
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}
574
+ # was updated.
463
575
  # @!attribute [r] revision_id
464
576
  # @return [::String]
465
- # Output only. The revision ID of this {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}. A new revision is
466
- # committed whenever a new CRL is published. The format is an 8-character
467
- # hexadecimal string.
577
+ # Output only. The revision ID of this
578
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}.
579
+ # A new revision is committed whenever a new CRL is published. The format is
580
+ # an 8-character hexadecimal string.
468
581
  # @!attribute [rw] labels
469
582
  # @return [::Google::Protobuf::Map{::String => ::String}]
470
583
  # Optional. Labels with user-defined metadata.
@@ -472,17 +585,22 @@ module Google
472
585
  include ::Google::Protobuf::MessageExts
473
586
  extend ::Google::Protobuf::MessageExts::ClassMethods
474
587
 
475
- # Describes a revoked {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}.
588
+ # Describes a revoked
589
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}.
476
590
  # @!attribute [rw] certificate
477
591
  # @return [::String]
478
- # The resource name for the {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} in the format
479
- # `projects/*/locations/*/caPools/*/certificates/*`.
592
+ # The resource name for the
593
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} in the
594
+ # format `projects/*/locations/*/caPools/*/certificates/*`.
480
595
  # @!attribute [rw] hex_serial_number
481
596
  # @return [::String]
482
- # The serial number of the {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}.
597
+ # The serial number of the
598
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}.
483
599
  # @!attribute [rw] revocation_reason
484
600
  # @return [::Google::Cloud::Security::PrivateCA::V1::RevocationReason]
485
- # The reason the {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} was revoked.
601
+ # The reason the
602
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} was
603
+ # revoked.
486
604
  class RevokedCertificate
487
605
  include ::Google::Protobuf::MessageExts
488
606
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -497,58 +615,73 @@ module Google
497
615
  extend ::Google::Protobuf::MessageExts::ClassMethods
498
616
  end
499
617
 
500
- # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}, indicating if it is current.
618
+ # The state of a
619
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList},
620
+ # indicating if it is current.
501
621
  module State
502
622
  # Not specified.
503
623
  STATE_UNSPECIFIED = 0
504
624
 
505
- # The {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList} is up to date.
625
+ # The
626
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}
627
+ # is up to date.
506
628
  ACTIVE = 1
507
629
 
508
- # The {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList} is no longer current.
630
+ # The
631
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateRevocationList CertificateRevocationList}
632
+ # is no longer current.
509
633
  SUPERSEDED = 2
510
634
  end
511
635
  end
512
636
 
513
- # A {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} corresponds to a signed X.509 certificate issued by a
637
+ # A {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} corresponds
638
+ # to a signed X.509 certificate issued by a
514
639
  # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}.
515
640
  # @!attribute [r] name
516
641
  # @return [::String]
517
- # Output only. The resource name for this {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} in the format
642
+ # Output only. The resource name for this
643
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} in the format
518
644
  # `projects/*/locations/*/caPools/*/certificates/*`.
519
645
  # @!attribute [rw] pem_csr
520
646
  # @return [::String]
521
647
  # Immutable. A pem-encoded X.509 certificate signing request (CSR).
522
648
  # @!attribute [rw] config
523
649
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateConfig]
524
- # Immutable. A description of the certificate and key that does not require X.509 or
525
- # ASN.1.
650
+ # Immutable. A description of the certificate and key that does not require
651
+ # X.509 or ASN.1.
526
652
  # @!attribute [r] issuer_certificate_authority
527
653
  # @return [::String]
528
- # Output only. The resource name of the issuing {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} in the format
529
- # `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
654
+ # Output only. The resource name of the issuing
655
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
656
+ # in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
530
657
  # @!attribute [rw] lifetime
531
658
  # @return [::Google::Protobuf::Duration]
532
- # Required. Immutable. The desired lifetime of a certificate. Used to create the
533
- # "not_before_time" and "not_after_time" fields inside an X.509
659
+ # Required. Immutable. The desired lifetime of a certificate. Used to create
660
+ # the "not_before_time" and "not_after_time" fields inside an X.509
534
661
  # certificate. Note that the lifetime may be truncated if it would extend
535
662
  # past the life of any certificate authority in the issuing chain.
536
663
  # @!attribute [rw] certificate_template
537
664
  # @return [::String]
538
- # Immutable. The resource name for a {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate} used to issue this
539
- # certificate, in the format
665
+ # Immutable. The resource name for a
666
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}
667
+ # used to issue this certificate, in the format
540
668
  # `projects/*/locations/*/certificateTemplates/*`.
541
669
  # If this is specified, the caller must have the necessary permission to
542
670
  # use this template. If this is omitted, no template will be used.
543
- # This template must be in the same location as the {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}.
671
+ # This template must be in the same location as the
672
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}.
544
673
  # @!attribute [rw] subject_mode
545
674
  # @return [::Google::Cloud::Security::PrivateCA::V1::SubjectRequestMode]
546
- # Immutable. Specifies how the {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}'s identity fields are to be decided.
547
- # If this is omitted, the `DEFAULT` subject mode will be used.
675
+ # Immutable. Specifies how the
676
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}'s identity
677
+ # fields are to be decided. If this is omitted, the `DEFAULT` subject mode
678
+ # will be used.
548
679
  # @!attribute [r] revocation_details
549
680
  # @return [::Google::Cloud::Security::PrivateCA::V1::Certificate::RevocationDetails]
550
- # Output only. Details regarding the revocation of this {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}. This
551
- # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} is considered revoked if and only if this field is present.
681
+ # Output only. Details regarding the revocation of this
682
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}. This
683
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} is considered
684
+ # revoked if and only if this field is present.
552
685
  # @!attribute [r] pem_certificate
553
686
  # @return [::String]
554
687
  # Output only. The pem-encoded, signed X.509 certificate.
@@ -557,14 +690,16 @@ module Google
557
690
  # Output only. A structured description of the issued X.509 certificate.
558
691
  # @!attribute [r] pem_certificate_chain
559
692
  # @return [::Array<::String>]
560
- # Output only. The chain that may be used to verify the X.509 certificate. Expected to be
561
- # in issuer-to-root order according to RFC 5246.
693
+ # Output only. The chain that may be used to verify the X.509 certificate.
694
+ # Expected to be in issuer-to-root order according to RFC 5246.
562
695
  # @!attribute [r] create_time
563
696
  # @return [::Google::Protobuf::Timestamp]
564
- # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} was created.
697
+ # Output only. The time at which this
698
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} was created.
565
699
  # @!attribute [r] update_time
566
700
  # @return [::Google::Protobuf::Timestamp]
567
- # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} was updated.
701
+ # Output only. The time at which this
702
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} was updated.
568
703
  # @!attribute [rw] labels
569
704
  # @return [::Google::Protobuf::Map{::String => ::String}]
570
705
  # Optional. Labels with user-defined metadata.
@@ -572,13 +707,18 @@ module Google
572
707
  include ::Google::Protobuf::MessageExts
573
708
  extend ::Google::Protobuf::MessageExts::ClassMethods
574
709
 
575
- # Describes fields that are relavent to the revocation of a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}.
710
+ # Describes fields that are relavent to the revocation of a
711
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}.
576
712
  # @!attribute [rw] revocation_state
577
713
  # @return [::Google::Cloud::Security::PrivateCA::V1::RevocationReason]
578
- # Indicates why a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} was revoked.
714
+ # Indicates why a
715
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} was
716
+ # revoked.
579
717
  # @!attribute [rw] revocation_time
580
718
  # @return [::Google::Protobuf::Timestamp]
581
- # The time at which this {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} was revoked.
719
+ # The time at which this
720
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} was
721
+ # revoked.
582
722
  class RevocationDetails
583
723
  include ::Google::Protobuf::MessageExts
584
724
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -594,47 +734,64 @@ module Google
594
734
  end
595
735
  end
596
736
 
597
- # A {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate} refers to a managed template for certificate
598
- # issuance.
737
+ # A
738
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}
739
+ # refers to a managed template for certificate issuance.
599
740
  # @!attribute [r] name
600
741
  # @return [::String]
601
- # Output only. The resource name for this {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate} in the format
602
- # `projects/*/locations/*/certificateTemplates/*`.
742
+ # Output only. The resource name for this
743
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}
744
+ # in the format `projects/*/locations/*/certificateTemplates/*`.
603
745
  # @!attribute [rw] predefined_values
604
746
  # @return [::Google::Cloud::Security::PrivateCA::V1::X509Parameters]
605
- # Optional. A set of X.509 values that will be applied to all issued certificates that
606
- # use this template. If the certificate request includes conflicting values
607
- # for the same properties, they will be overwritten by the values defined
608
- # here. If the issuing {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy IssuancePolicy}
747
+ # Optional. A set of X.509 values that will be applied to all issued
748
+ # certificates that use this template. If the certificate request includes
749
+ # conflicting values for the same properties, they will be overwritten by the
750
+ # values defined here. If the issuing
751
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s
752
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy IssuancePolicy}
609
753
  # defines conflicting
610
- # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy#baseline_values baseline_values} for the same
611
- # properties, the certificate issuance request will fail.
754
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy#baseline_values baseline_values}
755
+ # for the same properties, the certificate issuance request will fail.
612
756
  # @!attribute [rw] identity_constraints
613
757
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateIdentityConstraints]
614
758
  # Optional. Describes constraints on identities that may be appear in
615
- # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} issued using this template. If this is omitted,
616
- # then this template will not add restrictions on a certificate's identity.
759
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates} issued using
760
+ # this template. If this is omitted, then this template will not add
761
+ # restrictions on a certificate's identity.
617
762
  # @!attribute [rw] passthrough_extensions
618
763
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints]
619
764
  # Optional. Describes the set of X.509 extensions that may appear in a
620
- # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued using this {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}. If a certificate
621
- # request sets extensions that don't appear in the
622
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate#passthrough_extensions passthrough_extensions}, those extensions will be dropped. If the
623
- # issuing {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy IssuancePolicy} defines
624
- # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy#baseline_values baseline_values} that don't appear
625
- # here, the certificate issuance request will fail. If this is omitted, then
626
- # this template will not add restrictions on a certificate's X.509
627
- # extensions. These constraints do not apply to X.509 extensions set in this
628
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}'s {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate#predefined_values predefined_values}.
765
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} issued using
766
+ # this
767
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}.
768
+ # If a certificate request sets extensions that don't appear in the
769
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate#passthrough_extensions passthrough_extensions},
770
+ # those extensions will be dropped. If the issuing
771
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s
772
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy IssuancePolicy}
773
+ # defines
774
+ # {::Google::Cloud::Security::PrivateCA::V1::CaPool::IssuancePolicy#baseline_values baseline_values}
775
+ # that don't appear here, the certificate issuance request will fail. If this
776
+ # is omitted, then this template will not add restrictions on a certificate's
777
+ # X.509 extensions. These constraints do not apply to X.509 extensions set in
778
+ # this
779
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}'s
780
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate#predefined_values predefined_values}.
629
781
  # @!attribute [rw] description
630
782
  # @return [::String]
631
- # Optional. A human-readable description of scenarios this template is intended for.
783
+ # Optional. A human-readable description of scenarios this template is
784
+ # intended for.
632
785
  # @!attribute [r] create_time
633
786
  # @return [::Google::Protobuf::Timestamp]
634
- # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate} was created.
787
+ # Output only. The time at which this
788
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}
789
+ # was created.
635
790
  # @!attribute [r] update_time
636
791
  # @return [::Google::Protobuf::Timestamp]
637
- # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate} was updated.
792
+ # Output only. The time at which this
793
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateTemplate CertificateTemplate}
794
+ # was updated.
638
795
  # @!attribute [rw] labels
639
796
  # @return [::Google::Protobuf::Map{::String => ::String}]
640
797
  # Optional. Labels with user-defined metadata.
@@ -652,25 +809,31 @@ module Google
652
809
  end
653
810
  end
654
811
 
655
- # An {::Google::Cloud::Security::PrivateCA::V1::X509Parameters X509Parameters} is used to describe certain fields of an
656
- # X.509 certificate, such as the key usage fields, fields specific to CA
657
- # certificates, certificate policy extensions and custom extensions.
812
+ # An {::Google::Cloud::Security::PrivateCA::V1::X509Parameters X509Parameters} is
813
+ # used to describe certain fields of an X.509 certificate, such as the key
814
+ # usage fields, fields specific to CA certificates, certificate policy
815
+ # extensions and custom extensions.
658
816
  # @!attribute [rw] key_usage
659
817
  # @return [::Google::Cloud::Security::PrivateCA::V1::KeyUsage]
660
- # Optional. Indicates the intended use for keys that correspond to a certificate.
818
+ # Optional. Indicates the intended use for keys that correspond to a
819
+ # certificate.
661
820
  # @!attribute [rw] ca_options
662
821
  # @return [::Google::Cloud::Security::PrivateCA::V1::X509Parameters::CaOptions]
663
- # Optional. Describes options in this {::Google::Cloud::Security::PrivateCA::V1::X509Parameters X509Parameters} that are relevant in a CA
664
- # certificate.
822
+ # Optional. Describes options in this
823
+ # {::Google::Cloud::Security::PrivateCA::V1::X509Parameters X509Parameters} that
824
+ # are relevant in a CA certificate.
665
825
  # @!attribute [rw] policy_ids
666
826
  # @return [::Array<::Google::Cloud::Security::PrivateCA::V1::ObjectId>]
667
827
  # Optional. Describes the X.509 certificate policy object identifiers, per
668
828
  # https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
669
829
  # @!attribute [rw] aia_ocsp_servers
670
830
  # @return [::Array<::String>]
671
- # Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
672
- # that appear in the "Authority Information Access" extension in the
673
- # certificate.
831
+ # Optional. Describes Online Certificate Status Protocol (OCSP) endpoint
832
+ # addresses that appear in the "Authority Information Access" extension in
833
+ # the certificate.
834
+ # @!attribute [rw] name_constraints
835
+ # @return [::Google::Cloud::Security::PrivateCA::V1::X509Parameters::NameConstraints]
836
+ # Optional. Describes the X.509 name constraints extension.
674
837
  # @!attribute [rw] additional_extensions
675
838
  # @return [::Array<::Google::Cloud::Security::PrivateCA::V1::X509Extension>]
676
839
  # Optional. Describes custom X.509 extensions.
@@ -681,8 +844,9 @@ module Google
681
844
  # Describes values that are relevant in a CA certificate.
682
845
  # @!attribute [rw] is_ca
683
846
  # @return [::Boolean]
684
- # Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
685
- # value is missing, the extension will be omitted from the CA certificate.
847
+ # Optional. Refers to the "CA" X.509 extension, which is a boolean value.
848
+ # When this value is missing, the extension will be omitted from the CA
849
+ # certificate.
686
850
  # @!attribute [rw] max_issuer_path_length
687
851
  # @return [::Integer]
688
852
  # Optional. Refers to the path length restriction X.509 extension. For a CA
@@ -695,20 +859,84 @@ module Google
695
859
  include ::Google::Protobuf::MessageExts
696
860
  extend ::Google::Protobuf::MessageExts::ClassMethods
697
861
  end
862
+
863
+ # Describes the X.509 name constraints extension, per
864
+ # https://tools.ietf.org/html/rfc5280#section-4.2.1.10
865
+ # @!attribute [rw] critical
866
+ # @return [::Boolean]
867
+ # Indicates whether or not the name constraints are marked critical.
868
+ # @!attribute [rw] permitted_dns_names
869
+ # @return [::Array<::String>]
870
+ # Contains permitted DNS names. Any DNS name that can be
871
+ # constructed by simply adding zero or more labels to
872
+ # the left-hand side of the name satisfies the name constraint.
873
+ # For example, `example.com`, `www.example.com`, `www.sub.example.com`
874
+ # would satisfy `example.com` while `example1.com` does not.
875
+ # @!attribute [rw] excluded_dns_names
876
+ # @return [::Array<::String>]
877
+ # Contains excluded DNS names. Any DNS name that can be
878
+ # constructed by simply adding zero or more labels to
879
+ # the left-hand side of the name satisfies the name constraint.
880
+ # For example, `example.com`, `www.example.com`, `www.sub.example.com`
881
+ # would satisfy `example.com` while `example1.com` does not.
882
+ # @!attribute [rw] permitted_ip_ranges
883
+ # @return [::Array<::String>]
884
+ # Contains the permitted IP ranges. For IPv4 addresses, the ranges
885
+ # are expressed using CIDR notation as specified in RFC 4632.
886
+ # For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
887
+ # addresses.
888
+ # @!attribute [rw] excluded_ip_ranges
889
+ # @return [::Array<::String>]
890
+ # Contains the excluded IP ranges. For IPv4 addresses, the ranges
891
+ # are expressed using CIDR notation as specified in RFC 4632.
892
+ # For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
893
+ # addresses.
894
+ # @!attribute [rw] permitted_email_addresses
895
+ # @return [::Array<::String>]
896
+ # Contains the permitted email addresses. The value can be a particular
897
+ # email address, a hostname to indicate all email addresses on that host or
898
+ # a domain with a leading period (e.g. `.example.com`) to indicate
899
+ # all email addresses in that domain.
900
+ # @!attribute [rw] excluded_email_addresses
901
+ # @return [::Array<::String>]
902
+ # Contains the excluded email addresses. The value can be a particular
903
+ # email address, a hostname to indicate all email addresses on that host or
904
+ # a domain with a leading period (e.g. `.example.com`) to indicate
905
+ # all email addresses in that domain.
906
+ # @!attribute [rw] permitted_uris
907
+ # @return [::Array<::String>]
908
+ # Contains the permitted URIs that apply to the host part of the name.
909
+ # The value can be a hostname or a domain with a
910
+ # leading period (like `.example.com`)
911
+ # @!attribute [rw] excluded_uris
912
+ # @return [::Array<::String>]
913
+ # Contains the excluded URIs that apply to the host part of the name.
914
+ # The value can be a hostname or a domain with a
915
+ # leading period (like `.example.com`)
916
+ class NameConstraints
917
+ include ::Google::Protobuf::MessageExts
918
+ extend ::Google::Protobuf::MessageExts::ClassMethods
919
+ end
698
920
  end
699
921
 
700
922
  # Describes a subordinate CA's issuers. This is either a resource name to a
701
- # known issuing {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, or a PEM issuer certificate chain.
923
+ # known issuing
924
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority},
925
+ # or a PEM issuer certificate chain.
702
926
  # @!attribute [rw] certificate_authority
703
927
  # @return [::String]
704
- # Required. This can refer to a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} that was used to create a
705
- # subordinate {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}. This field is used for information
706
- # and usability purposes only. The resource name is in the format
928
+ # Required. This can refer to a
929
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
930
+ # that was used to create a subordinate
931
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}.
932
+ # This field is used for information and usability purposes only. The
933
+ # resource name is in the format
707
934
  # `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
708
935
  # @!attribute [rw] pem_issuer_chain
709
936
  # @return [::Google::Cloud::Security::PrivateCA::V1::SubordinateConfig::SubordinateConfigChain]
710
937
  # Required. Contains the PEM certificate chain for the issuers of this
711
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, but not pem certificate for this CA itself.
938
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority},
939
+ # but not pem certificate for this CA itself.
712
940
  class SubordinateConfig
713
941
  include ::Google::Protobuf::MessageExts
714
942
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -724,7 +952,8 @@ module Google
724
952
  end
725
953
  end
726
954
 
727
- # A {::Google::Cloud::Security::PrivateCA::V1::PublicKey PublicKey} describes a public key.
955
+ # A {::Google::Cloud::Security::PrivateCA::V1::PublicKey PublicKey} describes a
956
+ # public key.
728
957
  # @!attribute [rw] key
729
958
  # @return [::String]
730
959
  # Required. A public key. The padding and encoding
@@ -759,21 +988,27 @@ module Google
759
988
  end
760
989
  end
761
990
 
762
- # A {::Google::Cloud::Security::PrivateCA::V1::CertificateConfig CertificateConfig} describes an X.509 certificate or CSR that is to be
763
- # created, as an alternative to using ASN.1.
991
+ # A {::Google::Cloud::Security::PrivateCA::V1::CertificateConfig CertificateConfig}
992
+ # describes an X.509 certificate or CSR that is to be created, as an
993
+ # alternative to using ASN.1.
764
994
  # @!attribute [rw] subject_config
765
995
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateConfig::SubjectConfig]
766
- # Required. Specifies some of the values in a certificate that are related to the
767
- # subject.
996
+ # Required. Specifies some of the values in a certificate that are related to
997
+ # the subject.
768
998
  # @!attribute [rw] x509_config
769
999
  # @return [::Google::Cloud::Security::PrivateCA::V1::X509Parameters]
770
- # Required. Describes how some of the technical X.509 fields in a certificate should be
771
- # populated.
1000
+ # Required. Describes how some of the technical X.509 fields in a certificate
1001
+ # should be populated.
772
1002
  # @!attribute [rw] public_key
773
1003
  # @return [::Google::Cloud::Security::PrivateCA::V1::PublicKey]
774
- # Optional. The public key that corresponds to this config. This is, for example, used
775
- # when issuing {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}, but not when creating a
776
- # self-signed {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} or {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} CSR.
1004
+ # Optional. The public key that corresponds to this config. This is, for
1005
+ # example, used when issuing
1006
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificates}, but not
1007
+ # when creating a self-signed
1008
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
1009
+ # or
1010
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
1011
+ # CSR.
777
1012
  class CertificateConfig
778
1013
  include ::Google::Protobuf::MessageExts
779
1014
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -782,8 +1017,8 @@ module Google
782
1017
  # alternative name fields in an X.509 certificate.
783
1018
  # @!attribute [rw] subject
784
1019
  # @return [::Google::Cloud::Security::PrivateCA::V1::Subject]
785
- # Required. Contains distinguished name fields such as the common name, location and
786
- # organization.
1020
+ # Required. Contains distinguished name fields such as the common name,
1021
+ # location and organization.
787
1022
  # @!attribute [rw] subject_alt_name
788
1023
  # @return [::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames]
789
1024
  # Optional. The subject alternative name fields.
@@ -793,8 +1028,10 @@ module Google
793
1028
  end
794
1029
  end
795
1030
 
796
- # A {::Google::Cloud::Security::PrivateCA::V1::CertificateDescription CertificateDescription} describes an X.509 certificate or CSR that has
797
- # been issued, as an alternative to using ASN.1 / X.509.
1031
+ # A
1032
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateDescription CertificateDescription}
1033
+ # describes an X.509 certificate or CSR that has been issued, as an alternative
1034
+ # to using ASN.1 / X.509.
798
1035
  # @!attribute [rw] subject_description
799
1036
  # @return [::Google::Cloud::Security::PrivateCA::V1::CertificateDescription::SubjectDescription]
800
1037
  # Describes some of the values in a certificate that are related to the
@@ -862,8 +1099,8 @@ module Google
862
1099
  # key.
863
1100
  # @!attribute [rw] key_id
864
1101
  # @return [::String]
865
- # Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
866
- # likely the 160 bit SHA-1 hash of the public key.
1102
+ # Optional. The value of this KeyId encoded in lowercase hexadecimal. This
1103
+ # is most likely the 160 bit SHA-1 hash of the public key.
867
1104
  class KeyId
868
1105
  include ::Google::Protobuf::MessageExts
869
1106
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -879,27 +1116,29 @@ module Google
879
1116
  end
880
1117
  end
881
1118
 
882
- # An {::Google::Cloud::Security::PrivateCA::V1::ObjectId ObjectId} specifies an object identifier (OID). These provide context
883
- # and describe types in ASN.1 messages.
1119
+ # An {::Google::Cloud::Security::PrivateCA::V1::ObjectId ObjectId} specifies an
1120
+ # object identifier (OID). These provide context and describe types in ASN.1
1121
+ # messages.
884
1122
  # @!attribute [rw] object_id_path
885
1123
  # @return [::Array<::Integer>]
886
- # Required. The parts of an OID path. The most significant parts of the path come
887
- # first.
1124
+ # Required. The parts of an OID path. The most significant parts of the path
1125
+ # come first.
888
1126
  class ObjectId
889
1127
  include ::Google::Protobuf::MessageExts
890
1128
  extend ::Google::Protobuf::MessageExts::ClassMethods
891
1129
  end
892
1130
 
893
- # An {::Google::Cloud::Security::PrivateCA::V1::X509Extension X509Extension} specifies an X.509 extension, which may be used in
894
- # different parts of X.509 objects like certificates, CSRs, and CRLs.
1131
+ # An {::Google::Cloud::Security::PrivateCA::V1::X509Extension X509Extension}
1132
+ # specifies an X.509 extension, which may be used in different parts of X.509
1133
+ # objects like certificates, CSRs, and CRLs.
895
1134
  # @!attribute [rw] object_id
896
1135
  # @return [::Google::Cloud::Security::PrivateCA::V1::ObjectId]
897
1136
  # Required. The OID for this X.509 extension.
898
1137
  # @!attribute [rw] critical
899
1138
  # @return [::Boolean]
900
- # Optional. Indicates whether or not this extension is critical (i.e., if the client
901
- # does not know how to handle this extension, the client should consider this
902
- # to be an error).
1139
+ # Optional. Indicates whether or not this extension is critical (i.e., if the
1140
+ # client does not know how to handle this extension, the client should
1141
+ # consider this to be an error).
903
1142
  # @!attribute [rw] value
904
1143
  # @return [::String]
905
1144
  # Required. The value of this X.509 extension.
@@ -908,8 +1147,8 @@ module Google
908
1147
  extend ::Google::Protobuf::MessageExts::ClassMethods
909
1148
  end
910
1149
 
911
- # A {::Google::Cloud::Security::PrivateCA::V1::KeyUsage KeyUsage} describes key usage values that may appear in an X.509
912
- # certificate.
1150
+ # A {::Google::Cloud::Security::PrivateCA::V1::KeyUsage KeyUsage} describes key usage
1151
+ # values that may appear in an X.509 certificate.
913
1152
  # @!attribute [rw] base_key_usage
914
1153
  # @return [::Google::Cloud::Security::PrivateCA::V1::KeyUsage::KeyUsageOptions]
915
1154
  # Describes high-level ways in which a key may be used.
@@ -919,13 +1158,15 @@ module Google
919
1158
  # @!attribute [rw] unknown_extended_key_usages
920
1159
  # @return [::Array<::Google::Cloud::Security::PrivateCA::V1::ObjectId>]
921
1160
  # Used to describe extended key usages that are not listed in the
922
- # {::Google::Cloud::Security::PrivateCA::V1::KeyUsage::ExtendedKeyUsageOptions KeyUsage.ExtendedKeyUsageOptions} message.
1161
+ # {::Google::Cloud::Security::PrivateCA::V1::KeyUsage::ExtendedKeyUsageOptions KeyUsage.ExtendedKeyUsageOptions}
1162
+ # message.
923
1163
  class KeyUsage
924
1164
  include ::Google::Protobuf::MessageExts
925
1165
  extend ::Google::Protobuf::MessageExts::ClassMethods
926
1166
 
927
- # {::Google::Cloud::Security::PrivateCA::V1::KeyUsage::KeyUsageOptions KeyUsage.KeyUsageOptions} corresponds to the key usage values
928
- # described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
1167
+ # {::Google::Cloud::Security::PrivateCA::V1::KeyUsage::KeyUsageOptions KeyUsage.KeyUsageOptions}
1168
+ # corresponds to the key usage values described in
1169
+ # https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
929
1170
  # @!attribute [rw] digital_signature
930
1171
  # @return [::Boolean]
931
1172
  # The key may be used for digital signatures.
@@ -959,8 +1200,9 @@ module Google
959
1200
  extend ::Google::Protobuf::MessageExts::ClassMethods
960
1201
  end
961
1202
 
962
- # {::Google::Cloud::Security::PrivateCA::V1::KeyUsage::ExtendedKeyUsageOptions KeyUsage.ExtendedKeyUsageOptions} has fields that correspond to
963
- # certain common OIDs that could be specified as an extended key usage value.
1203
+ # {::Google::Cloud::Security::PrivateCA::V1::KeyUsage::ExtendedKeyUsageOptions KeyUsage.ExtendedKeyUsageOptions}
1204
+ # has fields that correspond to certain common OIDs that could be specified
1205
+ # as an extended key usage value.
964
1206
  # @!attribute [rw] server_auth
965
1207
  # @return [::Boolean]
966
1208
  # Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
@@ -991,8 +1233,8 @@ module Google
991
1233
  end
992
1234
  end
993
1235
 
994
- # {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} describes parts of a distinguished name that, in turn,
995
- # describes the subject of the certificate.
1236
+ # {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} describes parts of a
1237
+ # distinguished name that, in turn, describes the subject of the certificate.
996
1238
  # @!attribute [rw] common_name
997
1239
  # @return [::String]
998
1240
  # The "common name" of the subject.
@@ -1022,9 +1264,10 @@ module Google
1022
1264
  extend ::Google::Protobuf::MessageExts::ClassMethods
1023
1265
  end
1024
1266
 
1025
- # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} corresponds to a more modern way of listing what
1026
- # the asserted identity is in a certificate (i.e., compared to the "common
1027
- # name" in the distinguished name).
1267
+ # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames}
1268
+ # corresponds to a more modern way of listing what the asserted identity is in
1269
+ # a certificate (i.e., compared to the "common name" in the distinguished
1270
+ # name).
1028
1271
  # @!attribute [rw] dns_names
1029
1272
  # @return [::Array<::String>]
1030
1273
  # Contains only valid, fully-qualified host names.
@@ -1047,24 +1290,31 @@ module Google
1047
1290
  extend ::Google::Protobuf::MessageExts::ClassMethods
1048
1291
  end
1049
1292
 
1050
- # Describes constraints on a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}'s {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} and
1293
+ # Describes constraints on a
1294
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}'s
1295
+ # {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} and
1051
1296
  # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames}.
1052
1297
  # @!attribute [rw] cel_expression
1053
1298
  # @return [::Google::Type::Expr]
1054
- # Optional. A CEL expression that may be used to validate the resolved X.509 Subject
1055
- # and/or Subject Alternative Name before a certificate is signed.
1056
- # To see the full allowed syntax and some examples, see
1299
+ # Optional. A CEL expression that may be used to validate the resolved X.509
1300
+ # Subject and/or Subject Alternative Name before a certificate is signed. To
1301
+ # see the full allowed syntax and some examples, see
1057
1302
  # https://cloud.google.com/certificate-authority-service/docs/using-cel
1058
1303
  # @!attribute [rw] allow_subject_passthrough
1059
1304
  # @return [::Boolean]
1060
- # Required. If this is true, the {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} field may be copied from a certificate
1061
- # request into the signed certificate. Otherwise, the requested {::Google::Cloud::Security::PrivateCA::V1::Subject Subject}
1062
- # will be discarded.
1305
+ # Required. If this is true, the
1306
+ # {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} field may be copied
1307
+ # from a certificate request into the signed certificate. Otherwise, the
1308
+ # requested {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} will be
1309
+ # discarded.
1063
1310
  # @!attribute [rw] allow_subject_alt_names_passthrough
1064
1311
  # @return [::Boolean]
1065
- # Required. If this is true, the {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} extension may be copied from a
1066
- # certificate request into the signed certificate. Otherwise, the requested
1067
- # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} will be discarded.
1312
+ # Required. If this is true, the
1313
+ # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames}
1314
+ # extension may be copied from a certificate request into the signed
1315
+ # certificate. Otherwise, the requested
1316
+ # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} will
1317
+ # be discarded.
1068
1318
  class CertificateIdentityConstraints
1069
1319
  include ::Google::Protobuf::MessageExts
1070
1320
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1075,111 +1325,147 @@ module Google
1075
1325
  # @!attribute [rw] known_extensions
1076
1326
  # @return [::Array<::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints::KnownCertificateExtension>]
1077
1327
  # Optional. A set of named X.509 extensions. Will be combined with
1078
- # {::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints#additional_extensions additional_extensions} to determine the full set of X.509 extensions.
1328
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints#additional_extensions additional_extensions}
1329
+ # to determine the full set of X.509 extensions.
1079
1330
  # @!attribute [rw] additional_extensions
1080
1331
  # @return [::Array<::Google::Cloud::Security::PrivateCA::V1::ObjectId>]
1081
- # Optional. A set of {::Google::Cloud::Security::PrivateCA::V1::ObjectId ObjectIds} identifying custom X.509 extensions.
1082
- # Will be combined with {::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints#known_extensions known_extensions} to determine the full set of
1083
- # X.509 extensions.
1332
+ # Optional. A set of {::Google::Cloud::Security::PrivateCA::V1::ObjectId ObjectIds}
1333
+ # identifying custom X.509 extensions. Will be combined with
1334
+ # {::Google::Cloud::Security::PrivateCA::V1::CertificateExtensionConstraints#known_extensions known_extensions}
1335
+ # to determine the full set of X.509 extensions.
1084
1336
  class CertificateExtensionConstraints
1085
1337
  include ::Google::Protobuf::MessageExts
1086
1338
  extend ::Google::Protobuf::MessageExts::ClassMethods
1087
1339
 
1088
- # Describes well-known X.509 extensions that can appear in a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate},
1089
- # not including the {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} extension.
1340
+ # Describes well-known X.509 extensions that can appear in a
1341
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}, not
1342
+ # including the
1343
+ # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames}
1344
+ # extension.
1090
1345
  module KnownCertificateExtension
1091
1346
  # Not specified.
1092
1347
  KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED = 0
1093
1348
 
1094
1349
  # Refers to a certificate's Key Usage extension, as described in [RFC 5280
1095
1350
  # section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
1096
- # This corresponds to the {::Google::Cloud::Security::PrivateCA::V1::KeyUsage#base_key_usage KeyUsage.base_key_usage} field.
1351
+ # This corresponds to the
1352
+ # {::Google::Cloud::Security::PrivateCA::V1::KeyUsage#base_key_usage KeyUsage.base_key_usage}
1353
+ # field.
1097
1354
  BASE_KEY_USAGE = 1
1098
1355
 
1099
1356
  # Refers to a certificate's Extended Key Usage extension, as described in
1100
1357
  # [RFC 5280
1101
1358
  # section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
1102
- # This corresponds to the {::Google::Cloud::Security::PrivateCA::V1::KeyUsage#extended_key_usage KeyUsage.extended_key_usage} message.
1359
+ # This corresponds to the
1360
+ # {::Google::Cloud::Security::PrivateCA::V1::KeyUsage#extended_key_usage KeyUsage.extended_key_usage}
1361
+ # message.
1103
1362
  EXTENDED_KEY_USAGE = 2
1104
1363
 
1105
1364
  # Refers to a certificate's Basic Constraints extension, as described in
1106
1365
  # [RFC 5280
1107
1366
  # section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
1108
- # This corresponds to the {::Google::Cloud::Security::PrivateCA::V1::X509Parameters#ca_options X509Parameters.ca_options} field.
1367
+ # This corresponds to the
1368
+ # {::Google::Cloud::Security::PrivateCA::V1::X509Parameters#ca_options X509Parameters.ca_options}
1369
+ # field.
1109
1370
  CA_OPTIONS = 3
1110
1371
 
1111
1372
  # Refers to a certificate's Policy object identifiers, as described in
1112
1373
  # [RFC 5280
1113
1374
  # section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
1114
- # This corresponds to the {::Google::Cloud::Security::PrivateCA::V1::X509Parameters#policy_ids X509Parameters.policy_ids} field.
1375
+ # This corresponds to the
1376
+ # {::Google::Cloud::Security::PrivateCA::V1::X509Parameters#policy_ids X509Parameters.policy_ids}
1377
+ # field.
1115
1378
  POLICY_IDS = 4
1116
1379
 
1117
1380
  # Refers to OCSP servers in a certificate's Authority Information Access
1118
1381
  # extension, as described in
1119
1382
  # [RFC 5280
1120
1383
  # section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
1121
- # This corresponds to the {::Google::Cloud::Security::PrivateCA::V1::X509Parameters#aia_ocsp_servers X509Parameters.aia_ocsp_servers} field.
1384
+ # This corresponds to the
1385
+ # {::Google::Cloud::Security::PrivateCA::V1::X509Parameters#aia_ocsp_servers X509Parameters.aia_ocsp_servers}
1386
+ # field.
1122
1387
  AIA_OCSP_SERVERS = 5
1388
+
1389
+ # Refers to Name Constraints extension as described in
1390
+ # [RFC 5280
1391
+ # section 4.2.1.10](https://tools.ietf.org/html/rfc5280#section-4.2.1.10)
1392
+ NAME_CONSTRAINTS = 6
1123
1393
  end
1124
1394
  end
1125
1395
 
1126
- # A {::Google::Cloud::Security::PrivateCA::V1::RevocationReason RevocationReason} indicates whether a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} has been revoked,
1127
- # and the reason for revocation. These correspond to standard revocation
1128
- # reasons from RFC 5280. Note that the enum labels and values in this
1129
- # definition are not the same ASN.1 values defined in RFC 5280. These values
1130
- # will be translated to the correct ASN.1 values when a CRL is created.
1396
+ # A {::Google::Cloud::Security::PrivateCA::V1::RevocationReason RevocationReason}
1397
+ # indicates whether a
1398
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} has been
1399
+ # revoked, and the reason for revocation. These correspond to standard
1400
+ # revocation reasons from RFC 5280. Note that the enum labels and values in
1401
+ # this definition are not the same ASN.1 values defined in RFC 5280. These
1402
+ # values will be translated to the correct ASN.1 values when a CRL is created.
1131
1403
  module RevocationReason
1132
- # Default unspecified value. This value does indicate that a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}
1133
- # has been revoked, but that a reason has not been recorded.
1404
+ # Default unspecified value. This value does indicate that a
1405
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} has been
1406
+ # revoked, but that a reason has not been recorded.
1134
1407
  REVOCATION_REASON_UNSPECIFIED = 0
1135
1408
 
1136
- # Key material for this {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} may have leaked.
1409
+ # Key material for this
1410
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} may have
1411
+ # leaked.
1137
1412
  KEY_COMPROMISE = 1
1138
1413
 
1139
1414
  # The key material for a certificate authority in the issuing path may have
1140
1415
  # leaked.
1141
1416
  CERTIFICATE_AUTHORITY_COMPROMISE = 2
1142
1417
 
1143
- # The subject or other attributes in this {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} have changed.
1418
+ # The subject or other attributes in this
1419
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} have changed.
1144
1420
  AFFILIATION_CHANGED = 3
1145
1421
 
1146
- # This {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} has been superseded.
1422
+ # This {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} has been
1423
+ # superseded.
1147
1424
  SUPERSEDED = 4
1148
1425
 
1149
- # This {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} or entities in the issuing path have ceased to
1150
- # operate.
1426
+ # This {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} or
1427
+ # entities in the issuing path have ceased to operate.
1151
1428
  CESSATION_OF_OPERATION = 5
1152
1429
 
1153
- # This {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} should not be considered valid, it is expected that it
1154
- # may become valid in the future.
1430
+ # This {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} should
1431
+ # not be considered valid, it is expected that it may become valid in the
1432
+ # future.
1155
1433
  CERTIFICATE_HOLD = 6
1156
1434
 
1157
- # This {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} no longer has permission to assert the listed
1158
- # attributes.
1435
+ # This {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} no
1436
+ # longer has permission to assert the listed attributes.
1159
1437
  PRIVILEGE_WITHDRAWN = 7
1160
1438
 
1161
- # The authority which determines appropriate attributes for a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}
1162
- # may have been compromised.
1439
+ # The authority which determines appropriate attributes for a
1440
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate} may have been
1441
+ # compromised.
1163
1442
  ATTRIBUTE_AUTHORITY_COMPROMISE = 8
1164
1443
  end
1165
1444
 
1166
- # Describes the way in which a {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}'s {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} and/or
1167
- # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} will be resolved.
1445
+ # Describes the way in which a
1446
+ # {::Google::Cloud::Security::PrivateCA::V1::Certificate Certificate}'s
1447
+ # {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} and/or
1448
+ # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} will be
1449
+ # resolved.
1168
1450
  module SubjectRequestMode
1169
1451
  # Not specified.
1170
1452
  SUBJECT_REQUEST_MODE_UNSPECIFIED = 0
1171
1453
 
1172
1454
  # The default mode used in most cases. Indicates that the certificate's
1173
- # {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} and/or {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} are specified in the certificate
1174
- # request. This mode requires the caller to have the
1175
- # `privateca.certificates.create` permission.
1455
+ # {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} and/or
1456
+ # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} are
1457
+ # specified in the certificate request. This mode requires the caller to have
1458
+ # the `privateca.certificates.create` permission.
1176
1459
  DEFAULT = 1
1177
1460
 
1178
1461
  # A mode reserved for special cases. Indicates that the certificate should
1179
- # have one or more SPIFFE {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} set by the service based
1180
- # on the caller's identity. This mode will ignore any explicitly specified
1181
- # {::Google::Cloud::Security::PrivateCA::V1::Subject Subject} and/or {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} in the certificate request.
1182
- # This mode requires the caller to have the
1462
+ # have one or more SPIFFE
1463
+ # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} set
1464
+ # by the service based on the caller's identity. This mode will ignore any
1465
+ # explicitly specified {::Google::Cloud::Security::PrivateCA::V1::Subject Subject}
1466
+ # and/or
1467
+ # {::Google::Cloud::Security::PrivateCA::V1::SubjectAltNames SubjectAltNames} in
1468
+ # the certificate request. This mode requires the caller to have the
1183
1469
  # `privateca.certificates.createForSelf` permission.
1184
1470
  REFLECTED_SPIFFE = 2
1185
1471
  end