Module google_privateca1_beta1::api [−][src]
Structs
URLs where a CertificateAuthority will publish content.
Request message for CertificateAuthorityService.ActivateCertificateAuthority.
There is no detailed description.
AllowedSubjectAltNames specifies the allowed values for SubjectAltNames by the CertificateAuthority when issuing Certificates.
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { “audit_configs”: [ { “service”: “allServices”, “audit_log_configs”: [ { “log_type”: “DATA_READ”, “exempted_members”: [ “user:jose@example.com” ] }, { “log_type”: “DATA_WRITE” }, { “log_type”: “ADMIN_READ” } ] }, { “service”: “sampleservice.googleapis.com”, “audit_log_configs”: [ { “log_type”: “DATA_READ” }, { “log_type”: “DATA_WRITE”, “exempted_members”: [ “user:aliya@example.com” ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
Provides the configuration for logging a type of permissions. Example: { “audit_log_configs”: [ { “log_type”: “DATA_READ”, “exempted_members”: [ “user:jose@example.com” ] }, { “log_type”: “DATA_WRITE” } ] } This enables ‘DATA_READ’ and ‘DATA_WRITE’ logging, while exempting jose@example.com from DATA_READ logging.
Associates members with a role.
Describes values that are relevant in a CA certificate.
The request message for Operations.CancelOperation.
A Certificate corresponds to a signed X.509 certificate issued by a CertificateAuthority.
A CertificateAuthority represents an individual Certificate Authority. A CertificateAuthority can be used to create Certificates.
The issuing policy for a CertificateAuthority. Certificates will not be successfully issued from this CertificateAuthority if they violate the policy.
Central instance to access all CertificateAuthorityService related resource activities
A CertificateConfig describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.
A CertificateDescription describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.
A group of fingerprints for the x509 certificate.
A CertificateRevocationList corresponds to a signed X.509 certificate Revocation List (CRL). A CRL contains the serial numbers of certificates that should no longer be trusted.
Request message for CertificateAuthorityService.DisableCertificateAuthority.
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}.
Request message for CertificateAuthorityService.EnableCertificateAuthority.
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: “Summary size limit” description: “Determines if a summary is less than 100 chars” expression: “document.summary.size() < 100” Example (Equality): title: “Requestor is owner” description: “Determines if requestor is the document owner” expression: “document.owner == request.auth.claims.email” Example (Logic): title: “Public documents” description: “Determine whether the document should be publicly visible” expression: “document.type != ‘private’ && document.type != ‘internal’” Example (Data Manipulation): title: “Notification string” description: “Create a notification string with a timestamp.” expression: “’New message received at ’ + string(document.create_time)” The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
KeyUsage.ExtendedKeyUsageOptions has fields that correspond to certain common OIDs that could be specified as an extended key usage value.
Response message for CertificateAuthorityService.FetchCertificateAuthorityCsr.
IssuanceModes specifies the allowed ways in which Certificates may be requested from this CertificateAuthority.
Options that affect all certificates issued by a CertificateAuthority.
A KeyId identifies a specific public key, usually by hashing the public key.
A KeyUsage describes key usage values that may appear in an X.509 certificate.
KeyUsage.KeyUsageOptions corresponds to the key usage values described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
A Cloud KMS key configuration that a CertificateAuthority will use.
Response message for CertificateAuthorityService.ListCertificateAuthorities.
Response message for CertificateAuthorityService.ListCertificateRevocationLists.
Response message for CertificateAuthorityService.ListCertificates.
The response message for Locations.ListLocations.
The response message for Operations.ListOperations.
Response message for CertificateAuthorityService.ListReusableConfigs.
A resource that represents Google Cloud Platform location.
An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
This resource represents a long-running operation that is the result of a network API call.
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation. JSON example: { “bindings”: [ { “role”: “roles/resourcemanager.organizationAdmin”, “members”: [ “user:mike@example.com”, “group:admins@example.com”, “domain:google.com”, “serviceAccount:my-project-id@appspot.gserviceaccount.com” ] }, { “role”: “roles/resourcemanager.organizationViewer”, “members”: [ “user:eve@example.com” ], “condition”: { “title”: “expirable access”, “description”: “Does not grant access after Sep 2020”, “expression”: “request.time < timestamp(‘2020-10-01T00:00:00.000Z’)”, } } ], “etag”: “BwWWja0YfJA=”, “version”: 3 } YAML example: bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp(‘2020-10-01T00:00:00.000Z’) - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the IAM documentation.
Activate a CertificateAuthority that is in state PENDING_ACTIVATION and is of type SUBORDINATE. After the parent Certificate Authority signs a certificate signing request from FetchCertificateAuthorityCsr, this method can complete the activation process.
Create a new Certificate in a given Project, Location from a particular CertificateAuthority.
Returns a Certificate.
Lists Certificates.
Update a Certificate. Currently, the only field you can update is the labels field.
Returns a CertificateRevocationList.
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Lists CertificateRevocationLists.
Update a CertificateRevocationList.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may “fail open” without warning.
Revoke a Certificate.
Create a new CertificateAuthority in a given Project and Location.
Disable a CertificateAuthority.
Enable a CertificateAuthority.
Fetch a certificate signing request (CSR) from a CertificateAuthority that is in state PENDING_ACTIVATION and is of type SUBORDINATE. The CSR must then be signed by the desired parent Certificate Authority, which could be another CertificateAuthority resource, or could be an on-prem certificate authority. See also ActivateCertificateAuthority.
Returns a CertificateAuthority.
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Lists CertificateAuthorities.
Update a CertificateAuthority.
Restore a CertificateAuthority that is scheduled for deletion.
Schedule a CertificateAuthority for deletion.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may “fail open” without warning.
Gets information about a location.
Lists information about the supported locations for this service.
Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn’t support this method, it returns google.rpc.Code.UNIMPLEMENTED. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED.
Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn’t support this method, it returns google.rpc.Code.UNIMPLEMENTED.
Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
Lists operations that match the specified filter in the request. If the server doesn’t support this method, it returns UNIMPLEMENTED. NOTE: the name binding allows API services to override the binding to use different resource name schemes, such as users/*/operations. To override the binding, API services can add a binding such as "/v1/{name=users/*}/operations" to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.
Returns a ReusableConfig.
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Lists ReusableConfigs.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may “fail open” without warning.
A builder providing access to all methods supported on project resources.
It is not used directly, but through the CertificateAuthorityService hub.
A PublicKey describes a public key.
Request message for CertificateAuthorityService.RestoreCertificateAuthority.
A ReusableConfig refers to a managed ReusableConfigValues. Those, in turn, are used to describe certain fields of an X.509 certificate, such as the key usage fields, fields specific to CA certificates, certificate policy extensions and custom extensions.
A ReusableConfigValues is used to describe certain fields of an X.509 certificate, such as the key usage fields, fields specific to CA certificates, certificate policy extensions and custom extensions.
A ReusableConfigWrapper describes values that may assist in creating an X.509 certificate, or a reference to a pre-defined set of values.
Describes fields that are relavent to the revocation of a Certificate.
Request message for CertificateAuthorityService.RevokeCertificate.
Describes a revoked Certificate.
Request message for CertificateAuthorityService.ScheduleDeleteCertificateAuthority.
Request message for SetIamPolicy method.
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
Subject describes parts of a distinguished name that, in turn, describes the subject of the certificate.
SubjectAltNames corresponds to a more modern way of listing what the asserted identity is in a certificate (i.e., compared to the “common name” in the distinguished name).
These values are used to create the distinguished name and subject alternative name fields in an X.509 certificate.
These values describe fields in an issued X.509 certificate such as the distinguished name, subject alternative names, serial number, and lifetime.
Describes a subordinate CA’s issuers. This is either a resource path to a known issuing CertificateAuthority, or a PEM issuer certificate chain.
This message describes a subordinate CA’s issuer certificate chain. This wrapper exists for compatibility reasons.
Request message for TestIamPermissions method.
Response message for TestIamPermissions method.
An X509Extension specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.
Enums
Identifies the an OAuth2 authorization scope. A scope is needed when requesting an authorization token.