privateca

package
v0.0.0-...-cafcfb6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 14, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	RevocationReason_name = map[int32]string{
		0: "REVOCATION_REASON_UNSPECIFIED",
		1: "KEY_COMPROMISE",
		2: "CERTIFICATE_AUTHORITY_COMPROMISE",
		3: "AFFILIATION_CHANGED",
		4: "SUPERSEDED",
		5: "CESSATION_OF_OPERATION",
		6: "CERTIFICATE_HOLD",
		7: "PRIVILEGE_WITHDRAWN",
		8: "ATTRIBUTE_AUTHORITY_COMPROMISE",
	}
	RevocationReason_value = map[string]int32{
		"REVOCATION_REASON_UNSPECIFIED":    0,
		"KEY_COMPROMISE":                   1,
		"CERTIFICATE_AUTHORITY_COMPROMISE": 2,
		"AFFILIATION_CHANGED":              3,
		"SUPERSEDED":                       4,
		"CESSATION_OF_OPERATION":           5,
		"CERTIFICATE_HOLD":                 6,
		"PRIVILEGE_WITHDRAWN":              7,
		"ATTRIBUTE_AUTHORITY_COMPROMISE":   8,
	}
)

Enum value maps for RevocationReason.

View Source 
var (
	SubjectRequestMode_name = map[int32]string{
		0: "SUBJECT_REQUEST_MODE_UNSPECIFIED",
		1: "DEFAULT",
		2: "REFLECTED_SPIFFE",
	}
	SubjectRequestMode_value = map[string]int32{
		"SUBJECT_REQUEST_MODE_UNSPECIFIED": 0,
		"DEFAULT":                          1,
		"REFLECTED_SPIFFE":                 2,
	}
)

Enum value maps for SubjectRequestMode.

View Source 
var (
	CertificateAuthority_Type_name = map[int32]string{
		0: "TYPE_UNSPECIFIED",
		1: "SELF_SIGNED",
		2: "SUBORDINATE",
	}
	CertificateAuthority_Type_value = map[string]int32{
		"TYPE_UNSPECIFIED": 0,
		"SELF_SIGNED":      1,
		"SUBORDINATE":      2,
	}
)

Enum value maps for CertificateAuthority_Type.

View Source 
var (
	CertificateAuthority_State_name = map[int32]string{
		0: "STATE_UNSPECIFIED",
		1: "ENABLED",
		2: "DISABLED",
		3: "STAGED",
		4: "AWAITING_USER_ACTIVATION",
		5: "DELETED",
	}
	CertificateAuthority_State_value = map[string]int32{
		"STATE_UNSPECIFIED":        0,
		"ENABLED":                  1,
		"DISABLED":                 2,
		"STAGED":                   3,
		"AWAITING_USER_ACTIVATION": 4,
		"DELETED":                  5,
	}
)

Enum value maps for CertificateAuthority_State.

View Source 
var (
	CertificateAuthority_SignHashAlgorithm_name = map[int32]string{
		0: "SIGN_HASH_ALGORITHM_UNSPECIFIED",
		1: "RSA_PSS_2048_SHA256",
		2: "RSA_PSS_3072_SHA256",
		3: "RSA_PSS_4096_SHA256",
		6: "RSA_PKCS1_2048_SHA256",
		7: "RSA_PKCS1_3072_SHA256",
		8: "RSA_PKCS1_4096_SHA256",
		4: "EC_P256_SHA256",
		5: "EC_P384_SHA384",
	}
	CertificateAuthority_SignHashAlgorithm_value = map[string]int32{
		"SIGN_HASH_ALGORITHM_UNSPECIFIED": 0,
		"RSA_PSS_2048_SHA256":             1,
		"RSA_PSS_3072_SHA256":             2,
		"RSA_PSS_4096_SHA256":             3,
		"RSA_PKCS1_2048_SHA256":           6,
		"RSA_PKCS1_3072_SHA256":           7,
		"RSA_PKCS1_4096_SHA256":           8,
		"EC_P256_SHA256":                  4,
		"EC_P384_SHA384":                  5,
	}
)

Enum value maps for CertificateAuthority_SignHashAlgorithm.

View Source 
var (
	CaPool_Tier_name = map[int32]string{
		0: "TIER_UNSPECIFIED",
		1: "ENTERPRISE",
		2: "DEVOPS",
	}
	CaPool_Tier_value = map[string]int32{
		"TIER_UNSPECIFIED": 0,
		"ENTERPRISE":       1,
		"DEVOPS":           2,
	}
)

Enum value maps for CaPool_Tier.

View Source 
var (
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_name = map[int32]string{
		0: "EC_SIGNATURE_ALGORITHM_UNSPECIFIED",
		1: "ECDSA_P256",
		2: "ECDSA_P384",
		3: "EDDSA_25519",
	}
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_value = map[string]int32{
		"EC_SIGNATURE_ALGORITHM_UNSPECIFIED": 0,
		"ECDSA_P256":                         1,
		"ECDSA_P384":                         2,
		"EDDSA_25519":                        3,
	}
)

Enum value maps for CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm.

View Source 
var (
	CertificateRevocationList_State_name = map[int32]string{
		0: "STATE_UNSPECIFIED",
		1: "ACTIVE",
		2: "SUPERSEDED",
	}
	CertificateRevocationList_State_value = map[string]int32{
		"STATE_UNSPECIFIED": 0,
		"ACTIVE":            1,
		"SUPERSEDED":        2,
	}
)

Enum value maps for CertificateRevocationList_State.

View Source 
var (
	PublicKey_KeyFormat_name = map[int32]string{
		0: "KEY_FORMAT_UNSPECIFIED",
		1: "PEM",
	}
	PublicKey_KeyFormat_value = map[string]int32{
		"KEY_FORMAT_UNSPECIFIED": 0,
		"PEM":                    1,
	}
)

Enum value maps for PublicKey_KeyFormat.

View Source 
var (
	CertificateExtensionConstraints_KnownCertificateExtension_name = map[int32]string{
		0: "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED",
		1: "BASE_KEY_USAGE",
		2: "EXTENDED_KEY_USAGE",
		3: "CA_OPTIONS",
		4: "POLICY_IDS",
		5: "AIA_OCSP_SERVERS",
	}
	CertificateExtensionConstraints_KnownCertificateExtension_value = map[string]int32{
		"KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED": 0,
		"BASE_KEY_USAGE":     1,
		"EXTENDED_KEY_USAGE": 2,
		"CA_OPTIONS":         3,
		"POLICY_IDS":         4,
		"AIA_OCSP_SERVERS":   5,
	}
)

Enum value maps for CertificateExtensionConstraints_KnownCertificateExtension.

View Source 
var CertificateAuthorityService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "google.cloud.security.privateca.v1.CertificateAuthorityService",
	HandlerType: (*CertificateAuthorityServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CreateCertificate",
			Handler:    _CertificateAuthorityService_CreateCertificate_Handler,
		},
		{
			MethodName: "GetCertificate",
			Handler:    _CertificateAuthorityService_GetCertificate_Handler,
		},
		{
			MethodName: "ListCertificates",
			Handler:    _CertificateAuthorityService_ListCertificates_Handler,
		},
		{
			MethodName: "RevokeCertificate",
			Handler:    _CertificateAuthorityService_RevokeCertificate_Handler,
		},
		{
			MethodName: "UpdateCertificate",
			Handler:    _CertificateAuthorityService_UpdateCertificate_Handler,
		},
		{
			MethodName: "ActivateCertificateAuthority",
			Handler:    _CertificateAuthorityService_ActivateCertificateAuthority_Handler,
		},
		{
			MethodName: "CreateCertificateAuthority",
			Handler:    _CertificateAuthorityService_CreateCertificateAuthority_Handler,
		},
		{
			MethodName: "DisableCertificateAuthority",
			Handler:    _CertificateAuthorityService_DisableCertificateAuthority_Handler,
		},
		{
			MethodName: "EnableCertificateAuthority",
			Handler:    _CertificateAuthorityService_EnableCertificateAuthority_Handler,
		},
		{
			MethodName: "FetchCertificateAuthorityCsr",
			Handler:    _CertificateAuthorityService_FetchCertificateAuthorityCsr_Handler,
		},
		{
			MethodName: "GetCertificateAuthority",
			Handler:    _CertificateAuthorityService_GetCertificateAuthority_Handler,
		},
		{
			MethodName: "ListCertificateAuthorities",
			Handler:    _CertificateAuthorityService_ListCertificateAuthorities_Handler,
		},
		{
			MethodName: "UndeleteCertificateAuthority",
			Handler:    _CertificateAuthorityService_UndeleteCertificateAuthority_Handler,
		},
		{
			MethodName: "DeleteCertificateAuthority",
			Handler:    _CertificateAuthorityService_DeleteCertificateAuthority_Handler,
		},
		{
			MethodName: "UpdateCertificateAuthority",
			Handler:    _CertificateAuthorityService_UpdateCertificateAuthority_Handler,
		},
		{
			MethodName: "CreateCaPool",
			Handler:    _CertificateAuthorityService_CreateCaPool_Handler,
		},
		{
			MethodName: "UpdateCaPool",
			Handler:    _CertificateAuthorityService_UpdateCaPool_Handler,
		},
		{
			MethodName: "GetCaPool",
			Handler:    _CertificateAuthorityService_GetCaPool_Handler,
		},
		{
			MethodName: "ListCaPools",
			Handler:    _CertificateAuthorityService_ListCaPools_Handler,
		},
		{
			MethodName: "DeleteCaPool",
			Handler:    _CertificateAuthorityService_DeleteCaPool_Handler,
		},
		{
			MethodName: "FetchCaCerts",
			Handler:    _CertificateAuthorityService_FetchCaCerts_Handler,
		},
		{
			MethodName: "GetCertificateRevocationList",
			Handler:    _CertificateAuthorityService_GetCertificateRevocationList_Handler,
		},
		{
			MethodName: "ListCertificateRevocationLists",
			Handler:    _CertificateAuthorityService_ListCertificateRevocationLists_Handler,
		},
		{
			MethodName: "UpdateCertificateRevocationList",
			Handler:    _CertificateAuthorityService_UpdateCertificateRevocationList_Handler,
		},
		{
			MethodName: "CreateCertificateTemplate",
			Handler:    _CertificateAuthorityService_CreateCertificateTemplate_Handler,
		},
		{
			MethodName: "DeleteCertificateTemplate",
			Handler:    _CertificateAuthorityService_DeleteCertificateTemplate_Handler,
		},
		{
			MethodName: "GetCertificateTemplate",
			Handler:    _CertificateAuthorityService_GetCertificateTemplate_Handler,
		},
		{
			MethodName: "ListCertificateTemplates",
			Handler:    _CertificateAuthorityService_ListCertificateTemplates_Handler,
		},
		{
			MethodName: "UpdateCertificateTemplate",
			Handler:    _CertificateAuthorityService_UpdateCertificateTemplate_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "google/cloud/security/privateca/v1/service.proto",
}

CertificateAuthorityService_ServiceDesc is the grpc.ServiceDesc for CertificateAuthorityService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_google_cloud_security_privateca_v1_resources_proto protoreflect.FileDescriptor
View Source 
var File_google_cloud_security_privateca_v1_service_proto protoreflect.FileDescriptor

Functions

func RegisterCertificateAuthorityServiceServer 

func RegisterCertificateAuthorityServiceServer(s grpc.ServiceRegistrar, srv CertificateAuthorityServiceServer)

Types

type ActivateCertificateAuthorityRequest 

type ActivateCertificateAuthorityRequest struct {

	// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
	// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The signed CA certificate issued from
	// [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
	PemCaCertificate string `protobuf:"bytes,2,opt,name=pem_ca_certificate,json=pemCaCertificate,proto3" json:"pem_ca_certificate,omitempty"`
	// Required. Must include information about the issuer of 'pem_ca_certificate', and any
	// further issuers until the self-signed CA.
	SubordinateConfig *SubordinateConfig `protobuf:"bytes,3,opt,name=subordinate_config,json=subordinateConfig,proto3" json:"subordinate_config,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].

func (*ActivateCertificateAuthorityRequest) Descriptor deprecated 

func (*ActivateCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use ActivateCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*ActivateCertificateAuthorityRequest) GetName 

func (x *ActivateCertificateAuthorityRequest) GetName() string

func (*ActivateCertificateAuthorityRequest) GetPemCaCertificate 

func (x *ActivateCertificateAuthorityRequest) GetPemCaCertificate() string

func (*ActivateCertificateAuthorityRequest) GetRequestId 

func (x *ActivateCertificateAuthorityRequest) GetRequestId() string

func (*ActivateCertificateAuthorityRequest) GetSubordinateConfig 

func (x *ActivateCertificateAuthorityRequest) GetSubordinateConfig() *SubordinateConfig

func (*ActivateCertificateAuthorityRequest) ProtoMessage 

func (*ActivateCertificateAuthorityRequest) ProtoMessage()

func (*ActivateCertificateAuthorityRequest) ProtoReflect 

func (x *ActivateCertificateAuthorityRequest) ProtoReflect() protoreflect.Message

func (*ActivateCertificateAuthorityRequest) Reset 

func (x *ActivateCertificateAuthorityRequest) Reset()

func (*ActivateCertificateAuthorityRequest) String 

func (x *ActivateCertificateAuthorityRequest) String() string

type CaPool 

type CaPool struct {

	// Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
	// format `projects/*/locations/*/caPools/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
	Tier CaPool_Tier `protobuf:"varint,2,opt,name=tier,proto3,enum=google.cloud.security.privateca.v1.CaPool_Tier" json:"tier,omitempty"`
	// Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
	// will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
	IssuancePolicy *CaPool_IssuancePolicy `protobuf:"bytes,3,opt,name=issuance_policy,json=issuancePolicy,proto3" json:"issuance_policy,omitempty"`
	// Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
	// [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	PublishingOptions *CaPool_PublishingOptions `protobuf:"bytes,4,opt,name=publishing_options,json=publishingOptions,proto3" json:"publishing_options,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 153-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CaPool[google.cloud.security.privateca.v1.CaPool] represents a group of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] that form a trust anchor. A CaPool[google.cloud.security.privateca.v1.CaPool] can be used to manage issuance policies for one or more CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] resources and to rotate CA certificates in and out of the trust anchor.

func (*CaPool) Descriptor deprecated 

func (*CaPool) Descriptor() ([]byte, []int)

Deprecated: Use CaPool.ProtoReflect.Descriptor instead.

func (*CaPool) GetIssuancePolicy 

func (x *CaPool) GetIssuancePolicy() *CaPool_IssuancePolicy

func (*CaPool) GetLabels 

func (x *CaPool) GetLabels() map[string]string

func (*CaPool) GetName 

func (x *CaPool) GetName() string

func (*CaPool) GetPublishingOptions 

func (x *CaPool) GetPublishingOptions() *CaPool_PublishingOptions

func (*CaPool) GetTier 

func (x *CaPool) GetTier() CaPool_Tier

func (*CaPool) ProtoMessage 

func (*CaPool) ProtoMessage()

func (*CaPool) ProtoReflect 

func (x *CaPool) ProtoReflect() protoreflect.Message

func (*CaPool) Reset 

func (x *CaPool) Reset()

func (*CaPool) String 

func (x *CaPool) String() string

type CaPool_IssuancePolicy 

type CaPool_IssuancePolicy struct {

	// Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
	// public key must match one of the key types listed here. Otherwise,
	// any key may be used.
	AllowedKeyTypes []*CaPool_IssuancePolicy_AllowedKeyType `protobuf:"bytes,1,rep,name=allowed_key_types,json=allowedKeyTypes,proto3" json:"allowed_key_types,omitempty"`
	// Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
	// that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
	// [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
	// be explicitly truncated to match it.
	MaximumLifetime *durationpb.Duration `protobuf:"bytes,2,opt,name=maximum_lifetime,json=maximumLifetime,proto3" json:"maximum_lifetime,omitempty"`
	// Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
	// used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
	AllowedIssuanceModes *CaPool_IssuancePolicy_IssuanceModes `protobuf:"bytes,3,opt,name=allowed_issuance_modes,json=allowedIssuanceModes,proto3" json:"allowed_issuance_modes,omitempty"`
	// Optional. A set of X.509 values that will be applied to all certificates issued
	// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
	// values for the same properties, they will be overwritten by the values
	// defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// that defines conflicting
	// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
	// properties, the certificate issuance request will fail.
	BaselineValues *X509Parameters `protobuf:"bytes,4,opt,name=baseline_values,json=baselineValues,proto3" json:"baseline_values,omitempty"`
	// Optional. Describes constraints on identities that may appear in
	// [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
	// If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
	// certificate's identity.
	IdentityConstraints *CertificateIdentityConstraints `protobuf:"bytes,5,opt,name=identity_constraints,json=identityConstraints,proto3" json:"identity_constraints,omitempty"`
	// Optional. Describes the set of X.509 extensions that may appear in a
	// [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
	// sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
	// those extensions will be dropped. If a certificate request uses a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
	// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
	// appear here, the certificate issuance request will fail. If this is
	// omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
	// certificate's X.509 extensions. These constraints do not apply to X.509
	// extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
	PassthroughExtensions *CertificateExtensionConstraints `protobuf:"bytes,6,opt,name=passthrough_extensions,json=passthroughExtensions,proto3" json:"passthrough_extensions,omitempty"`
	// contains filtered or unexported fields
}

Defines controls over all certificate issuance within a CaPool[google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy) Descriptor deprecated 

func (*CaPool_IssuancePolicy) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy) GetAllowedIssuanceModes 

func (x *CaPool_IssuancePolicy) GetAllowedIssuanceModes() *CaPool_IssuancePolicy_IssuanceModes

func (*CaPool_IssuancePolicy) GetAllowedKeyTypes 

func (x *CaPool_IssuancePolicy) GetAllowedKeyTypes() []*CaPool_IssuancePolicy_AllowedKeyType

func (*CaPool_IssuancePolicy) GetBaselineValues 

func (x *CaPool_IssuancePolicy) GetBaselineValues() *X509Parameters

func (*CaPool_IssuancePolicy) GetIdentityConstraints 

func (x *CaPool_IssuancePolicy) GetIdentityConstraints() *CertificateIdentityConstraints

func (*CaPool_IssuancePolicy) GetMaximumLifetime 

func (x *CaPool_IssuancePolicy) GetMaximumLifetime() *durationpb.Duration

func (*CaPool_IssuancePolicy) GetPassthroughExtensions 

func (x *CaPool_IssuancePolicy) GetPassthroughExtensions() *CertificateExtensionConstraints

func (*CaPool_IssuancePolicy) ProtoMessage 

func (*CaPool_IssuancePolicy) ProtoMessage()

func (*CaPool_IssuancePolicy) ProtoReflect 

func (x *CaPool_IssuancePolicy) ProtoReflect() protoreflect.Message

func (*CaPool_IssuancePolicy) Reset 

func (x *CaPool_IssuancePolicy) Reset()

func (*CaPool_IssuancePolicy) String 

func (x *CaPool_IssuancePolicy) String() string

type CaPool_IssuancePolicy_AllowedKeyType 

type CaPool_IssuancePolicy_AllowedKeyType struct {

	// Types that are assignable to KeyType:
	//	*CaPool_IssuancePolicy_AllowedKeyType_Rsa
	//	*CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve
	KeyType isCaPool_IssuancePolicy_AllowedKeyType_KeyType `protobuf_oneof:"key_type"`
	// contains filtered or unexported fields
}

Describes a "type" of key that may be used in a Certificate[google.cloud.security.privateca.v1.Certificate] issued from a CaPool[google.cloud.security.privateca.v1.CaPool]. Note that a single [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] may refer to either a fully-qualified key algorithm, such as RSA 4096, or a family of key algorithms, such as any RSA key.

func (*CaPool_IssuancePolicy_AllowedKeyType) Descriptor deprecated 

func (*CaPool_IssuancePolicy_AllowedKeyType) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_AllowedKeyType) GetEllipticCurve 

func (x *CaPool_IssuancePolicy_AllowedKeyType) GetEllipticCurve() *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType

func (*CaPool_IssuancePolicy_AllowedKeyType) GetKeyType 

func (m *CaPool_IssuancePolicy_AllowedKeyType) GetKeyType() isCaPool_IssuancePolicy_AllowedKeyType_KeyType

func (*CaPool_IssuancePolicy_AllowedKeyType) GetRsa 

func (x *CaPool_IssuancePolicy_AllowedKeyType) GetRsa() *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType

func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoMessage 

func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoMessage()

func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoReflect 

func (x *CaPool_IssuancePolicy_AllowedKeyType) ProtoReflect() protoreflect.Message

func (*CaPool_IssuancePolicy_AllowedKeyType) Reset 

func (x *CaPool_IssuancePolicy_AllowedKeyType) Reset()

func (*CaPool_IssuancePolicy_AllowedKeyType) String 

func (x *CaPool_IssuancePolicy_AllowedKeyType) String() string

type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType 

type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType struct {

	// Optional. A signature algorithm that must be used. If this is omitted, any
	// EC-based signature algorithm will be allowed.
	SignatureAlgorithm CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm `` /* 224-byte string literal not displayed */
	// contains filtered or unexported fields
}

Describes an Elliptic Curve key that may be used in a Certificate[google.cloud.security.privateca.v1.Certificate] issued from a CaPool[google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Descriptor deprecated 

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_EcKeyType.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) GetSignatureAlgorithm 

func (x *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) GetSignatureAlgorithm() CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoMessage 

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoMessage()

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoReflect 

func (x *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoReflect() protoreflect.Message

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Reset 

func (x *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Reset()

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) String 

func (x *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) String() string

type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm 

type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm int32

Describes an elliptic curve-based signature algorithm that may be used in a Certificate[google.cloud.security.privateca.v1.Certificate] issued from a CaPool[google.cloud.security.privateca.v1.CaPool]. 

const (
	// Not specified. Signifies that any signature algorithm may be used.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EC_SIGNATURE_ALGORITHM_UNSPECIFIED CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 0
	// Refers to the Elliptic Curve Digital Signature Algorithm over the
	// NIST P-256 curve.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P256 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 1
	// Refers to the Elliptic Curve Digital Signature Algorithm over the
	// NIST P-384 curve.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P384 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 2
	// Refers to the Edwards-curve Digital Signature Algorithm over curve
	// 25519, as described in RFC 8410.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EDDSA_25519 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 3
)

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Descriptor 

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Enum 

func (x CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Enum() *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) EnumDescriptor deprecated 

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm.Descriptor instead.

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Number 

func (x CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Number() protoreflect.EnumNumber

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) String 

func (x CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) String() string

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Type 

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Type() protoreflect.EnumType

type CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve 

type CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve struct {
	// Represents an allowed Elliptic Curve key type.
	EllipticCurve *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType `protobuf:"bytes,2,opt,name=elliptic_curve,json=ellipticCurve,proto3,oneof"`
}

type CaPool_IssuancePolicy_AllowedKeyType_Rsa 

type CaPool_IssuancePolicy_AllowedKeyType_Rsa struct {
	// Represents an allowed RSA key type.
	Rsa *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType `protobuf:"bytes,1,opt,name=rsa,proto3,oneof"`
}

type CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType 

type CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType struct {

	// Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
	// not set, or if set to zero, the service-level min RSA modulus size
	// will continue to apply.
	MinModulusSize int64 `protobuf:"varint,1,opt,name=min_modulus_size,json=minModulusSize,proto3" json:"min_modulus_size,omitempty"`
	// Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
	// not set, or if set to zero, the service will not enforce an explicit
	// upper bound on RSA modulus sizes.
	MaxModulusSize int64 `protobuf:"varint,2,opt,name=max_modulus_size,json=maxModulusSize,proto3" json:"max_modulus_size,omitempty"`
	// contains filtered or unexported fields
}

Describes an RSA key that may be used in a Certificate[google.cloud.security.privateca.v1.Certificate] issued from a CaPool[google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Descriptor deprecated 

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMaxModulusSize 

func (x *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMaxModulusSize() int64

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMinModulusSize 

func (x *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMinModulusSize() int64

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoMessage 

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoMessage()

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoReflect 

func (x *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoReflect() protoreflect.Message

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Reset 

func (x *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Reset()

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) String 

func (x *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) String() string

type CaPool_IssuancePolicy_IssuanceModes 

type CaPool_IssuancePolicy_IssuanceModes struct {

	// Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
	// specifying a CSR.
	AllowCsrBasedIssuance bool `` /* 129-byte string literal not displayed */
	// Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
	// specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
	AllowConfigBasedIssuance bool `` /* 138-byte string literal not displayed */
	// contains filtered or unexported fields
}

[IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] specifies the allowed ways in which [Certificates][google.cloud.security.privateca.v1.Certificate] may be requested from this CaPool[google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy_IssuanceModes) Descriptor deprecated 

func (*CaPool_IssuancePolicy_IssuanceModes) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy_IssuanceModes.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_IssuanceModes) GetAllowConfigBasedIssuance 

func (x *CaPool_IssuancePolicy_IssuanceModes) GetAllowConfigBasedIssuance() bool

func (*CaPool_IssuancePolicy_IssuanceModes) GetAllowCsrBasedIssuance 

func (x *CaPool_IssuancePolicy_IssuanceModes) GetAllowCsrBasedIssuance() bool

func (*CaPool_IssuancePolicy_IssuanceModes) ProtoMessage 

func (*CaPool_IssuancePolicy_IssuanceModes) ProtoMessage()

func (*CaPool_IssuancePolicy_IssuanceModes) ProtoReflect 

func (x *CaPool_IssuancePolicy_IssuanceModes) ProtoReflect() protoreflect.Message

func (*CaPool_IssuancePolicy_IssuanceModes) Reset 

func (x *CaPool_IssuancePolicy_IssuanceModes) Reset()

func (*CaPool_IssuancePolicy_IssuanceModes) String 

func (x *CaPool_IssuancePolicy_IssuanceModes) String() string

type CaPool_PublishingOptions 

type CaPool_PublishingOptions struct {

	// Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
	// includes its URL in the "Authority Information Access" X.509 extension
	// in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
	// certificate will not be published and the corresponding X.509 extension
	// will not be written in issued certificates.
	PublishCaCert bool `protobuf:"varint,1,opt,name=publish_ca_cert,json=publishCaCert,proto3" json:"publish_ca_cert,omitempty"`
	// Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
	// URL in the "CRL Distribution Points" X.509 extension in all issued
	// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
	// and the corresponding X.509 extension will not be written in issued
	// certificates.
	// CRLs will expire 7 days from their creation. However, we will rebuild
	// daily. CRLs are also rebuilt shortly after a certificate is revoked.
	PublishCrl bool `protobuf:"varint,2,opt,name=publish_crl,json=publishCrl,proto3" json:"publish_crl,omitempty"`
	// contains filtered or unexported fields
}

Options relating to the publication of each CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and CRLs and their inclusion as extensions in issued [Certificates][google.cloud.security.privateca.v1.Certificate]. The options set here apply to certificates issued by any CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] in the CaPool[google.cloud.security.privateca.v1.CaPool].

func (*CaPool_PublishingOptions) Descriptor deprecated 

func (*CaPool_PublishingOptions) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_PublishingOptions.ProtoReflect.Descriptor instead.

func (*CaPool_PublishingOptions) GetPublishCaCert 

func (x *CaPool_PublishingOptions) GetPublishCaCert() bool

func (*CaPool_PublishingOptions) GetPublishCrl 

func (x *CaPool_PublishingOptions) GetPublishCrl() bool

func (*CaPool_PublishingOptions) ProtoMessage 

func (*CaPool_PublishingOptions) ProtoMessage()

func (*CaPool_PublishingOptions) ProtoReflect 

func (x *CaPool_PublishingOptions) ProtoReflect() protoreflect.Message

func (*CaPool_PublishingOptions) Reset 

func (x *CaPool_PublishingOptions) Reset()

func (*CaPool_PublishingOptions) String 

func (x *CaPool_PublishingOptions) String() string

type CaPool_Tier 

type CaPool_Tier int32

The tier of a CaPool[google.cloud.security.privateca.v1.CaPool], indicating its supported functionality and/or billing SKU. 

const (
	// Not specified.
	CaPool_TIER_UNSPECIFIED CaPool_Tier = 0
	// Enterprise tier.
	CaPool_ENTERPRISE CaPool_Tier = 1
	// DevOps tier.
	CaPool_DEVOPS CaPool_Tier = 2
)

func (CaPool_Tier) Descriptor 

func (CaPool_Tier) Descriptor() protoreflect.EnumDescriptor

func (CaPool_Tier) Enum 

func (x CaPool_Tier) Enum() *CaPool_Tier

func (CaPool_Tier) EnumDescriptor deprecated 

func (CaPool_Tier) EnumDescriptor() ([]byte, []int)

Deprecated: Use CaPool_Tier.Descriptor instead.

func (CaPool_Tier) Number 

func (x CaPool_Tier) Number() protoreflect.EnumNumber

func (CaPool_Tier) String 

func (x CaPool_Tier) String() string

func (CaPool_Tier) Type 

func (CaPool_Tier) Type() protoreflect.EnumType

type Certificate 

type Certificate struct {

	// Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
	// `projects/*/locations/*/caPools/*/certificates/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The config used to create a signed X.509 certificate.
	//
	// Types that are assignable to CertificateConfig:
	//	*Certificate_PemCsr
	//	*Certificate_Config
	CertificateConfig isCertificate_CertificateConfig `protobuf_oneof:"certificate_config"`
	// Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
	// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	IssuerCertificateAuthority string `` /* 141-byte string literal not displayed */
	// Required. Immutable. The desired lifetime of a certificate. Used to create the
	// "not_before_time" and "not_after_time" fields inside an X.509
	// certificate. Note that the lifetime may be truncated if it would extend
	// past the life of any certificate authority in the issuing chain.
	Lifetime *durationpb.Duration `protobuf:"bytes,5,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
	// certificate, in the format
	// `projects/*/locations/*/certificateTemplates/*`.
	// If this is specified, the caller must have the necessary permission to
	// use this template. If this is omitted, no template will be used.
	// This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
	CertificateTemplate string `protobuf:"bytes,6,opt,name=certificate_template,json=certificateTemplate,proto3" json:"certificate_template,omitempty"`
	// Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
	// If this is omitted, the `DEFAULT` subject mode will be used.
	SubjectMode SubjectRequestMode `` /* 154-byte string literal not displayed */
	// Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
	// [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
	RevocationDetails *Certificate_RevocationDetails `protobuf:"bytes,8,opt,name=revocation_details,json=revocationDetails,proto3" json:"revocation_details,omitempty"`
	// Output only. The pem-encoded, signed X.509 certificate.
	PemCertificate string `protobuf:"bytes,9,opt,name=pem_certificate,json=pemCertificate,proto3" json:"pem_certificate,omitempty"`
	// Output only. A structured description of the issued X.509 certificate.
	CertificateDescription *CertificateDescription `` /* 128-byte string literal not displayed */
	// Output only. The chain that may be used to verify the X.509 certificate. Expected to be
	// in issuer-to-root order according to RFC 5246.
	PemCertificateChain []string `protobuf:"bytes,11,rep,name=pem_certificate_chain,json=pemCertificateChain,proto3" json:"pem_certificate_chain,omitempty"`
	// Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,12,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

A Certificate[google.cloud.security.privateca.v1.Certificate] corresponds to a signed X.509 certificate issued by a CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority].

func (*Certificate) Descriptor deprecated 

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCertificateConfig 

func (m *Certificate) GetCertificateConfig() isCertificate_CertificateConfig

func (*Certificate) GetCertificateDescription 

func (x *Certificate) GetCertificateDescription() *CertificateDescription

func (*Certificate) GetCertificateTemplate 

func (x *Certificate) GetCertificateTemplate() string

func (*Certificate) GetConfig 

func (x *Certificate) GetConfig() *CertificateConfig

func (*Certificate) GetCreateTime 

func (x *Certificate) GetCreateTime() *timestamppb.Timestamp

func (*Certificate) GetIssuerCertificateAuthority 

func (x *Certificate) GetIssuerCertificateAuthority() string

func (*Certificate) GetLabels 

func (x *Certificate) GetLabels() map[string]string

func (*Certificate) GetLifetime 

func (x *Certificate) GetLifetime() *durationpb.Duration

func (*Certificate) GetName 

func (x *Certificate) GetName() string

func (*Certificate) GetPemCertificate 

func (x *Certificate) GetPemCertificate() string

func (*Certificate) GetPemCertificateChain 

func (x *Certificate) GetPemCertificateChain() []string

func (*Certificate) GetPemCsr 

func (x *Certificate) GetPemCsr() string

func (*Certificate) GetRevocationDetails 

func (x *Certificate) GetRevocationDetails() *Certificate_RevocationDetails

func (*Certificate) GetSubjectMode 

func (x *Certificate) GetSubjectMode() SubjectRequestMode

func (*Certificate) GetUpdateTime 

func (x *Certificate) GetUpdateTime() *timestamppb.Timestamp

func (*Certificate) ProtoMessage 

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect 

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset 

func (x *Certificate) Reset()

func (*Certificate) String 

func (x *Certificate) String() string

type CertificateAuthority 

type CertificateAuthority struct {

	// Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
	// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	Type CertificateAuthority_Type `` /* 128-byte string literal not displayed */
	// Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
	Config *CertificateConfig `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
	// Required. Immutable. The desired lifetime of the CA certificate. Used to create the
	// "not_before_time" and "not_after_time" fields inside an X.509
	// certificate.
	Lifetime *durationpb.Duration `protobuf:"bytes,4,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
	// is also used to sign the self-signed CA certificate. Otherwise, it
	// is used to sign a CSR.
	KeySpec *CertificateAuthority_KeyVersionSpec `protobuf:"bytes,5,opt,name=key_spec,json=keySpec,proto3" json:"key_spec,omitempty"`
	// Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
	// with the subordinate configuration, which describes its issuers. This may
	// be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
	SubordinateConfig *SubordinateConfig `protobuf:"bytes,6,opt,name=subordinate_config,json=subordinateConfig,proto3" json:"subordinate_config,omitempty"`
	// Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	Tier CaPool_Tier `protobuf:"varint,7,opt,name=tier,proto3,enum=google.cloud.security.privateca.v1.CaPool_Tier" json:"tier,omitempty"`
	// Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	State CertificateAuthority_State `` /* 131-byte string literal not displayed */
	// Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
	// is the final element (consistent with RFC 5246). For a self-signed CA, this
	// will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
	PemCaCertificates []string `protobuf:"bytes,9,rep,name=pem_ca_certificates,json=pemCaCertificates,proto3" json:"pem_ca_certificates,omitempty"`
	// Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
	// and its issuers. Ordered as self-to-root.
	CaCertificateDescriptions []*CertificateDescription `` /* 139-byte string literal not displayed */
	// Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
	// publish content, such as the CA certificate and CRLs. This must be a bucket
	// name, without any prefixes (such as `gs://`) or suffixes (such as
	// `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
	// would simply specify `my-bucket`. If not specified, a managed bucket will
	// be created.
	GcsBucket string `protobuf:"bytes,11,opt,name=gcs_bucket,json=gcsBucket,proto3" json:"gcs_bucket,omitempty"`
	// Output only. URLs for accessing content published by this CA, such as the CA certificate
	// and CRLs.
	AccessUrls *CertificateAuthority_AccessUrls `protobuf:"bytes,12,opt,name=access_urls,json=accessUrls,proto3" json:"access_urls,omitempty"`
	// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,14,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
	// it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
	DeleteTime *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=delete_time,json=deleteTime,proto3" json:"delete_time,omitempty"`
	// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
	// if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,16,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] represents an individual Certificate Authority. A CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] can be used to create [Certificates][google.cloud.security.privateca.v1.Certificate].

func (*CertificateAuthority) Descriptor deprecated 

func (*CertificateAuthority) Descriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority.ProtoReflect.Descriptor instead.

func (*CertificateAuthority) GetAccessUrls 

func (x *CertificateAuthority) GetAccessUrls() *CertificateAuthority_AccessUrls

func (*CertificateAuthority) GetCaCertificateDescriptions 

func (x *CertificateAuthority) GetCaCertificateDescriptions() []*CertificateDescription

func (*CertificateAuthority) GetConfig 

func (x *CertificateAuthority) GetConfig() *CertificateConfig

func (*CertificateAuthority) GetCreateTime 

func (x *CertificateAuthority) GetCreateTime() *timestamppb.Timestamp

func (*CertificateAuthority) GetDeleteTime 

func (x *CertificateAuthority) GetDeleteTime() *timestamppb.Timestamp

func (*CertificateAuthority) GetExpireTime 

func (x *CertificateAuthority) GetExpireTime() *timestamppb.Timestamp

func (*CertificateAuthority) GetGcsBucket 

func (x *CertificateAuthority) GetGcsBucket() string

func (*CertificateAuthority) GetKeySpec 

func (x *CertificateAuthority) GetKeySpec() *CertificateAuthority_KeyVersionSpec

func (*CertificateAuthority) GetLabels 

func (x *CertificateAuthority) GetLabels() map[string]string

func (*CertificateAuthority) GetLifetime 

func (x *CertificateAuthority) GetLifetime() *durationpb.Duration

func (*CertificateAuthority) GetName 

func (x *CertificateAuthority) GetName() string

func (*CertificateAuthority) GetPemCaCertificates 

func (x *CertificateAuthority) GetPemCaCertificates() []string

func (*CertificateAuthority) GetState 

func (x *CertificateAuthority) GetState() CertificateAuthority_State

func (*CertificateAuthority) GetSubordinateConfig 

func (x *CertificateAuthority) GetSubordinateConfig() *SubordinateConfig

func (*CertificateAuthority) GetTier 

func (x *CertificateAuthority) GetTier() CaPool_Tier

func (*CertificateAuthority) GetType 

func (x *CertificateAuthority) GetType() CertificateAuthority_Type

func (*CertificateAuthority) GetUpdateTime 

func (x *CertificateAuthority) GetUpdateTime() *timestamppb.Timestamp

func (*CertificateAuthority) ProtoMessage 

func (*CertificateAuthority) ProtoMessage()

func (*CertificateAuthority) ProtoReflect 

func (x *CertificateAuthority) ProtoReflect() protoreflect.Message

func (*CertificateAuthority) Reset 

func (x *CertificateAuthority) Reset()

func (*CertificateAuthority) String 

func (x *CertificateAuthority) String() string

type CertificateAuthorityServiceClient 

type CertificateAuthorityServiceClient interface {
	// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCertificate(ctx context.Context, in *CreateCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
	GetCertificate(ctx context.Context, in *GetCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
	ListCertificates(ctx context.Context, in *ListCertificatesRequest, opts ...grpc.CallOption) (*ListCertificatesResponse, error)
	// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
	RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
	// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
	UpdateCertificate(ctx context.Context, in *UpdateCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
	// the parent Certificate Authority signs a certificate signing request from
	// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
	// process.
	ActivateCertificateAuthority(ctx context.Context, in *ActivateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
	CreateCertificateAuthority(ctx context.Context, in *CreateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DisableCertificateAuthority(ctx context.Context, in *DisableCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	EnableCertificateAuthority(ctx context.Context, in *EnableCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
	// CSR must then be signed by the desired parent Certificate Authority, which
	// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
	// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
	FetchCertificateAuthorityCsr(ctx context.Context, in *FetchCertificateAuthorityCsrRequest, opts ...grpc.CallOption) (*FetchCertificateAuthorityCsrResponse, error)
	// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	GetCertificateAuthority(ctx context.Context, in *GetCertificateAuthorityRequest, opts ...grpc.CallOption) (*CertificateAuthority, error)
	// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
	ListCertificateAuthorities(ctx context.Context, in *ListCertificateAuthoritiesRequest, opts ...grpc.CallOption) (*ListCertificateAuthoritiesResponse, error)
	// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
	UndeleteCertificateAuthority(ctx context.Context, in *UndeleteCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DeleteCertificateAuthority(ctx context.Context, in *DeleteCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	UpdateCertificateAuthority(ctx context.Context, in *UpdateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCaPool(ctx context.Context, in *CreateCaPoolRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
	UpdateCaPool(ctx context.Context, in *UpdateCaPoolRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
	GetCaPool(ctx context.Context, in *GetCaPoolRequest, opts ...grpc.CallOption) (*CaPool, error)
	// Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
	ListCaPools(ctx context.Context, in *ListCaPoolsRequest, opts ...grpc.CallOption) (*ListCaPoolsResponse, error)
	// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
	DeleteCaPool(ctx context.Context, in *DeleteCaPoolRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
	// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
	FetchCaCerts(ctx context.Context, in *FetchCaCertsRequest, opts ...grpc.CallOption) (*FetchCaCertsResponse, error)
	// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	GetCertificateRevocationList(ctx context.Context, in *GetCertificateRevocationListRequest, opts ...grpc.CallOption) (*CertificateRevocationList, error)
	// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
	ListCertificateRevocationLists(ctx context.Context, in *ListCertificateRevocationListsRequest, opts ...grpc.CallOption) (*ListCertificateRevocationListsResponse, error)
	// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	UpdateCertificateRevocationList(ctx context.Context, in *UpdateCertificateRevocationListRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
	CreateCertificateTemplate(ctx context.Context, in *CreateCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	DeleteCertificateTemplate(ctx context.Context, in *DeleteCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	GetCertificateTemplate(ctx context.Context, in *GetCertificateTemplateRequest, opts ...grpc.CallOption) (*CertificateTemplate, error)
	// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
	ListCertificateTemplates(ctx context.Context, in *ListCertificateTemplatesRequest, opts ...grpc.CallOption) (*ListCertificateTemplatesResponse, error)
	// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	UpdateCertificateTemplate(ctx context.Context, in *UpdateCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
}

CertificateAuthorityServiceClient is the client API for CertificateAuthorityService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewCertificateAuthorityServiceClient 

func NewCertificateAuthorityServiceClient(cc grpc.ClientConnInterface) CertificateAuthorityServiceClient

type CertificateAuthorityServiceServer 

type CertificateAuthorityServiceServer interface {
	// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCertificate(context.Context, *CreateCertificateRequest) (*Certificate, error)
	// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
	GetCertificate(context.Context, *GetCertificateRequest) (*Certificate, error)
	// Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
	ListCertificates(context.Context, *ListCertificatesRequest) (*ListCertificatesResponse, error)
	// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
	RevokeCertificate(context.Context, *RevokeCertificateRequest) (*Certificate, error)
	// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
	// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
	UpdateCertificate(context.Context, *UpdateCertificateRequest) (*Certificate, error)
	// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
	// the parent Certificate Authority signs a certificate signing request from
	// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
	// process.
	ActivateCertificateAuthority(context.Context, *ActivateCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
	CreateCertificateAuthority(context.Context, *CreateCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DisableCertificateAuthority(context.Context, *DisableCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	EnableCertificateAuthority(context.Context, *EnableCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
	// CSR must then be signed by the desired parent Certificate Authority, which
	// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
	// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
	FetchCertificateAuthorityCsr(context.Context, *FetchCertificateAuthorityCsrRequest) (*FetchCertificateAuthorityCsrResponse, error)
	// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	GetCertificateAuthority(context.Context, *GetCertificateAuthorityRequest) (*CertificateAuthority, error)
	// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
	ListCertificateAuthorities(context.Context, *ListCertificateAuthoritiesRequest) (*ListCertificateAuthoritiesResponse, error)
	// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
	UndeleteCertificateAuthority(context.Context, *UndeleteCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DeleteCertificateAuthority(context.Context, *DeleteCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	UpdateCertificateAuthority(context.Context, *UpdateCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCaPool(context.Context, *CreateCaPoolRequest) (*longrunning.Operation, error)
	// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
	UpdateCaPool(context.Context, *UpdateCaPoolRequest) (*longrunning.Operation, error)
	// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
	GetCaPool(context.Context, *GetCaPoolRequest) (*CaPool, error)
	// Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
	ListCaPools(context.Context, *ListCaPoolsRequest) (*ListCaPoolsResponse, error)
	// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
	DeleteCaPool(context.Context, *DeleteCaPoolRequest) (*longrunning.Operation, error)
	// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
	// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
	FetchCaCerts(context.Context, *FetchCaCertsRequest) (*FetchCaCertsResponse, error)
	// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	GetCertificateRevocationList(context.Context, *GetCertificateRevocationListRequest) (*CertificateRevocationList, error)
	// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
	ListCertificateRevocationLists(context.Context, *ListCertificateRevocationListsRequest) (*ListCertificateRevocationListsResponse, error)
	// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	UpdateCertificateRevocationList(context.Context, *UpdateCertificateRevocationListRequest) (*longrunning.Operation, error)
	// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
	CreateCertificateTemplate(context.Context, *CreateCertificateTemplateRequest) (*longrunning.Operation, error)
	// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	DeleteCertificateTemplate(context.Context, *DeleteCertificateTemplateRequest) (*longrunning.Operation, error)
	// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	GetCertificateTemplate(context.Context, *GetCertificateTemplateRequest) (*CertificateTemplate, error)
	// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
	ListCertificateTemplates(context.Context, *ListCertificateTemplatesRequest) (*ListCertificateTemplatesResponse, error)
	// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	UpdateCertificateTemplate(context.Context, *UpdateCertificateTemplateRequest) (*longrunning.Operation, error)
}

CertificateAuthorityServiceServer is the server API for CertificateAuthorityService service. All implementations should embed UnimplementedCertificateAuthorityServiceServer for forward compatibility

type CertificateAuthority_AccessUrls 

type CertificateAuthority_AccessUrls struct {

	// The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
	// published. This will only be set for CAs that have been activated.
	CaCertificateAccessUrl string `` /* 131-byte string literal not displayed */
	// The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
	// will only be set for CAs that have been activated.
	CrlAccessUrls []string `protobuf:"bytes,2,rep,name=crl_access_urls,json=crlAccessUrls,proto3" json:"crl_access_urls,omitempty"`
	// contains filtered or unexported fields
}

URLs where a CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] will publish content.

func (*CertificateAuthority_AccessUrls) Descriptor deprecated 

func (*CertificateAuthority_AccessUrls) Descriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_AccessUrls.ProtoReflect.Descriptor instead.

func (*CertificateAuthority_AccessUrls) GetCaCertificateAccessUrl 

func (x *CertificateAuthority_AccessUrls) GetCaCertificateAccessUrl() string

func (*CertificateAuthority_AccessUrls) GetCrlAccessUrls 

func (x *CertificateAuthority_AccessUrls) GetCrlAccessUrls() []string

func (*CertificateAuthority_AccessUrls) ProtoMessage 

func (*CertificateAuthority_AccessUrls) ProtoMessage()

func (*CertificateAuthority_AccessUrls) ProtoReflect 

func (x *CertificateAuthority_AccessUrls) ProtoReflect() protoreflect.Message

func (*CertificateAuthority_AccessUrls) Reset 

func (x *CertificateAuthority_AccessUrls) Reset()

func (*CertificateAuthority_AccessUrls) String 

func (x *CertificateAuthority_AccessUrls) String() string

type CertificateAuthority_KeyVersionSpec 

type CertificateAuthority_KeyVersionSpec struct {

	// Types that are assignable to KeyVersion:
	//	*CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion
	//	*CertificateAuthority_KeyVersionSpec_Algorithm
	KeyVersion isCertificateAuthority_KeyVersionSpec_KeyVersion `protobuf_oneof:"KeyVersion"`
	// contains filtered or unexported fields
}

A Cloud KMS key configuration that a CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority] will use.

func (*CertificateAuthority_KeyVersionSpec) Descriptor deprecated 

func (*CertificateAuthority_KeyVersionSpec) Descriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_KeyVersionSpec.ProtoReflect.Descriptor instead.

func (*CertificateAuthority_KeyVersionSpec) GetAlgorithm 

func (x *CertificateAuthority_KeyVersionSpec) GetAlgorithm() CertificateAuthority_SignHashAlgorithm

func (*CertificateAuthority_KeyVersionSpec) GetCloudKmsKeyVersion 

func (x *CertificateAuthority_KeyVersionSpec) GetCloudKmsKeyVersion() string

func (*CertificateAuthority_KeyVersionSpec) GetKeyVersion 

func (m *CertificateAuthority_KeyVersionSpec) GetKeyVersion() isCertificateAuthority_KeyVersionSpec_KeyVersion

func (*CertificateAuthority_KeyVersionSpec) ProtoMessage 

func (*CertificateAuthority_KeyVersionSpec) ProtoMessage()

func (*CertificateAuthority_KeyVersionSpec) ProtoReflect 

func (x *CertificateAuthority_KeyVersionSpec) ProtoReflect() protoreflect.Message

func (*CertificateAuthority_KeyVersionSpec) Reset 

func (x *CertificateAuthority_KeyVersionSpec) Reset()

func (*CertificateAuthority_KeyVersionSpec) String 

func (x *CertificateAuthority_KeyVersionSpec) String() string

type CertificateAuthority_KeyVersionSpec_Algorithm 

type CertificateAuthority_KeyVersionSpec_Algorithm struct {
	// The algorithm to use for creating a managed Cloud KMS key for a for a
	// simplified experience. All managed keys will be have their
	// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
	Algorithm CertificateAuthority_SignHashAlgorithm `` /* 130-byte string literal not displayed */
}

type CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion 

type CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion struct {
	// The resource name for an existing Cloud KMS CryptoKeyVersion in the
	// format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
	// This option enables full flexibility in the key's capabilities and
	// properties.
	CloudKmsKeyVersion string `protobuf:"bytes,1,opt,name=cloud_kms_key_version,json=cloudKmsKeyVersion,proto3,oneof"`
}

type CertificateAuthority_SignHashAlgorithm 

type CertificateAuthority_SignHashAlgorithm int32

The algorithm of a Cloud KMS CryptoKeyVersion of a [CryptoKey][google.cloud.kms.v1.CryptoKey] with the [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value `ASYMMETRIC_SIGN`. These values correspond to the [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] values. For RSA signing algorithms, the PSS algorithms should be preferred, use PKCS1 algorithms if required for compatibility. For further recommendations, see https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations. 

const (
	// Not specified.
	CertificateAuthority_SIGN_HASH_ALGORITHM_UNSPECIFIED CertificateAuthority_SignHashAlgorithm = 0
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
	CertificateAuthority_RSA_PSS_2048_SHA256 CertificateAuthority_SignHashAlgorithm = 1
	// maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
	CertificateAuthority_RSA_PSS_3072_SHA256 CertificateAuthority_SignHashAlgorithm = 2
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
	CertificateAuthority_RSA_PSS_4096_SHA256 CertificateAuthority_SignHashAlgorithm = 3
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
	CertificateAuthority_RSA_PKCS1_2048_SHA256 CertificateAuthority_SignHashAlgorithm = 6
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
	CertificateAuthority_RSA_PKCS1_3072_SHA256 CertificateAuthority_SignHashAlgorithm = 7
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
	CertificateAuthority_RSA_PKCS1_4096_SHA256 CertificateAuthority_SignHashAlgorithm = 8
	// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
	CertificateAuthority_EC_P256_SHA256 CertificateAuthority_SignHashAlgorithm = 4
	// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
	CertificateAuthority_EC_P384_SHA384 CertificateAuthority_SignHashAlgorithm = 5
)

func (CertificateAuthority_SignHashAlgorithm) Descriptor 

func (CertificateAuthority_SignHashAlgorithm) Descriptor() protoreflect.EnumDescriptor

func (CertificateAuthority_SignHashAlgorithm) Enum 

func (x CertificateAuthority_SignHashAlgorithm) Enum() *CertificateAuthority_SignHashAlgorithm

func (CertificateAuthority_SignHashAlgorithm) EnumDescriptor deprecated 

func (CertificateAuthority_SignHashAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_SignHashAlgorithm.Descriptor instead.

func (CertificateAuthority_SignHashAlgorithm) Number 

func (x CertificateAuthority_SignHashAlgorithm) Number() protoreflect.EnumNumber

func (CertificateAuthority_SignHashAlgorithm) String 

func (x CertificateAuthority_SignHashAlgorithm) String() string

func (CertificateAuthority_SignHashAlgorithm) Type 

func (CertificateAuthority_SignHashAlgorithm) Type() protoreflect.EnumType

type CertificateAuthority_State 

type CertificateAuthority_State int32

The state of a CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority], indicating if it can be used. 

const (
	// Not specified.
	CertificateAuthority_STATE_UNSPECIFIED CertificateAuthority_State = 0
	// Certificates can be issued from this CA. CRLs will be generated for this
	// CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will be
	// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_ENABLED CertificateAuthority_State = 1
	// Certificates cannot be issued from this CA. CRLs will still be generated.
	// The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not be
	// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_DISABLED CertificateAuthority_State = 2
	// Certificates can be issued from this CA. CRLs will be generated for this
	// CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not
	// be used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_STAGED CertificateAuthority_State = 3
	// Certificates cannot be issued from this CA. CRLs will not be generated.
	// The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
	// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_AWAITING_USER_ACTIVATION CertificateAuthority_State = 4
	// Certificates cannot be issued from this CA. CRLs will not be generated.
	// The CA may still be recovered by calling
	// [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority] before
	// [expire_time][google.cloud.security.privateca.v1.CertificateAuthority.expire_time].
	// The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
	// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_DELETED CertificateAuthority_State = 5
)

func (CertificateAuthority_State) Descriptor 

func (CertificateAuthority_State) Descriptor() protoreflect.EnumDescriptor

func (CertificateAuthority_State) Enum 

func (x CertificateAuthority_State) Enum() *CertificateAuthority_State

func (CertificateAuthority_State) EnumDescriptor deprecated 

func (CertificateAuthority_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_State.Descriptor instead.

func (CertificateAuthority_State) Number 

func (x CertificateAuthority_State) Number() protoreflect.EnumNumber

func (CertificateAuthority_State) String 

func (x CertificateAuthority_State) String() string

func (CertificateAuthority_State) Type 

func (CertificateAuthority_State) Type() protoreflect.EnumType

type CertificateAuthority_Type 

type CertificateAuthority_Type int32

The type of a CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority], indicating its issuing chain. 

const (
	// Not specified.
	CertificateAuthority_TYPE_UNSPECIFIED CertificateAuthority_Type = 0
	// Self-signed CA.
	CertificateAuthority_SELF_SIGNED CertificateAuthority_Type = 1
	// Subordinate CA. Could be issued by a Private CA [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// or an unmanaged CA.
	CertificateAuthority_SUBORDINATE CertificateAuthority_Type = 2
)

func (CertificateAuthority_Type) Descriptor 

func (CertificateAuthority_Type) Descriptor() protoreflect.EnumDescriptor

func (CertificateAuthority_Type) Enum 

func (x CertificateAuthority_Type) Enum() *CertificateAuthority_Type

func (CertificateAuthority_Type) EnumDescriptor deprecated 

func (CertificateAuthority_Type) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_Type.Descriptor instead.

func (CertificateAuthority_Type) Number 

func (x CertificateAuthority_Type) Number() protoreflect.EnumNumber

func (CertificateAuthority_Type) String 

func (x CertificateAuthority_Type) String() string

func (CertificateAuthority_Type) Type 

func (CertificateAuthority_Type) Type() protoreflect.EnumType

type CertificateConfig 

type CertificateConfig struct {

	// Required. Specifies some of the values in a certificate that are related to the
	// subject.
	SubjectConfig *CertificateConfig_SubjectConfig `protobuf:"bytes,1,opt,name=subject_config,json=subjectConfig,proto3" json:"subject_config,omitempty"`
	// Required. Describes how some of the technical X.509 fields in a certificate should be
	// populated.
	X509Config *X509Parameters `protobuf:"bytes,2,opt,name=x509_config,json=x509Config,proto3" json:"x509_config,omitempty"`
	// Optional. The public key that corresponds to this config. This is, for example, used
	// when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
	// self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
	PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// contains filtered or unexported fields
}

A CertificateConfig[google.cloud.security.privateca.v1.CertificateConfig] describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.

func (*CertificateConfig) Descriptor deprecated 

func (*CertificateConfig) Descriptor() ([]byte, []int)

Deprecated: Use CertificateConfig.ProtoReflect.Descriptor instead.

func (*CertificateConfig) GetPublicKey 

func (x *CertificateConfig) GetPublicKey() *PublicKey

func (*CertificateConfig) GetSubjectConfig 

func (x *CertificateConfig) GetSubjectConfig() *CertificateConfig_SubjectConfig

func (*CertificateConfig) GetX509Config 

func (x *CertificateConfig) GetX509Config() *X509Parameters

func (*CertificateConfig) ProtoMessage 

func (*CertificateConfig) ProtoMessage()

func (*CertificateConfig) ProtoReflect 

func (x *CertificateConfig) ProtoReflect() protoreflect.Message

func (*CertificateConfig) Reset 

func (x *CertificateConfig) Reset()

func (*CertificateConfig) String 

func (x *CertificateConfig) String() string

type CertificateConfig_SubjectConfig 

type CertificateConfig_SubjectConfig struct {

	// Required. Contains distinguished name fields such as the common name, location and
	// organization.
	Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
	// Optional. The subject alternative name fields.
	SubjectAltName *SubjectAltNames `protobuf:"bytes,2,opt,name=subject_alt_name,json=subjectAltName,proto3" json:"subject_alt_name,omitempty"`
	// contains filtered or unexported fields
}

These values are used to create the distinguished name and subject alternative name fields in an X.509 certificate.

func (*CertificateConfig_SubjectConfig) Descriptor deprecated 

func (*CertificateConfig_SubjectConfig) Descriptor() ([]byte, []int)

Deprecated: Use CertificateConfig_SubjectConfig.ProtoReflect.Descriptor instead.

func (*CertificateConfig_SubjectConfig) GetSubject 

func (x *CertificateConfig_SubjectConfig) GetSubject() *Subject

func (*CertificateConfig_SubjectConfig) GetSubjectAltName 

func (x *CertificateConfig_SubjectConfig) GetSubjectAltName() *SubjectAltNames

func (*CertificateConfig_SubjectConfig) ProtoMessage 

func (*CertificateConfig_SubjectConfig) ProtoMessage()

func (*CertificateConfig_SubjectConfig) ProtoReflect 

func (x *CertificateConfig_SubjectConfig) ProtoReflect() protoreflect.Message

func (*CertificateConfig_SubjectConfig) Reset 

func (x *CertificateConfig_SubjectConfig) Reset()

func (*CertificateConfig_SubjectConfig) String 

func (x *CertificateConfig_SubjectConfig) String() string

type CertificateDescription 

type CertificateDescription struct {

	// Describes some of the values in a certificate that are related to the
	// subject and lifetime.
	SubjectDescription *CertificateDescription_SubjectDescription `protobuf:"bytes,1,opt,name=subject_description,json=subjectDescription,proto3" json:"subject_description,omitempty"`
	// Describes some of the technical X.509 fields in a certificate.
	X509Description *X509Parameters `protobuf:"bytes,2,opt,name=x509_description,json=x509Description,proto3" json:"x509_description,omitempty"`
	// The public key that corresponds to an issued certificate.
	PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// Provides a means of identifiying certificates that contain a particular
	// public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
	SubjectKeyId *CertificateDescription_KeyId `protobuf:"bytes,4,opt,name=subject_key_id,json=subjectKeyId,proto3" json:"subject_key_id,omitempty"`
	// Identifies the subject_key_id of the parent certificate, per
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.1
	AuthorityKeyId *CertificateDescription_KeyId `protobuf:"bytes,5,opt,name=authority_key_id,json=authorityKeyId,proto3" json:"authority_key_id,omitempty"`
	// Describes a list of locations to obtain CRL information, i.e.
	// the DistributionPoint.fullName described by
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.13
	CrlDistributionPoints []string `` /* 126-byte string literal not displayed */
	// Describes lists of issuer CA certificate URLs that appear in the
	// "Authority Information Access" extension in the certificate.
	AiaIssuingCertificateUrls []string `` /* 140-byte string literal not displayed */
	// The hash of the x.509 certificate.
	CertFingerprint *CertificateDescription_CertificateFingerprint `protobuf:"bytes,8,opt,name=cert_fingerprint,json=certFingerprint,proto3" json:"cert_fingerprint,omitempty"`
	// contains filtered or unexported fields
}

A CertificateDescription[google.cloud.security.privateca.v1.CertificateDescription] describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.

func (*CertificateDescription) Descriptor deprecated 

func (*CertificateDescription) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription.ProtoReflect.Descriptor instead.

func (*CertificateDescription) GetAiaIssuingCertificateUrls 

func (x *CertificateDescription) GetAiaIssuingCertificateUrls() []string

func (*CertificateDescription) GetAuthorityKeyId 

func (x *CertificateDescription) GetAuthorityKeyId() *CertificateDescription_KeyId

func (*CertificateDescription) GetCertFingerprint 

func (x *CertificateDescription) GetCertFingerprint() *CertificateDescription_CertificateFingerprint

func (*CertificateDescription) GetCrlDistributionPoints 

func (x *CertificateDescription) GetCrlDistributionPoints() []string

func (*CertificateDescription) GetPublicKey 

func (x *CertificateDescription) GetPublicKey() *PublicKey

func (*CertificateDescription) GetSubjectDescription 

func (x *CertificateDescription) GetSubjectDescription() *CertificateDescription_SubjectDescription

func (*CertificateDescription) GetSubjectKeyId 

func (x *CertificateDescription) GetSubjectKeyId() *CertificateDescription_KeyId

func (*CertificateDescription) GetX509Description 

func (x *CertificateDescription) GetX509Description() *X509Parameters

func (*CertificateDescription) ProtoMessage 

func (*CertificateDescription) ProtoMessage()

func (*CertificateDescription) ProtoReflect 

func (x *CertificateDescription) ProtoReflect() protoreflect.Message

func (*CertificateDescription) Reset 

func (x *CertificateDescription) Reset()

func (*CertificateDescription) String 

func (x *CertificateDescription) String() string

type CertificateDescription_CertificateFingerprint 

type CertificateDescription_CertificateFingerprint struct {

	// The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
	Sha256Hash string `protobuf:"bytes,1,opt,name=sha256_hash,json=sha256Hash,proto3" json:"sha256_hash,omitempty"`
	// contains filtered or unexported fields
}

A group of fingerprints for the x509 certificate.

func (*CertificateDescription_CertificateFingerprint) Descriptor deprecated 

func (*CertificateDescription_CertificateFingerprint) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription_CertificateFingerprint.ProtoReflect.Descriptor instead.

func (*CertificateDescription_CertificateFingerprint) GetSha256Hash 

func (x *CertificateDescription_CertificateFingerprint) GetSha256Hash() string

func (*CertificateDescription_CertificateFingerprint) ProtoMessage 

func (*CertificateDescription_CertificateFingerprint) ProtoMessage()

func (*CertificateDescription_CertificateFingerprint) ProtoReflect 

func (x *CertificateDescription_CertificateFingerprint) ProtoReflect() protoreflect.Message

func (*CertificateDescription_CertificateFingerprint) Reset 

func (x *CertificateDescription_CertificateFingerprint) Reset()

func (*CertificateDescription_CertificateFingerprint) String 

func (x *CertificateDescription_CertificateFingerprint) String() string

type CertificateDescription_KeyId 

type CertificateDescription_KeyId struct {

	// Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
	// likely the 160 bit SHA-1 hash of the public key.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// contains filtered or unexported fields
}

A KeyId identifies a specific public key, usually by hashing the public key.

func (*CertificateDescription_KeyId) Descriptor deprecated 

func (*CertificateDescription_KeyId) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription_KeyId.ProtoReflect.Descriptor instead.

func (*CertificateDescription_KeyId) GetKeyId 

func (x *CertificateDescription_KeyId) GetKeyId() string

func (*CertificateDescription_KeyId) ProtoMessage 

func (*CertificateDescription_KeyId) ProtoMessage()

func (*CertificateDescription_KeyId) ProtoReflect 

func (x *CertificateDescription_KeyId) ProtoReflect() protoreflect.Message

func (*CertificateDescription_KeyId) Reset 

func (x *CertificateDescription_KeyId) Reset()

func (*CertificateDescription_KeyId) String 

func (x *CertificateDescription_KeyId) String() string

type CertificateDescription_SubjectDescription 

type CertificateDescription_SubjectDescription struct {

	// Contains distinguished name fields such as the common name, location and
	// / organization.
	Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
	// The subject alternative name fields.
	SubjectAltName *SubjectAltNames `protobuf:"bytes,2,opt,name=subject_alt_name,json=subjectAltName,proto3" json:"subject_alt_name,omitempty"`
	// The serial number encoded in lowercase hexadecimal.
	HexSerialNumber string `protobuf:"bytes,3,opt,name=hex_serial_number,json=hexSerialNumber,proto3" json:"hex_serial_number,omitempty"`
	// For convenience, the actual lifetime of an issued certificate.
	Lifetime *durationpb.Duration `protobuf:"bytes,4,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// The time at which the certificate becomes valid.
	NotBeforeTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=not_before_time,json=notBeforeTime,proto3" json:"not_before_time,omitempty"`
	// The time after which the certificate is expired.
	// Per RFC 5280, the validity period for a certificate is the period of time
	// from not_before_time through not_after_time, inclusive.
	// Corresponds to 'not_before_time' + 'lifetime' - 1 second.
	NotAfterTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=not_after_time,json=notAfterTime,proto3" json:"not_after_time,omitempty"`
	// contains filtered or unexported fields
}

These values describe fields in an issued X.509 certificate such as the distinguished name, subject alternative names, serial number, and lifetime.

func (*CertificateDescription_SubjectDescription) Descriptor deprecated 

func (*CertificateDescription_SubjectDescription) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription_SubjectDescription.ProtoReflect.Descriptor instead.

func (*CertificateDescription_SubjectDescription) GetHexSerialNumber 

func (x *CertificateDescription_SubjectDescription) GetHexSerialNumber() string

func (*CertificateDescription_SubjectDescription) GetLifetime 

func (x *CertificateDescription_SubjectDescription) GetLifetime() *durationpb.Duration

func (*CertificateDescription_SubjectDescription) GetNotAfterTime 

func (x *CertificateDescription_SubjectDescription) GetNotAfterTime() *timestamppb.Timestamp

func (*CertificateDescription_SubjectDescription) GetNotBeforeTime 

func (x *CertificateDescription_SubjectDescription) GetNotBeforeTime() *timestamppb.Timestamp

func (*CertificateDescription_SubjectDescription) GetSubject 

func (x *CertificateDescription_SubjectDescription) GetSubject() *Subject

func (*CertificateDescription_SubjectDescription) GetSubjectAltName 

func (x *CertificateDescription_SubjectDescription) GetSubjectAltName() *SubjectAltNames

func (*CertificateDescription_SubjectDescription) ProtoMessage 

func (*CertificateDescription_SubjectDescription) ProtoMessage()

func (*CertificateDescription_SubjectDescription) ProtoReflect 

func (x *CertificateDescription_SubjectDescription) ProtoReflect() protoreflect.Message

func (*CertificateDescription_SubjectDescription) Reset 

func (x *CertificateDescription_SubjectDescription) Reset()

func (*CertificateDescription_SubjectDescription) String 

func (x *CertificateDescription_SubjectDescription) String() string

type CertificateExtensionConstraints 

type CertificateExtensionConstraints struct {

	// Optional. A set of named X.509 extensions. Will be combined with
	// [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
	KnownExtensions []CertificateExtensionConstraints_KnownCertificateExtension `` /* 212-byte string literal not displayed */
	// Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
	// Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
	// X.509 extensions.
	AdditionalExtensions []*ObjectId `protobuf:"bytes,2,rep,name=additional_extensions,json=additionalExtensions,proto3" json:"additional_extensions,omitempty"`
	// contains filtered or unexported fields
}

Describes a set of X.509 extensions that may be part of some certificate issuance controls.

func (*CertificateExtensionConstraints) Descriptor deprecated 

func (*CertificateExtensionConstraints) Descriptor() ([]byte, []int)

Deprecated: Use CertificateExtensionConstraints.ProtoReflect.Descriptor instead.

func (*CertificateExtensionConstraints) GetAdditionalExtensions 

func (x *CertificateExtensionConstraints) GetAdditionalExtensions() []*ObjectId

func (*CertificateExtensionConstraints) GetKnownExtensions 

func (x *CertificateExtensionConstraints) GetKnownExtensions() []CertificateExtensionConstraints_KnownCertificateExtension

func (*CertificateExtensionConstraints) ProtoMessage 

func (*CertificateExtensionConstraints) ProtoMessage()

func (*CertificateExtensionConstraints) ProtoReflect 

func (x *CertificateExtensionConstraints) ProtoReflect() protoreflect.Message

func (*CertificateExtensionConstraints) Reset 

func (x *CertificateExtensionConstraints) Reset()

func (*CertificateExtensionConstraints) String 

func (x *CertificateExtensionConstraints) String() string

type CertificateExtensionConstraints_KnownCertificateExtension 

type CertificateExtensionConstraints_KnownCertificateExtension int32

Describes well-known X.509 extensions that can appear in a Certificate[google.cloud.security.privateca.v1.Certificate], not including the SubjectAltNames[google.cloud.security.privateca.v1.SubjectAltNames] extension. 

const (
	// Not specified.
	CertificateExtensionConstraints_KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED CertificateExtensionConstraints_KnownCertificateExtension = 0
	// Refers to a certificate's Key Usage extension, as described in [RFC 5280
	// section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
	// This corresponds to the [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage] field.
	CertificateExtensionConstraints_BASE_KEY_USAGE CertificateExtensionConstraints_KnownCertificateExtension = 1
	// Refers to a certificate's Extended Key Usage extension, as described in
	// [RFC 5280
	// section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
	// This corresponds to the [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage] message.
	CertificateExtensionConstraints_EXTENDED_KEY_USAGE CertificateExtensionConstraints_KnownCertificateExtension = 2
	// Refers to a certificate's Basic Constraints extension, as described in
	// [RFC 5280
	// section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
	// This corresponds to the [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options] field.
	CertificateExtensionConstraints_CA_OPTIONS CertificateExtensionConstraints_KnownCertificateExtension = 3
	// Refers to a certificate's Policy object identifiers, as described in
	// [RFC 5280
	// section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
	// This corresponds to the [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids] field.
	CertificateExtensionConstraints_POLICY_IDS CertificateExtensionConstraints_KnownCertificateExtension = 4
	// Refers to OCSP servers in a certificate's Authority Information Access
	// extension, as described in
	// [RFC 5280
	// section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
	// This corresponds to the [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers] field.
	CertificateExtensionConstraints_AIA_OCSP_SERVERS CertificateExtensionConstraints_KnownCertificateExtension = 5
)

func (CertificateExtensionConstraints_KnownCertificateExtension) Descriptor 

func (CertificateExtensionConstraints_KnownCertificateExtension) Descriptor() protoreflect.EnumDescriptor

func (CertificateExtensionConstraints_KnownCertificateExtension) Enum 

func (x CertificateExtensionConstraints_KnownCertificateExtension) Enum() *CertificateExtensionConstraints_KnownCertificateExtension

func (CertificateExtensionConstraints_KnownCertificateExtension) EnumDescriptor deprecated 

func (CertificateExtensionConstraints_KnownCertificateExtension) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateExtensionConstraints_KnownCertificateExtension.Descriptor instead.

func (CertificateExtensionConstraints_KnownCertificateExtension) Number 

func (x CertificateExtensionConstraints_KnownCertificateExtension) Number() protoreflect.EnumNumber

func (CertificateExtensionConstraints_KnownCertificateExtension) String 

func (x CertificateExtensionConstraints_KnownCertificateExtension) String() string

func (CertificateExtensionConstraints_KnownCertificateExtension) Type 

func (CertificateExtensionConstraints_KnownCertificateExtension) Type() protoreflect.EnumType

type CertificateIdentityConstraints 

type CertificateIdentityConstraints struct {

	// Optional. A CEL expression that may be used to validate the resolved X.509 Subject
	// and/or Subject Alternative Name before a certificate is signed.
	// To see the full allowed syntax and some examples, see
	// https://cloud.google.com/certificate-authority-service/docs/using-cel
	CelExpression *expr.Expr `protobuf:"bytes,1,opt,name=cel_expression,json=celExpression,proto3" json:"cel_expression,omitempty"`
	// Required. If this is true, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
	// request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
	// will be discarded.
	AllowSubjectPassthrough *bool `` /* 139-byte string literal not displayed */
	// Required. If this is true, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
	// certificate request into the signed certificate. Otherwise, the requested
	// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
	AllowSubjectAltNamesPassthrough *bool `` /* 167-byte string literal not displayed */
	// contains filtered or unexported fields
}

Describes constraints on a Certificate[google.cloud.security.privateca.v1.Certificate]'s Subject[google.cloud.security.privateca.v1.Subject] and SubjectAltNames[google.cloud.security.privateca.v1.SubjectAltNames].

func (*CertificateIdentityConstraints) Descriptor deprecated 

func (*CertificateIdentityConstraints) Descriptor() ([]byte, []int)

Deprecated: Use CertificateIdentityConstraints.ProtoReflect.Descriptor instead.

func (*CertificateIdentityConstraints) GetAllowSubjectAltNamesPassthrough 

func (x *CertificateIdentityConstraints) GetAllowSubjectAltNamesPassthrough() bool

func (*CertificateIdentityConstraints) GetAllowSubjectPassthrough 

func (x *CertificateIdentityConstraints) GetAllowSubjectPassthrough() bool

func (*CertificateIdentityConstraints) GetCelExpression 

func (x *CertificateIdentityConstraints) GetCelExpression() *expr.Expr

func (*CertificateIdentityConstraints) ProtoMessage 

func (*CertificateIdentityConstraints) ProtoMessage()

func (*CertificateIdentityConstraints) ProtoReflect 

func (x *CertificateIdentityConstraints) ProtoReflect() protoreflect.Message

func (*CertificateIdentityConstraints) Reset 

func (x *CertificateIdentityConstraints) Reset()

func (*CertificateIdentityConstraints) String 

func (x *CertificateIdentityConstraints) String() string

type CertificateRevocationList 

type CertificateRevocationList struct {

	// Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
	// the format
	// `projects/*/locations/*/caPools/*certificateAuthorities/*/
	//    certificateRevocationLists/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The CRL sequence number that appears in pem_crl.
	SequenceNumber int64 `protobuf:"varint,2,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"`
	// Output only. The revoked serial numbers that appear in pem_crl.
	RevokedCertificates []*CertificateRevocationList_RevokedCertificate `protobuf:"bytes,3,rep,name=revoked_certificates,json=revokedCertificates,proto3" json:"revoked_certificates,omitempty"`
	// Output only. The PEM-encoded X.509 CRL.
	PemCrl string `protobuf:"bytes,4,opt,name=pem_crl,json=pemCrl,proto3" json:"pem_crl,omitempty"`
	// Output only. The location where 'pem_crl' can be accessed.
	AccessUrl string `protobuf:"bytes,5,opt,name=access_url,json=accessUrl,proto3" json:"access_url,omitempty"`
	// Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	State CertificateRevocationList_State `` /* 136-byte string literal not displayed */
	// Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
	// committed whenever a new CRL is published. The format is an 8-character
	// hexadecimal string.
	RevisionId string `protobuf:"bytes,9,opt,name=revision_id,json=revisionId,proto3" json:"revision_id,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CertificateRevocationList[google.cloud.security.privateca.v1.CertificateRevocationList] corresponds to a signed X.509 certificate Revocation List (CRL). A CRL contains the serial numbers of certificates that should no longer be trusted.

func (*CertificateRevocationList) Descriptor deprecated 

func (*CertificateRevocationList) Descriptor() ([]byte, []int)

Deprecated: Use CertificateRevocationList.ProtoReflect.Descriptor instead.

func (*CertificateRevocationList) GetAccessUrl 

func (x *CertificateRevocationList) GetAccessUrl() string

func (*CertificateRevocationList) GetCreateTime 

func (x *CertificateRevocationList) GetCreateTime() *timestamppb.Timestamp

func (*CertificateRevocationList) GetLabels 

func (x *CertificateRevocationList) GetLabels() map[string]string

func (*CertificateRevocationList) GetName 

func (x *CertificateRevocationList) GetName() string

func (*CertificateRevocationList) GetPemCrl 

func (x *CertificateRevocationList) GetPemCrl() string

func (*CertificateRevocationList) GetRevisionId 

func (x *CertificateRevocationList) GetRevisionId() string

func (*CertificateRevocationList) GetRevokedCertificates 

func (x *CertificateRevocationList) GetRevokedCertificates() []*CertificateRevocationList_RevokedCertificate

func (*CertificateRevocationList) GetSequenceNumber 

func (x *CertificateRevocationList) GetSequenceNumber() int64

func (*CertificateRevocationList) GetState 

func (x *CertificateRevocationList) GetState() CertificateRevocationList_State

func (*CertificateRevocationList) GetUpdateTime 

func (x *CertificateRevocationList) GetUpdateTime() *timestamppb.Timestamp

func (*CertificateRevocationList) ProtoMessage 

func (*CertificateRevocationList) ProtoMessage()

func (*CertificateRevocationList) ProtoReflect 

func (x *CertificateRevocationList) ProtoReflect() protoreflect.Message

func (*CertificateRevocationList) Reset 

func (x *CertificateRevocationList) Reset()

func (*CertificateRevocationList) String 

func (x *CertificateRevocationList) String() string

type CertificateRevocationList_RevokedCertificate 

type CertificateRevocationList_RevokedCertificate struct {

	// The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
	// `projects/*/locations/*/caPools/*/certificates/*`.
	Certificate string `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
	HexSerialNumber string `protobuf:"bytes,2,opt,name=hex_serial_number,json=hexSerialNumber,proto3" json:"hex_serial_number,omitempty"`
	// The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
	RevocationReason RevocationReason `` /* 167-byte string literal not displayed */
	// contains filtered or unexported fields
}

Describes a revoked Certificate[google.cloud.security.privateca.v1.Certificate].

func (*CertificateRevocationList_RevokedCertificate) Descriptor deprecated 

func (*CertificateRevocationList_RevokedCertificate) Descriptor() ([]byte, []int)

Deprecated: Use CertificateRevocationList_RevokedCertificate.ProtoReflect.Descriptor instead.

func (*CertificateRevocationList_RevokedCertificate) GetCertificate 

func (x *CertificateRevocationList_RevokedCertificate) GetCertificate() string

func (*CertificateRevocationList_RevokedCertificate) GetHexSerialNumber 

func (x *CertificateRevocationList_RevokedCertificate) GetHexSerialNumber() string

func (*CertificateRevocationList_RevokedCertificate) GetRevocationReason 

func (x *CertificateRevocationList_RevokedCertificate) GetRevocationReason() RevocationReason

func (*CertificateRevocationList_RevokedCertificate) ProtoMessage 

func (*CertificateRevocationList_RevokedCertificate) ProtoMessage()

func (*CertificateRevocationList_RevokedCertificate) ProtoReflect 

func (x *CertificateRevocationList_RevokedCertificate) ProtoReflect() protoreflect.Message

func (*CertificateRevocationList_RevokedCertificate) Reset 

func (x *CertificateRevocationList_RevokedCertificate) Reset()

func (*CertificateRevocationList_RevokedCertificate) String 

func (x *CertificateRevocationList_RevokedCertificate) String() string

type CertificateRevocationList_State 

type CertificateRevocationList_State int32

The state of a CertificateRevocationList[google.cloud.security.privateca.v1.CertificateRevocationList], indicating if it is current. 

const (
	// Not specified.
	CertificateRevocationList_STATE_UNSPECIFIED CertificateRevocationList_State = 0
	// The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is up to date.
	CertificateRevocationList_ACTIVE CertificateRevocationList_State = 1
	// The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is no longer current.
	CertificateRevocationList_SUPERSEDED CertificateRevocationList_State = 2
)

func (CertificateRevocationList_State) Descriptor 

func (CertificateRevocationList_State) Descriptor() protoreflect.EnumDescriptor

func (CertificateRevocationList_State) Enum 

func (x CertificateRevocationList_State) Enum() *CertificateRevocationList_State

func (CertificateRevocationList_State) EnumDescriptor deprecated 

func (CertificateRevocationList_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateRevocationList_State.Descriptor instead.

func (CertificateRevocationList_State) Number 

func (x CertificateRevocationList_State) Number() protoreflect.EnumNumber

func (CertificateRevocationList_State) String 

func (x CertificateRevocationList_State) String() string

func (CertificateRevocationList_State) Type 

func (CertificateRevocationList_State) Type() protoreflect.EnumType

type CertificateTemplate 

type CertificateTemplate struct {

	// Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
	// `projects/*/locations/*/certificateTemplates/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. A set of X.509 values that will be applied to all issued certificates that
	// use this template. If the certificate request includes conflicting values
	// for the same properties, they will be overwritten by the values defined
	// here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
	// defines conflicting
	// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
	// properties, the certificate issuance request will fail.
	PredefinedValues *X509Parameters `protobuf:"bytes,2,opt,name=predefined_values,json=predefinedValues,proto3" json:"predefined_values,omitempty"`
	// Optional. Describes constraints on identities that may be appear in
	// [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
	// then this template will not add restrictions on a certificate's identity.
	IdentityConstraints *CertificateIdentityConstraints `protobuf:"bytes,3,opt,name=identity_constraints,json=identityConstraints,proto3" json:"identity_constraints,omitempty"`
	// Optional. Describes the set of X.509 extensions that may appear in a
	// [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
	// request sets extensions that don't appear in the
	// [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
	// issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
	// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
	// here, the certificate issuance request will fail. If this is omitted, then
	// this template will not add restrictions on a certificate's X.509
	// extensions. These constraints do not apply to X.509 extensions set in this
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
	PassthroughExtensions *CertificateExtensionConstraints `protobuf:"bytes,4,opt,name=passthrough_extensions,json=passthroughExtensions,proto3" json:"passthrough_extensions,omitempty"`
	// Optional. A human-readable description of scenarios this template is intended for.
	Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`
	// Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 153-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CertificateTemplate[google.cloud.security.privateca.v1.CertificateTemplate] refers to a managed template for certificate issuance.

func (*CertificateTemplate) Descriptor deprecated 

func (*CertificateTemplate) Descriptor() ([]byte, []int)

Deprecated: Use CertificateTemplate.ProtoReflect.Descriptor instead.

func (*CertificateTemplate) GetCreateTime 

func (x *CertificateTemplate) GetCreateTime() *timestamppb.Timestamp

func (*CertificateTemplate) GetDescription 

func (x *CertificateTemplate) GetDescription() string

func (*CertificateTemplate) GetIdentityConstraints 

func (x *CertificateTemplate) GetIdentityConstraints() *CertificateIdentityConstraints

func (*CertificateTemplate) GetLabels 

func (x *CertificateTemplate) GetLabels() map[string]string

func (*CertificateTemplate) GetName 

func (x *CertificateTemplate) GetName() string

func (*CertificateTemplate) GetPassthroughExtensions 

func (x *CertificateTemplate) GetPassthroughExtensions() *CertificateExtensionConstraints

func (*CertificateTemplate) GetPredefinedValues 

func (x *CertificateTemplate) GetPredefinedValues() *X509Parameters

func (*CertificateTemplate) GetUpdateTime 

func (x *CertificateTemplate) GetUpdateTime() *timestamppb.Timestamp

func (*CertificateTemplate) ProtoMessage 

func (*CertificateTemplate) ProtoMessage()

func (*CertificateTemplate) ProtoReflect 

func (x *CertificateTemplate) ProtoReflect() protoreflect.Message

func (*CertificateTemplate) Reset 

func (x *CertificateTemplate) Reset()

func (*CertificateTemplate) String 

func (x *CertificateTemplate) String() string

type Certificate_Config 

type Certificate_Config struct {
	// Immutable. A description of the certificate and key that does not require X.509 or
	// ASN.1.
	Config *CertificateConfig `protobuf:"bytes,3,opt,name=config,proto3,oneof"`
}

type Certificate_PemCsr 

type Certificate_PemCsr struct {
	// Immutable. A pem-encoded X.509 certificate signing request (CSR).
	PemCsr string `protobuf:"bytes,2,opt,name=pem_csr,json=pemCsr,proto3,oneof"`
}

type Certificate_RevocationDetails 

type Certificate_RevocationDetails struct {

	// Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
	RevocationState RevocationReason `` /* 164-byte string literal not displayed */
	// The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
	RevocationTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=revocation_time,json=revocationTime,proto3" json:"revocation_time,omitempty"`
	// contains filtered or unexported fields
}

Describes fields that are relavent to the revocation of a Certificate[google.cloud.security.privateca.v1.Certificate].

func (*Certificate_RevocationDetails) Descriptor deprecated 

func (*Certificate_RevocationDetails) Descriptor() ([]byte, []int)

Deprecated: Use Certificate_RevocationDetails.ProtoReflect.Descriptor instead.

func (*Certificate_RevocationDetails) GetRevocationState 

func (x *Certificate_RevocationDetails) GetRevocationState() RevocationReason

func (*Certificate_RevocationDetails) GetRevocationTime 

func (x *Certificate_RevocationDetails) GetRevocationTime() *timestamppb.Timestamp

func (*Certificate_RevocationDetails) ProtoMessage 

func (*Certificate_RevocationDetails) ProtoMessage()

func (*Certificate_RevocationDetails) ProtoReflect 

func (x *Certificate_RevocationDetails) ProtoReflect() protoreflect.Message

func (*Certificate_RevocationDetails) Reset 

func (x *Certificate_RevocationDetails) Reset()

func (*Certificate_RevocationDetails) String 

func (x *Certificate_RevocationDetails) String() string

type CreateCaPoolRequest 

type CreateCaPoolRequest struct {

	// Required. The resource name of the location associated with the
	// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	CaPoolId string `protobuf:"bytes,2,opt,name=ca_pool_id,json=caPoolId,proto3" json:"ca_pool_id,omitempty"`
	// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
	CaPool *CaPool `protobuf:"bytes,3,opt,name=ca_pool,json=caPool,proto3" json:"ca_pool,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.CreateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool].

func (*CreateCaPoolRequest) Descriptor deprecated 

func (*CreateCaPoolRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCaPoolRequest.ProtoReflect.Descriptor instead.

func (*CreateCaPoolRequest) GetCaPool 

func (x *CreateCaPoolRequest) GetCaPool() *CaPool

func (*CreateCaPoolRequest) GetCaPoolId 

func (x *CreateCaPoolRequest) GetCaPoolId() string

func (*CreateCaPoolRequest) GetParent 

func (x *CreateCaPoolRequest) GetParent() string

func (*CreateCaPoolRequest) GetRequestId 

func (x *CreateCaPoolRequest) GetRequestId() string

func (*CreateCaPoolRequest) ProtoMessage 

func (*CreateCaPoolRequest) ProtoMessage()

func (*CreateCaPoolRequest) ProtoReflect 

func (x *CreateCaPoolRequest) ProtoReflect() protoreflect.Message

func (*CreateCaPoolRequest) Reset 

func (x *CreateCaPoolRequest) Reset()

func (*CreateCaPoolRequest) String 

func (x *CreateCaPoolRequest) String() string

type CreateCertificateAuthorityRequest 

type CreateCertificateAuthorityRequest struct {

	// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
	// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
	// `projects/*/locations/*/caPools/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	CertificateAuthorityId string `` /* 129-byte string literal not displayed */
	// Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
	CertificateAuthority *CertificateAuthority `protobuf:"bytes,3,opt,name=certificate_authority,json=certificateAuthority,proto3" json:"certificate_authority,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority].

func (*CreateCertificateAuthorityRequest) Descriptor deprecated 

func (*CreateCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*CreateCertificateAuthorityRequest) GetCertificateAuthority 

func (x *CreateCertificateAuthorityRequest) GetCertificateAuthority() *CertificateAuthority

func (*CreateCertificateAuthorityRequest) GetCertificateAuthorityId 

func (x *CreateCertificateAuthorityRequest) GetCertificateAuthorityId() string

func (*CreateCertificateAuthorityRequest) GetParent 

func (x *CreateCertificateAuthorityRequest) GetParent() string

func (*CreateCertificateAuthorityRequest) GetRequestId 

func (x *CreateCertificateAuthorityRequest) GetRequestId() string

func (*CreateCertificateAuthorityRequest) ProtoMessage 

func (*CreateCertificateAuthorityRequest) ProtoMessage()

func (*CreateCertificateAuthorityRequest) ProtoReflect 

func (x *CreateCertificateAuthorityRequest) ProtoReflect() protoreflect.Message

func (*CreateCertificateAuthorityRequest) Reset 

func (x *CreateCertificateAuthorityRequest) Reset()

func (*CreateCertificateAuthorityRequest) String 

func (x *CreateCertificateAuthorityRequest) String() string

type CreateCertificateRequest 

type CreateCertificateRequest struct {

	// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
	// in the format `projects/*/locations/*/caPools/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
	// but is optional and its value is ignored otherwise.
	CertificateId string `protobuf:"bytes,2,opt,name=certificate_id,json=certificateId,proto3" json:"certificate_id,omitempty"`
	// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
	Certificate *Certificate `protobuf:"bytes,3,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and the
	// request times out. If you make the request again with the same request ID,
	// the server can check if original operation with the same request ID was
	// received, and if so, will ignore the second request. This prevents clients
	// from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
	// of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
	// will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
	ValidateOnly bool `protobuf:"varint,5,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
	// Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
	// certificate.  This optional field will ignore the load-balancing scheme of
	// the Pool and directly issue the certificate from the CA with the specified
	// ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
	// rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
	// the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
	// a Certificate Authority with resource name
	// "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
	// you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
	// "projects/my-project/locations/us-central1/caPools/my-pool" and the
	// [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
	IssuingCertificateAuthorityId string `` /* 152-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].

func (*CreateCertificateRequest) Descriptor deprecated 

func (*CreateCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCertificateRequest.ProtoReflect.Descriptor instead.

func (*CreateCertificateRequest) GetCertificate 

func (x *CreateCertificateRequest) GetCertificate() *Certificate

func (*CreateCertificateRequest) GetCertificateId 

func (x *CreateCertificateRequest) GetCertificateId() string

func (*CreateCertificateRequest) GetIssuingCertificateAuthorityId 

func (x *CreateCertificateRequest) GetIssuingCertificateAuthorityId() string

func (*CreateCertificateRequest) GetParent 

func (x *CreateCertificateRequest) GetParent() string

func (*CreateCertificateRequest) GetRequestId 

func (x *CreateCertificateRequest) GetRequestId() string

func (*CreateCertificateRequest) GetValidateOnly 

func (x *CreateCertificateRequest) GetValidateOnly() bool

func (*CreateCertificateRequest) ProtoMessage 

func (*CreateCertificateRequest) ProtoMessage()

func (*CreateCertificateRequest) ProtoReflect 

func (x *CreateCertificateRequest) ProtoReflect() protoreflect.Message

func (*CreateCertificateRequest) Reset 

func (x *CreateCertificateRequest) Reset()

func (*CreateCertificateRequest) String 

func (x *CreateCertificateRequest) String() string

type CreateCertificateTemplateRequest 

type CreateCertificateTemplateRequest struct {

	// Required. The resource name of the location associated with the
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	CertificateTemplateId string `` /* 126-byte string literal not displayed */
	// Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
	CertificateTemplate *CertificateTemplate `protobuf:"bytes,3,opt,name=certificate_template,json=certificateTemplate,proto3" json:"certificate_template,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.CreateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate].

func (*CreateCertificateTemplateRequest) Descriptor deprecated 

func (*CreateCertificateTemplateRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCertificateTemplateRequest.ProtoReflect.Descriptor instead.

func (*CreateCertificateTemplateRequest) GetCertificateTemplate 

func (x *CreateCertificateTemplateRequest) GetCertificateTemplate() *CertificateTemplate

func (*CreateCertificateTemplateRequest) GetCertificateTemplateId 

func (x *CreateCertificateTemplateRequest) GetCertificateTemplateId() string

func (*CreateCertificateTemplateRequest) GetParent 

func (x *CreateCertificateTemplateRequest) GetParent() string

func (*CreateCertificateTemplateRequest) GetRequestId 

func (x *CreateCertificateTemplateRequest) GetRequestId() string

func (*CreateCertificateTemplateRequest) ProtoMessage 

func (*CreateCertificateTemplateRequest) ProtoMessage()

func (*CreateCertificateTemplateRequest) ProtoReflect 

func (x *CreateCertificateTemplateRequest) ProtoReflect() protoreflect.Message

func (*CreateCertificateTemplateRequest) Reset 

func (x *CreateCertificateTemplateRequest) Reset()

func (*CreateCertificateTemplateRequest) String 

func (x *CreateCertificateTemplateRequest) String() string

type DeleteCaPoolRequest 

type DeleteCaPoolRequest struct {

	// Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
	// format `projects/*/locations/*/caPools/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.DeleteCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool].

func (*DeleteCaPoolRequest) Descriptor deprecated 

func (*DeleteCaPoolRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteCaPoolRequest.ProtoReflect.Descriptor instead.

func (*DeleteCaPoolRequest) GetName 

func (x *DeleteCaPoolRequest) GetName() string

func (*DeleteCaPoolRequest) GetRequestId 

func (x *DeleteCaPoolRequest) GetRequestId() string

func (*DeleteCaPoolRequest) ProtoMessage 

func (*DeleteCaPoolRequest) ProtoMessage()

func (*DeleteCaPoolRequest) ProtoReflect 

func (x *DeleteCaPoolRequest) ProtoReflect() protoreflect.Message

func (*DeleteCaPoolRequest) Reset 

func (x *DeleteCaPoolRequest) Reset()

func (*DeleteCaPoolRequest) String 

func (x *DeleteCaPoolRequest) String() string

type DeleteCertificateAuthorityRequest 

type DeleteCertificateAuthorityRequest struct {

	// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
	// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// Optional. This field allows the CA to be deleted even if the CA has
	// active certs. Active certs include both unrevoked and unexpired certs.
	IgnoreActiveCertificates bool `` /* 136-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.DeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority].

func (*DeleteCertificateAuthorityRequest) Descriptor deprecated 

func (*DeleteCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*DeleteCertificateAuthorityRequest) GetIgnoreActiveCertificates 

func (x *DeleteCertificateAuthorityRequest) GetIgnoreActiveCertificates() bool

func (*DeleteCertificateAuthorityRequest) GetName 

func (x *DeleteCertificateAuthorityRequest) GetName() string

func (*DeleteCertificateAuthorityRequest) GetRequestId 

func (x *DeleteCertificateAuthorityRequest) GetRequestId() string

func (*DeleteCertificateAuthorityRequest) ProtoMessage 

func (*DeleteCertificateAuthorityRequest) ProtoMessage()

func (*DeleteCertificateAuthorityRequest) ProtoReflect 

func (x *DeleteCertificateAuthorityRequest) ProtoReflect() protoreflect.Message

func (*DeleteCertificateAuthorityRequest) Reset 

func (x *DeleteCertificateAuthorityRequest) Reset()

func (*DeleteCertificateAuthorityRequest) String 

func (x *DeleteCertificateAuthorityRequest) String() string

type DeleteCertificateTemplateRequest 

type DeleteCertificateTemplateRequest struct {

	// Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
	// `projects/*/locations/*/certificateTemplates/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.DeleteCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate].

func (*DeleteCertificateTemplateRequest) Descriptor deprecated 

func (*DeleteCertificateTemplateRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteCertificateTemplateRequest.ProtoReflect.Descriptor instead.

func (*DeleteCertificateTemplateRequest) GetName 

func (x *DeleteCertificateTemplateRequest) GetName() string

func (*DeleteCertificateTemplateRequest) GetRequestId 

func (x *DeleteCertificateTemplateRequest) GetRequestId() string

func (*DeleteCertificateTemplateRequest) ProtoMessage 

func (*DeleteCertificateTemplateRequest) ProtoMessage()

func (*DeleteCertificateTemplateRequest) ProtoReflect 

func (x *DeleteCertificateTemplateRequest) ProtoReflect() protoreflect.Message

func (*DeleteCertificateTemplateRequest) Reset 

func (x *DeleteCertificateTemplateRequest) Reset()

func (*DeleteCertificateTemplateRequest) String 

func (x *DeleteCertificateTemplateRequest) String() string

type DisableCertificateAuthorityRequest 

type DisableCertificateAuthorityRequest struct {

	// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
	// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority].

func (*DisableCertificateAuthorityRequest) Descriptor deprecated 

func (*DisableCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use DisableCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*DisableCertificateAuthorityRequest) GetName 

func (x *DisableCertificateAuthorityRequest) GetName() string

func (*DisableCertificateAuthorityRequest) GetRequestId 

func (x *DisableCertificateAuthorityRequest) GetRequestId() string

func (*DisableCertificateAuthorityRequest) ProtoMessage 

func (*DisableCertificateAuthorityRequest) ProtoMessage()

func (*DisableCertificateAuthorityRequest) ProtoReflect 

func (x *DisableCertificateAuthorityRequest) ProtoReflect() protoreflect.Message

func (*DisableCertificateAuthorityRequest) Reset 

func (x *DisableCertificateAuthorityRequest) Reset()

func (*DisableCertificateAuthorityRequest) String 

func (x *DisableCertificateAuthorityRequest) String() string

type EnableCertificateAuthorityRequest 

type EnableCertificateAuthorityRequest struct {

	// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
	// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority].

func (*EnableCertificateAuthorityRequest) Descriptor deprecated 

func (*EnableCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use EnableCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*EnableCertificateAuthorityRequest) GetName 

func (x *EnableCertificateAuthorityRequest) GetName() string

func (*EnableCertificateAuthorityRequest) GetRequestId 

func (x *EnableCertificateAuthorityRequest) GetRequestId() string

func (*EnableCertificateAuthorityRequest) ProtoMessage 

func (*EnableCertificateAuthorityRequest) ProtoMessage()

func (*EnableCertificateAuthorityRequest) ProtoReflect 

func (x *EnableCertificateAuthorityRequest) ProtoReflect() protoreflect.Message

func (*EnableCertificateAuthorityRequest) Reset 

func (x *EnableCertificateAuthorityRequest) Reset()

func (*EnableCertificateAuthorityRequest) String 

func (x *EnableCertificateAuthorityRequest) String() string

type FetchCaCertsRequest 

type FetchCaCertsRequest struct {

	// Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
	// format `projects/*/locations/*/caPools/*`.
	CaPool string `protobuf:"bytes,1,opt,name=ca_pool,json=caPool,proto3" json:"ca_pool,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].

func (*FetchCaCertsRequest) Descriptor deprecated 

func (*FetchCaCertsRequest) Descriptor() ([]byte, []int)

Deprecated: Use FetchCaCertsRequest.ProtoReflect.Descriptor instead.

func (*FetchCaCertsRequest) GetCaPool 

func (x *FetchCaCertsRequest) GetCaPool() string

func (*FetchCaCertsRequest) GetRequestId 

func (x *FetchCaCertsRequest) GetRequestId() string

func (*FetchCaCertsRequest) ProtoMessage 

func (*FetchCaCertsRequest) ProtoMessage()

func (*FetchCaCertsRequest) ProtoReflect 

func (x *FetchCaCertsRequest) ProtoReflect() protoreflect.Message

func (*FetchCaCertsRequest) Reset 

func (x *FetchCaCertsRequest) Reset()

func (*FetchCaCertsRequest) String 

func (x *FetchCaCertsRequest) String() string

type FetchCaCertsResponse 

type FetchCaCertsResponse struct {

	// The PEM encoded CA certificate chains of all
	// [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
	CaCerts []*FetchCaCertsResponse_CertChain `protobuf:"bytes,1,rep,name=ca_certs,json=caCerts,proto3" json:"ca_certs,omitempty"`
	// contains filtered or unexported fields
}

Response message for [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].

func (*FetchCaCertsResponse) Descriptor deprecated 

func (*FetchCaCertsResponse) Descriptor() ([]byte, []int)

Deprecated: Use FetchCaCertsResponse.ProtoReflect.Descriptor instead.

func (*FetchCaCertsResponse) GetCaCerts 

func (x *FetchCaCertsResponse) GetCaCerts() []*FetchCaCertsResponse_CertChain

func (*FetchCaCertsResponse) ProtoMessage 

func (*FetchCaCertsResponse) ProtoMessage()

func (*FetchCaCertsResponse) ProtoReflect 

func (x *FetchCaCertsResponse) ProtoReflect() protoreflect.Message

func (*FetchCaCertsResponse) Reset 

func (x *FetchCaCertsResponse) Reset()

func (*FetchCaCertsResponse) String 

func (x *FetchCaCertsResponse) String() string

type FetchCaCertsResponse_CertChain 

type FetchCaCertsResponse_CertChain struct {

	// The certificates that form the CA chain, from leaf to root order.
	Certificates []string `protobuf:"bytes,1,rep,name=certificates,proto3" json:"certificates,omitempty"`
	// contains filtered or unexported fields
}

func (*FetchCaCertsResponse_CertChain) Descriptor deprecated 

func (*FetchCaCertsResponse_CertChain) Descriptor() ([]byte, []int)

Deprecated: Use FetchCaCertsResponse_CertChain.ProtoReflect.Descriptor instead.

func (*FetchCaCertsResponse_CertChain) GetCertificates 

func (x *FetchCaCertsResponse_CertChain) GetCertificates() []string

func (*FetchCaCertsResponse_CertChain) ProtoMessage 

func (*FetchCaCertsResponse_CertChain) ProtoMessage()

func (*FetchCaCertsResponse_CertChain) ProtoReflect 

func (x *FetchCaCertsResponse_CertChain) ProtoReflect() protoreflect.Message

func (*FetchCaCertsResponse_CertChain) Reset 

func (x *FetchCaCertsResponse_CertChain) Reset()

func (*FetchCaCertsResponse_CertChain) String 

func (x *FetchCaCertsResponse_CertChain) String() string

type FetchCertificateAuthorityCsrRequest 

type FetchCertificateAuthorityCsrRequest struct {

	// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
	// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].

func (*FetchCertificateAuthorityCsrRequest) Descriptor deprecated 

func (*FetchCertificateAuthorityCsrRequest) Descriptor() ([]byte, []int)

Deprecated: Use FetchCertificateAuthorityCsrRequest.ProtoReflect.Descriptor instead.

func (*FetchCertificateAuthorityCsrRequest) GetName 

func (x *FetchCertificateAuthorityCsrRequest) GetName() string

func (*FetchCertificateAuthorityCsrRequest) ProtoMessage 

func (*FetchCertificateAuthorityCsrRequest) ProtoMessage()

func (*FetchCertificateAuthorityCsrRequest) ProtoReflect 

func (x *FetchCertificateAuthorityCsrRequest) ProtoReflect() protoreflect.Message

func (*FetchCertificateAuthorityCsrRequest) Reset 

func (x *FetchCertificateAuthorityCsrRequest) Reset()

func (*FetchCertificateAuthorityCsrRequest) String 

func (x *FetchCertificateAuthorityCsrRequest) String() string

type FetchCertificateAuthorityCsrResponse 

type FetchCertificateAuthorityCsrResponse struct {

	// Output only. The PEM-encoded signed certificate signing request (CSR).
	PemCsr string `protobuf:"bytes,1,opt,name=pem_csr,json=pemCsr,proto3" json:"pem_csr,omitempty"`
	// contains filtered or unexported fields
}

Response message for [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].

func (*FetchCertificateAuthorityCsrResponse) Descriptor deprecated 

func (*FetchCertificateAuthorityCsrResponse) Descriptor() ([]byte, []int)

Deprecated: Use FetchCertificateAuthorityCsrResponse.ProtoReflect.Descriptor instead.

func (*FetchCertificateAuthorityCsrResponse) GetPemCsr 

func (x *FetchCertificateAuthorityCsrResponse) GetPemCsr() string

func (*FetchCertificateAuthorityCsrResponse) ProtoMessage 

func (*FetchCertificateAuthorityCsrResponse) ProtoMessage()

func (*FetchCertificateAuthorityCsrResponse) ProtoReflect 

func (x *FetchCertificateAuthorityCsrResponse) ProtoReflect() protoreflect.Message

func (*FetchCertificateAuthorityCsrResponse) Reset 

func (x *FetchCertificateAuthorityCsrResponse) Reset()

func (*FetchCertificateAuthorityCsrResponse) String 

func (x *FetchCertificateAuthorityCsrResponse) String() string

type GetCaPoolRequest 

type GetCaPoolRequest struct {

	// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].

func (*GetCaPoolRequest) Descriptor deprecated 

func (*GetCaPoolRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCaPoolRequest.ProtoReflect.Descriptor instead.

func (*GetCaPoolRequest) GetName 

func (x *GetCaPoolRequest) GetName() string

func (*GetCaPoolRequest) ProtoMessage 

func (*GetCaPoolRequest) ProtoMessage()

func (*GetCaPoolRequest) ProtoReflect 

func (x *GetCaPoolRequest) ProtoReflect() protoreflect.Message

func (*GetCaPoolRequest) Reset 

func (x *GetCaPoolRequest) Reset()

func (*GetCaPoolRequest) String 

func (x *GetCaPoolRequest) String() string

type GetCertificateAuthorityRequest 

type GetCertificateAuthorityRequest struct {

	// Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
	// get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].

func (*GetCertificateAuthorityRequest) Descriptor deprecated 

func (*GetCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*GetCertificateAuthorityRequest) GetName 

func (x *GetCertificateAuthorityRequest) GetName() string

func (*GetCertificateAuthorityRequest) ProtoMessage 

func (*GetCertificateAuthorityRequest) ProtoMessage()

func (*GetCertificateAuthorityRequest) ProtoReflect 

func (x *GetCertificateAuthorityRequest) ProtoReflect() protoreflect.Message

func (*GetCertificateAuthorityRequest) Reset 

func (x *GetCertificateAuthorityRequest) Reset()

func (*GetCertificateAuthorityRequest) String 

func (x *GetCertificateAuthorityRequest) String() string

type GetCertificateRequest 

type GetCertificateRequest struct {

	// Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate].

func (*GetCertificateRequest) Descriptor deprecated 

func (*GetCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCertificateRequest.ProtoReflect.Descriptor instead.

func (*GetCertificateRequest) GetName 

func (x *GetCertificateRequest) GetName() string

func (*GetCertificateRequest) ProtoMessage 

func (*GetCertificateRequest) ProtoMessage()

func (*GetCertificateRequest) ProtoReflect 

func (x *GetCertificateRequest) ProtoReflect() protoreflect.Message

func (*GetCertificateRequest) Reset 

func (x *GetCertificateRequest) Reset()

func (*GetCertificateRequest) String 

func (x *GetCertificateRequest) String() string

type GetCertificateRevocationListRequest 

type GetCertificateRevocationListRequest struct {

	// Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
	// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList].

func (*GetCertificateRevocationListRequest) Descriptor deprecated 

func (*GetCertificateRevocationListRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCertificateRevocationListRequest.ProtoReflect.Descriptor instead.

func (*GetCertificateRevocationListRequest) GetName 

func (x *GetCertificateRevocationListRequest) GetName() string

func (*GetCertificateRevocationListRequest) ProtoMessage 

func (*GetCertificateRevocationListRequest) ProtoMessage()

func (*GetCertificateRevocationListRequest) ProtoReflect 

func (x *GetCertificateRevocationListRequest) ProtoReflect() protoreflect.Message

func (*GetCertificateRevocationListRequest) Reset 

func (x *GetCertificateRevocationListRequest) Reset()

func (*GetCertificateRevocationListRequest) String 

func (x *GetCertificateRevocationListRequest) String() string

type GetCertificateTemplateRequest 

type GetCertificateTemplateRequest struct {

	// Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
	// get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.GetCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate].

func (*GetCertificateTemplateRequest) Descriptor deprecated 

func (*GetCertificateTemplateRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCertificateTemplateRequest.ProtoReflect.Descriptor instead.

func (*GetCertificateTemplateRequest) GetName 

func (x *GetCertificateTemplateRequest) GetName() string

func (*GetCertificateTemplateRequest) ProtoMessage 

func (*GetCertificateTemplateRequest) ProtoMessage()

func (*GetCertificateTemplateRequest) ProtoReflect 

func (x *GetCertificateTemplateRequest) ProtoReflect() protoreflect.Message

func (*GetCertificateTemplateRequest) Reset 

func (x *GetCertificateTemplateRequest) Reset()

func (*GetCertificateTemplateRequest) String 

func (x *GetCertificateTemplateRequest) String() string

type KeyUsage 

type KeyUsage struct {

	// Describes high-level ways in which a key may be used.
	BaseKeyUsage *KeyUsage_KeyUsageOptions `protobuf:"bytes,1,opt,name=base_key_usage,json=baseKeyUsage,proto3" json:"base_key_usage,omitempty"`
	// Detailed scenarios in which a key may be used.
	ExtendedKeyUsage *KeyUsage_ExtendedKeyUsageOptions `protobuf:"bytes,2,opt,name=extended_key_usage,json=extendedKeyUsage,proto3" json:"extended_key_usage,omitempty"`
	// Used to describe extended key usages that are not listed in the
	// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
	UnknownExtendedKeyUsages []*ObjectId `` /* 137-byte string literal not displayed */
	// contains filtered or unexported fields
}

A KeyUsage[google.cloud.security.privateca.v1.KeyUsage] describes key usage values that may appear in an X.509 certificate.

func (*KeyUsage) Descriptor deprecated 

func (*KeyUsage) Descriptor() ([]byte, []int)

Deprecated: Use KeyUsage.ProtoReflect.Descriptor instead.

func (*KeyUsage) GetBaseKeyUsage 

func (x *KeyUsage) GetBaseKeyUsage() *KeyUsage_KeyUsageOptions

func (*KeyUsage) GetExtendedKeyUsage 

func (x *KeyUsage) GetExtendedKeyUsage() *KeyUsage_ExtendedKeyUsageOptions

func (*KeyUsage) GetUnknownExtendedKeyUsages 

func (x *KeyUsage) GetUnknownExtendedKeyUsages() []*ObjectId

func (*KeyUsage) ProtoMessage 

func (*KeyUsage) ProtoMessage()

func (*KeyUsage) ProtoReflect 

func (x *KeyUsage) ProtoReflect() protoreflect.Message

func (*KeyUsage) Reset 

func (x *KeyUsage) Reset()

func (*KeyUsage) String 

func (x *KeyUsage) String() string

type KeyUsage_ExtendedKeyUsageOptions 

type KeyUsage_ExtendedKeyUsageOptions struct {

	// Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
	// server authentication", though regularly used for non-WWW TLS.
	ServerAuth bool `protobuf:"varint,1,opt,name=server_auth,json=serverAuth,proto3" json:"server_auth,omitempty"`
	// Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
	// client authentication", though regularly used for non-WWW TLS.
	ClientAuth bool `protobuf:"varint,2,opt,name=client_auth,json=clientAuth,proto3" json:"client_auth,omitempty"`
	// Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
	// downloadable executable code client authentication".
	CodeSigning bool `protobuf:"varint,3,opt,name=code_signing,json=codeSigning,proto3" json:"code_signing,omitempty"`
	// Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
	// protection".
	EmailProtection bool `protobuf:"varint,4,opt,name=email_protection,json=emailProtection,proto3" json:"email_protection,omitempty"`
	// Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
	// the hash of an object to a time".
	TimeStamping bool `protobuf:"varint,5,opt,name=time_stamping,json=timeStamping,proto3" json:"time_stamping,omitempty"`
	// Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
	// OCSP responses".
	OcspSigning bool `protobuf:"varint,6,opt,name=ocsp_signing,json=ocspSigning,proto3" json:"ocsp_signing,omitempty"`
	// contains filtered or unexported fields
}

[KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] has fields that correspond to certain common OIDs that could be specified as an extended key usage value.

func (*KeyUsage_ExtendedKeyUsageOptions) Descriptor deprecated 

func (*KeyUsage_ExtendedKeyUsageOptions) Descriptor() ([]byte, []int)

Deprecated: Use KeyUsage_ExtendedKeyUsageOptions.ProtoReflect.Descriptor instead.

func (*KeyUsage_ExtendedKeyUsageOptions) GetClientAuth 

func (x *KeyUsage_ExtendedKeyUsageOptions) GetClientAuth() bool

func (*KeyUsage_ExtendedKeyUsageOptions) GetCodeSigning 

func (x *KeyUsage_ExtendedKeyUsageOptions) GetCodeSigning() bool

func (*KeyUsage_ExtendedKeyUsageOptions) GetEmailProtection 

func (x *KeyUsage_ExtendedKeyUsageOptions) GetEmailProtection() bool

func (*KeyUsage_ExtendedKeyUsageOptions) GetOcspSigning 

func (x *KeyUsage_ExtendedKeyUsageOptions) GetOcspSigning() bool

func (*KeyUsage_ExtendedKeyUsageOptions) GetServerAuth 

func (x *KeyUsage_ExtendedKeyUsageOptions) GetServerAuth() bool

func (*KeyUsage_ExtendedKeyUsageOptions) GetTimeStamping 

func (x *KeyUsage_ExtendedKeyUsageOptions) GetTimeStamping() bool

func (*KeyUsage_ExtendedKeyUsageOptions) ProtoMessage 

func (*KeyUsage_ExtendedKeyUsageOptions) ProtoMessage()

func (*KeyUsage_ExtendedKeyUsageOptions) ProtoReflect 

func (x *KeyUsage_ExtendedKeyUsageOptions) ProtoReflect() protoreflect.Message

func (*KeyUsage_ExtendedKeyUsageOptions) Reset 

func (x *KeyUsage_ExtendedKeyUsageOptions) Reset()

func (*KeyUsage_ExtendedKeyUsageOptions) String 

func (x *KeyUsage_ExtendedKeyUsageOptions) String() string

type KeyUsage_KeyUsageOptions 

type KeyUsage_KeyUsageOptions struct {

	// The key may be used for digital signatures.
	DigitalSignature bool `protobuf:"varint,1,opt,name=digital_signature,json=digitalSignature,proto3" json:"digital_signature,omitempty"`
	// The key may be used for cryptographic commitments. Note that this may
	// also be referred to as "non-repudiation".
	ContentCommitment bool `protobuf:"varint,2,opt,name=content_commitment,json=contentCommitment,proto3" json:"content_commitment,omitempty"`
	// The key may be used to encipher other keys.
	KeyEncipherment bool `protobuf:"varint,3,opt,name=key_encipherment,json=keyEncipherment,proto3" json:"key_encipherment,omitempty"`
	// The key may be used to encipher data.
	DataEncipherment bool `protobuf:"varint,4,opt,name=data_encipherment,json=dataEncipherment,proto3" json:"data_encipherment,omitempty"`
	// The key may be used in a key agreement protocol.
	KeyAgreement bool `protobuf:"varint,5,opt,name=key_agreement,json=keyAgreement,proto3" json:"key_agreement,omitempty"`
	// The key may be used to sign certificates.
	CertSign bool `protobuf:"varint,6,opt,name=cert_sign,json=certSign,proto3" json:"cert_sign,omitempty"`
	// The key may be used sign certificate revocation lists.
	CrlSign bool `protobuf:"varint,7,opt,name=crl_sign,json=crlSign,proto3" json:"crl_sign,omitempty"`
	// The key may be used to encipher only.
	EncipherOnly bool `protobuf:"varint,8,opt,name=encipher_only,json=encipherOnly,proto3" json:"encipher_only,omitempty"`
	// The key may be used to decipher only.
	DecipherOnly bool `protobuf:"varint,9,opt,name=decipher_only,json=decipherOnly,proto3" json:"decipher_only,omitempty"`
	// contains filtered or unexported fields
}

[KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions] corresponds to the key usage values described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.

func (*KeyUsage_KeyUsageOptions) Descriptor deprecated 

func (*KeyUsage_KeyUsageOptions) Descriptor() ([]byte, []int)

Deprecated: Use KeyUsage_KeyUsageOptions.ProtoReflect.Descriptor instead.

func (*KeyUsage_KeyUsageOptions) GetCertSign 

func (x *KeyUsage_KeyUsageOptions) GetCertSign() bool

func (*KeyUsage_KeyUsageOptions) GetContentCommitment 

func (x *KeyUsage_KeyUsageOptions) GetContentCommitment() bool

func (*KeyUsage_KeyUsageOptions) GetCrlSign 

func (x *KeyUsage_KeyUsageOptions) GetCrlSign() bool

func (*KeyUsage_KeyUsageOptions) GetDataEncipherment 

func (x *KeyUsage_KeyUsageOptions) GetDataEncipherment() bool

func (*KeyUsage_KeyUsageOptions) GetDecipherOnly 

func (x *KeyUsage_KeyUsageOptions) GetDecipherOnly() bool

func (*KeyUsage_KeyUsageOptions) GetDigitalSignature 

func (x *KeyUsage_KeyUsageOptions) GetDigitalSignature() bool

func (*KeyUsage_KeyUsageOptions) GetEncipherOnly 

func (x *KeyUsage_KeyUsageOptions) GetEncipherOnly() bool

func (*KeyUsage_KeyUsageOptions) GetKeyAgreement 

func (x *KeyUsage_KeyUsageOptions) GetKeyAgreement() bool

func (*KeyUsage_KeyUsageOptions) GetKeyEncipherment 

func (x *KeyUsage_KeyUsageOptions) GetKeyEncipherment() bool

func (*KeyUsage_KeyUsageOptions) ProtoMessage 

func (*KeyUsage_KeyUsageOptions) ProtoMessage()

func (*KeyUsage_KeyUsageOptions) ProtoReflect 

func (x *KeyUsage_KeyUsageOptions) ProtoReflect() protoreflect.Message

func (*KeyUsage_KeyUsageOptions) Reset 

func (x *KeyUsage_KeyUsageOptions) Reset()

func (*KeyUsage_KeyUsageOptions) String 

func (x *KeyUsage_KeyUsageOptions) String() string

type ListCaPoolsRequest 

type ListCaPoolsRequest struct {

	// Required. The resource name of the location associated with the
	// [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
	// include in the response.
	// Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
	// obtained by including the
	// [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
	// request. If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Pagination token, returned earlier via
	// [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response.
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted.
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].

func (*ListCaPoolsRequest) Descriptor deprecated 

func (*ListCaPoolsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCaPoolsRequest.ProtoReflect.Descriptor instead.

func (*ListCaPoolsRequest) GetFilter 

func (x *ListCaPoolsRequest) GetFilter() string

func (*ListCaPoolsRequest) GetOrderBy 

func (x *ListCaPoolsRequest) GetOrderBy() string

func (*ListCaPoolsRequest) GetPageSize 

func (x *ListCaPoolsRequest) GetPageSize() int32

func (*ListCaPoolsRequest) GetPageToken 

func (x *ListCaPoolsRequest) GetPageToken() string

func (*ListCaPoolsRequest) GetParent 

func (x *ListCaPoolsRequest) GetParent() string

func (*ListCaPoolsRequest) ProtoMessage 

func (*ListCaPoolsRequest) ProtoMessage()

func (*ListCaPoolsRequest) ProtoReflect 

func (x *ListCaPoolsRequest) ProtoReflect() protoreflect.Message

func (*ListCaPoolsRequest) Reset 

func (x *ListCaPoolsRequest) Reset()

func (*ListCaPoolsRequest) String 

func (x *ListCaPoolsRequest) String() string

type ListCaPoolsResponse 

type ListCaPoolsResponse struct {

	// The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
	CaPools []*CaPool `protobuf:"bytes,1,rep,name=ca_pools,json=caPools,proto3" json:"ca_pools,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
	// page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// A list of locations (e.g. "us-west1") that could not be reached.
	Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
	// contains filtered or unexported fields
}

Response message for [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].

func (*ListCaPoolsResponse) Descriptor deprecated 

func (*ListCaPoolsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCaPoolsResponse.ProtoReflect.Descriptor instead.

func (*ListCaPoolsResponse) GetCaPools 

func (x *ListCaPoolsResponse) GetCaPools() []*CaPool

func (*ListCaPoolsResponse) GetNextPageToken 

func (x *ListCaPoolsResponse) GetNextPageToken() string

func (*ListCaPoolsResponse) GetUnreachable 

func (x *ListCaPoolsResponse) GetUnreachable() []string

func (*ListCaPoolsResponse) ProtoMessage 

func (*ListCaPoolsResponse) ProtoMessage()

func (*ListCaPoolsResponse) ProtoReflect 

func (x *ListCaPoolsResponse) ProtoReflect() protoreflect.Message

func (*ListCaPoolsResponse) Reset 

func (x *ListCaPoolsResponse) Reset()

func (*ListCaPoolsResponse) String 

func (x *ListCaPoolsResponse) String() string

type ListCertificateAuthoritiesRequest 

type ListCertificateAuthoritiesRequest struct {

	// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
	// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
	// `projects/*/locations/*/caPools/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
	// include in the response.
	// Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
	// obtained by including the
	// [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
	// request. If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Pagination token, returned earlier via
	// [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response.
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted.
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].

func (*ListCertificateAuthoritiesRequest) Descriptor deprecated 

func (*ListCertificateAuthoritiesRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCertificateAuthoritiesRequest.ProtoReflect.Descriptor instead.

func (*ListCertificateAuthoritiesRequest) GetFilter 

func (x *ListCertificateAuthoritiesRequest) GetFilter() string

func (*ListCertificateAuthoritiesRequest) GetOrderBy 

func (x *ListCertificateAuthoritiesRequest) GetOrderBy() string

func (*ListCertificateAuthoritiesRequest) GetPageSize 

func (x *ListCertificateAuthoritiesRequest) GetPageSize() int32

func (*ListCertificateAuthoritiesRequest) GetPageToken 

func (x *ListCertificateAuthoritiesRequest) GetPageToken() string

func (*ListCertificateAuthoritiesRequest) GetParent 

func (x *ListCertificateAuthoritiesRequest) GetParent() string

func (*ListCertificateAuthoritiesRequest) ProtoMessage 

func (*ListCertificateAuthoritiesRequest) ProtoMessage()

func (*ListCertificateAuthoritiesRequest) ProtoReflect 

func (x *ListCertificateAuthoritiesRequest) ProtoReflect() protoreflect.Message

func (*ListCertificateAuthoritiesRequest) Reset 

func (x *ListCertificateAuthoritiesRequest) Reset()

func (*ListCertificateAuthoritiesRequest) String 

func (x *ListCertificateAuthoritiesRequest) String() string

type ListCertificateAuthoritiesResponse 

type ListCertificateAuthoritiesResponse struct {

	// The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
	CertificateAuthorities []*CertificateAuthority `` /* 127-byte string literal not displayed */
	// A token to retrieve next page of results. Pass this value in
	// [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
	// page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// A list of locations (e.g. "us-west1") that could not be reached.
	Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
	// contains filtered or unexported fields
}

Response message for [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].

func (*ListCertificateAuthoritiesResponse) Descriptor deprecated 

func (*ListCertificateAuthoritiesResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCertificateAuthoritiesResponse.ProtoReflect.Descriptor instead.

func (*ListCertificateAuthoritiesResponse) GetCertificateAuthorities 

func (x *ListCertificateAuthoritiesResponse) GetCertificateAuthorities() []*CertificateAuthority

func (*ListCertificateAuthoritiesResponse) GetNextPageToken 

func (x *ListCertificateAuthoritiesResponse) GetNextPageToken() string

func (*ListCertificateAuthoritiesResponse) GetUnreachable 

func (x *ListCertificateAuthoritiesResponse) GetUnreachable() []string

func (*ListCertificateAuthoritiesResponse) ProtoMessage 

func (*ListCertificateAuthoritiesResponse) ProtoMessage()

func (*ListCertificateAuthoritiesResponse) ProtoReflect 

func (x *ListCertificateAuthoritiesResponse) ProtoReflect() protoreflect.Message

func (*ListCertificateAuthoritiesResponse) Reset 

func (x *ListCertificateAuthoritiesResponse) Reset()

func (*ListCertificateAuthoritiesResponse) String 

func (x *ListCertificateAuthoritiesResponse) String() string

type ListCertificateRevocationListsRequest 

type ListCertificateRevocationListsRequest struct {

	// Required. The resource name of the location associated with the
	// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
	// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Limit on the number of
	// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
	// response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
	// can subsequently be obtained by including the
	// [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
	// request. If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Pagination token, returned earlier via
	// [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response.
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted.
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].

func (*ListCertificateRevocationListsRequest) Descriptor deprecated 

func (*ListCertificateRevocationListsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCertificateRevocationListsRequest.ProtoReflect.Descriptor instead.

func (*ListCertificateRevocationListsRequest) GetFilter 

func (x *ListCertificateRevocationListsRequest) GetFilter() string

func (*ListCertificateRevocationListsRequest) GetOrderBy 

func (x *ListCertificateRevocationListsRequest) GetOrderBy() string

func (*ListCertificateRevocationListsRequest) GetPageSize 

func (x *ListCertificateRevocationListsRequest) GetPageSize() int32

func (*ListCertificateRevocationListsRequest) GetPageToken 

func (x *ListCertificateRevocationListsRequest) GetPageToken() string

func (*ListCertificateRevocationListsRequest) GetParent 

func (x *ListCertificateRevocationListsRequest) GetParent() string

func (*ListCertificateRevocationListsRequest) ProtoMessage 

func (*ListCertificateRevocationListsRequest) ProtoMessage()

func (*ListCertificateRevocationListsRequest) ProtoReflect 

func (x *ListCertificateRevocationListsRequest) ProtoReflect() protoreflect.Message

func (*ListCertificateRevocationListsRequest) Reset 

func (x *ListCertificateRevocationListsRequest) Reset()

func (*ListCertificateRevocationListsRequest) String 

func (x *ListCertificateRevocationListsRequest) String() string

type ListCertificateRevocationListsResponse 

type ListCertificateRevocationListsResponse struct {

	// The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
	CertificateRevocationLists []*CertificateRevocationList `` /* 141-byte string literal not displayed */
	// A token to retrieve next page of results. Pass this value in
	// [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
	// next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// A list of locations (e.g. "us-west1") that could not be reached.
	Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
	// contains filtered or unexported fields
}

Response message for [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].

func (*ListCertificateRevocationListsResponse) Descriptor deprecated 

func (*ListCertificateRevocationListsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCertificateRevocationListsResponse.ProtoReflect.Descriptor instead.

func (*ListCertificateRevocationListsResponse) GetCertificateRevocationLists 

func (x *ListCertificateRevocationListsResponse) GetCertificateRevocationLists() []*CertificateRevocationList

func (*ListCertificateRevocationListsResponse) GetNextPageToken 

func (x *ListCertificateRevocationListsResponse) GetNextPageToken() string

func (*ListCertificateRevocationListsResponse) GetUnreachable 

func (x *ListCertificateRevocationListsResponse) GetUnreachable() []string

func (*ListCertificateRevocationListsResponse) ProtoMessage 

func (*ListCertificateRevocationListsResponse) ProtoMessage()

func (*ListCertificateRevocationListsResponse) ProtoReflect 

func (x *ListCertificateRevocationListsResponse) ProtoReflect() protoreflect.Message

func (*ListCertificateRevocationListsResponse) Reset 

func (x *ListCertificateRevocationListsResponse) Reset()

func (*ListCertificateRevocationListsResponse) String 

func (x *ListCertificateRevocationListsResponse) String() string

type ListCertificateTemplatesRequest 

type ListCertificateTemplatesRequest struct {

	// Required. The resource name of the location associated with the
	// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Limit on the number of
	// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
	// Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
	// obtained by including the
	// [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
	// request. If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Pagination token, returned earlier via
	// [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response.
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted.
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].

func (*ListCertificateTemplatesRequest) Descriptor deprecated 

func (*ListCertificateTemplatesRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCertificateTemplatesRequest.ProtoReflect.Descriptor instead.

func (*ListCertificateTemplatesRequest) GetFilter 

func (x *ListCertificateTemplatesRequest) GetFilter() string

func (*ListCertificateTemplatesRequest) GetOrderBy 

func (x *ListCertificateTemplatesRequest) GetOrderBy() string

func (*ListCertificateTemplatesRequest) GetPageSize 

func (x *ListCertificateTemplatesRequest) GetPageSize() int32

func (*ListCertificateTemplatesRequest) GetPageToken 

func (x *ListCertificateTemplatesRequest) GetPageToken() string

func (*ListCertificateTemplatesRequest) GetParent 

func (x *ListCertificateTemplatesRequest) GetParent() string

func (*ListCertificateTemplatesRequest) ProtoMessage 

func (*ListCertificateTemplatesRequest) ProtoMessage()

func (*ListCertificateTemplatesRequest) ProtoReflect 

func (x *ListCertificateTemplatesRequest) ProtoReflect() protoreflect.Message

func (*ListCertificateTemplatesRequest) Reset 

func (x *ListCertificateTemplatesRequest) Reset()

func (*ListCertificateTemplatesRequest) String 

func (x *ListCertificateTemplatesRequest) String() string

type ListCertificateTemplatesResponse 

type ListCertificateTemplatesResponse struct {

	// The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
	CertificateTemplates []*CertificateTemplate `protobuf:"bytes,1,rep,name=certificate_templates,json=certificateTemplates,proto3" json:"certificate_templates,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListCertificateTemplatesRequest.next_page_token][] to retrieve
	// the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// A list of locations (e.g. "us-west1") that could not be reached.
	Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
	// contains filtered or unexported fields
}

Response message for [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].

func (*ListCertificateTemplatesResponse) Descriptor deprecated 

func (*ListCertificateTemplatesResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCertificateTemplatesResponse.ProtoReflect.Descriptor instead.

func (*ListCertificateTemplatesResponse) GetCertificateTemplates 

func (x *ListCertificateTemplatesResponse) GetCertificateTemplates() []*CertificateTemplate

func (*ListCertificateTemplatesResponse) GetNextPageToken 

func (x *ListCertificateTemplatesResponse) GetNextPageToken() string

func (*ListCertificateTemplatesResponse) GetUnreachable 

func (x *ListCertificateTemplatesResponse) GetUnreachable() []string

func (*ListCertificateTemplatesResponse) ProtoMessage 

func (*ListCertificateTemplatesResponse) ProtoMessage()

func (*ListCertificateTemplatesResponse) ProtoReflect 

func (x *ListCertificateTemplatesResponse) ProtoReflect() protoreflect.Message

func (*ListCertificateTemplatesResponse) Reset 

func (x *ListCertificateTemplatesResponse) Reset()

func (*ListCertificateTemplatesResponse) String 

func (x *ListCertificateTemplatesResponse) String() string

type ListCertificatesRequest 

type ListCertificatesRequest struct {

	// Required. The resource name of the location associated with the
	// [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
	// `projects/*/locations/*/caPools/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Limit on the number of
	// [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
	// response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
	// by including the
	// [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
	// request. If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Pagination token, returned earlier via
	// [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response. For details
	// on supported filters and syntax, see [Certificates Filtering
	// documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. For details on supported fields
	// and syntax, see [Certificates Sorting
	// documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].

func (*ListCertificatesRequest) Descriptor deprecated 

func (*ListCertificatesRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCertificatesRequest.ProtoReflect.Descriptor instead.

func (*ListCertificatesRequest) GetFilter 

func (x *ListCertificatesRequest) GetFilter() string

func (*ListCertificatesRequest) GetOrderBy 

func (x *ListCertificatesRequest) GetOrderBy() string

func (*ListCertificatesRequest) GetPageSize 

func (x *ListCertificatesRequest) GetPageSize() int32

func (*ListCertificatesRequest) GetPageToken 

func (x *ListCertificatesRequest) GetPageToken() string

func (*ListCertificatesRequest) GetParent 

func (x *ListCertificatesRequest) GetParent() string

func (*ListCertificatesRequest) ProtoMessage 

func (*ListCertificatesRequest) ProtoMessage()

func (*ListCertificatesRequest) ProtoReflect 

func (x *ListCertificatesRequest) ProtoReflect() protoreflect.Message

func (*ListCertificatesRequest) Reset 

func (x *ListCertificatesRequest) Reset()

func (*ListCertificatesRequest) String 

func (x *ListCertificatesRequest) String() string

type ListCertificatesResponse 

type ListCertificatesResponse struct {

	// The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
	Certificates []*Certificate `protobuf:"bytes,1,rep,name=certificates,proto3" json:"certificates,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListCertificatesRequest.next_page_token][] to retrieve the
	// next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// A list of locations (e.g. "us-west1") that could not be reached.
	Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
	// contains filtered or unexported fields
}

Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].

func (*ListCertificatesResponse) Descriptor deprecated 

func (*ListCertificatesResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCertificatesResponse.ProtoReflect.Descriptor instead.

func (*ListCertificatesResponse) GetCertificates 

func (x *ListCertificatesResponse) GetCertificates() []*Certificate

func (*ListCertificatesResponse) GetNextPageToken 

func (x *ListCertificatesResponse) GetNextPageToken() string

func (*ListCertificatesResponse) GetUnreachable 

func (x *ListCertificatesResponse) GetUnreachable() []string

func (*ListCertificatesResponse) ProtoMessage 

func (*ListCertificatesResponse) ProtoMessage()

func (*ListCertificatesResponse) ProtoReflect 

func (x *ListCertificatesResponse) ProtoReflect() protoreflect.Message

func (*ListCertificatesResponse) Reset 

func (x *ListCertificatesResponse) Reset()

func (*ListCertificatesResponse) String 

func (x *ListCertificatesResponse) String() string

type ObjectId 

type ObjectId struct {

	// Required. The parts of an OID path. The most significant parts of the path come
	// first.
	ObjectIdPath []int32 `protobuf:"varint,1,rep,packed,name=object_id_path,json=objectIdPath,proto3" json:"object_id_path,omitempty"`
	// contains filtered or unexported fields
}

An ObjectId[google.cloud.security.privateca.v1.ObjectId] specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

func (*ObjectId) Descriptor deprecated 

func (*ObjectId) Descriptor() ([]byte, []int)

Deprecated: Use ObjectId.ProtoReflect.Descriptor instead.

func (*ObjectId) GetObjectIdPath 

func (x *ObjectId) GetObjectIdPath() []int32

func (*ObjectId) ProtoMessage 

func (*ObjectId) ProtoMessage()

func (*ObjectId) ProtoReflect 

func (x *ObjectId) ProtoReflect() protoreflect.Message

func (*ObjectId) Reset 

func (x *ObjectId) Reset()

func (*ObjectId) String 

func (x *ObjectId) String() string

type OperationMetadata 

type OperationMetadata struct {

	// Output only. The time the operation was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time the operation finished running.
	EndTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"`
	// Output only. Server-defined resource path for the target of the operation.
	Target string `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
	// Output only. Name of the verb executed by the operation.
	Verb string `protobuf:"bytes,4,opt,name=verb,proto3" json:"verb,omitempty"`
	// Output only. Human-readable status of the operation, if any.
	StatusMessage string `protobuf:"bytes,5,opt,name=status_message,json=statusMessage,proto3" json:"status_message,omitempty"`
	// Output only. Identifies whether the user has requested cancellation
	// of the operation. Operations that have successfully been cancelled
	// have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
	// corresponding to `Code.CANCELLED`.
	RequestedCancellation bool `protobuf:"varint,6,opt,name=requested_cancellation,json=requestedCancellation,proto3" json:"requested_cancellation,omitempty"`
	// Output only. API version used to start the operation.
	ApiVersion string `protobuf:"bytes,7,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"`
	// contains filtered or unexported fields
}

Represents the metadata of the long-running operation.

func (*OperationMetadata) Descriptor deprecated 

func (*OperationMetadata) Descriptor() ([]byte, []int)

Deprecated: Use OperationMetadata.ProtoReflect.Descriptor instead.

func (*OperationMetadata) GetApiVersion 

func (x *OperationMetadata) GetApiVersion() string

func (*OperationMetadata) GetCreateTime 

func (x *OperationMetadata) GetCreateTime() *timestamppb.Timestamp

func (*OperationMetadata) GetEndTime 

func (x *OperationMetadata) GetEndTime() *timestamppb.Timestamp

func (*OperationMetadata) GetRequestedCancellation 

func (x *OperationMetadata) GetRequestedCancellation() bool

func (*OperationMetadata) GetStatusMessage 

func (x *OperationMetadata) GetStatusMessage() string

func (*OperationMetadata) GetTarget 

func (x *OperationMetadata) GetTarget() string

func (*OperationMetadata) GetVerb 

func (x *OperationMetadata) GetVerb() string

func (*OperationMetadata) ProtoMessage 

func (*OperationMetadata) ProtoMessage()

func (*OperationMetadata) ProtoReflect 

func (x *OperationMetadata) ProtoReflect() protoreflect.Message

func (*OperationMetadata) Reset 

func (x *OperationMetadata) Reset()

func (*OperationMetadata) String 

func (x *OperationMetadata) String() string

type PublicKey 

type PublicKey struct {

	// Required. A public key. The padding and encoding
	// must match with the `KeyFormat` value specified for the `format` field.
	Key []byte `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	// Required. The format of the public key.
	Format PublicKey_KeyFormat `` /* 126-byte string literal not displayed */
	// contains filtered or unexported fields
}

A PublicKey[google.cloud.security.privateca.v1.PublicKey] describes a public key.

func (*PublicKey) Descriptor deprecated 

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetFormat 

func (x *PublicKey) GetFormat() PublicKey_KeyFormat

func (*PublicKey) GetKey 

func (x *PublicKey) GetKey() []byte

func (*PublicKey) ProtoMessage 

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect 

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) Reset 

func (x *PublicKey) Reset()

func (*PublicKey) String 

func (x *PublicKey) String() string

type PublicKey_KeyFormat 

type PublicKey_KeyFormat int32

Types of public keys formats that are supported. Currently, only `PEM` format is supported. 

const (
	// Default unspecified value.
	PublicKey_KEY_FORMAT_UNSPECIFIED PublicKey_KeyFormat = 0
	// The key is PEM-encoded as defined in [RFC
	// 7468](https://tools.ietf.org/html/rfc7468). It can be any of the
	// following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
	// structure, an RFC 5280
	// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
	// or a PEM-encoded X.509 certificate signing request (CSR). If a
	// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
	// is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
	// or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified,
	// it will used solely for the purpose of extracting the public key. When
	// generated by the service, it will always be an RFC 5280
	// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
	// structure containing an algorithm identifier and a key.
	PublicKey_PEM PublicKey_KeyFormat = 1
)

func (PublicKey_KeyFormat) Descriptor 

func (PublicKey_KeyFormat) Descriptor() protoreflect.EnumDescriptor

func (PublicKey_KeyFormat) Enum 

func (x PublicKey_KeyFormat) Enum() *PublicKey_KeyFormat

func (PublicKey_KeyFormat) EnumDescriptor deprecated 

func (PublicKey_KeyFormat) EnumDescriptor() ([]byte, []int)

Deprecated: Use PublicKey_KeyFormat.Descriptor instead.

func (PublicKey_KeyFormat) Number 

func (x PublicKey_KeyFormat) Number() protoreflect.EnumNumber

func (PublicKey_KeyFormat) String 

func (x PublicKey_KeyFormat) String() string

func (PublicKey_KeyFormat) Type 

func (PublicKey_KeyFormat) Type() protoreflect.EnumType

type RevocationReason 

type RevocationReason int32

A RevocationReason[google.cloud.security.privateca.v1.RevocationReason] indicates whether a Certificate[google.cloud.security.privateca.v1.Certificate] has been revoked, and the reason for revocation. These correspond to standard revocation reasons from RFC 5280. Note that the enum labels and values in this definition are not the same ASN.1 values defined in RFC 5280. These values will be translated to the correct ASN.1 values when a CRL is created. 

const (
	// Default unspecified value. This value does indicate that a [Certificate][google.cloud.security.privateca.v1.Certificate]
	// has been revoked, but that a reason has not been recorded.
	RevocationReason_REVOCATION_REASON_UNSPECIFIED RevocationReason = 0
	// Key material for this [Certificate][google.cloud.security.privateca.v1.Certificate] may have leaked.
	RevocationReason_KEY_COMPROMISE RevocationReason = 1
	// The key material for a certificate authority in the issuing path may have
	// leaked.
	RevocationReason_CERTIFICATE_AUTHORITY_COMPROMISE RevocationReason = 2
	// The subject or other attributes in this [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
	RevocationReason_AFFILIATION_CHANGED RevocationReason = 3
	// This [Certificate][google.cloud.security.privateca.v1.Certificate] has been superseded.
	RevocationReason_SUPERSEDED RevocationReason = 4
	// This [Certificate][google.cloud.security.privateca.v1.Certificate] or entities in the issuing path have ceased to
	// operate.
	RevocationReason_CESSATION_OF_OPERATION RevocationReason = 5
	// This [Certificate][google.cloud.security.privateca.v1.Certificate] should not be considered valid, it is expected that it
	// may become valid in the future.
	RevocationReason_CERTIFICATE_HOLD RevocationReason = 6
	// This [Certificate][google.cloud.security.privateca.v1.Certificate] no longer has permission to assert the listed
	// attributes.
	RevocationReason_PRIVILEGE_WITHDRAWN RevocationReason = 7
	// The authority which determines appropriate attributes for a [Certificate][google.cloud.security.privateca.v1.Certificate]
	// may have been compromised.
	RevocationReason_ATTRIBUTE_AUTHORITY_COMPROMISE RevocationReason = 8
)

func (RevocationReason) Descriptor 

func (RevocationReason) Descriptor() protoreflect.EnumDescriptor

func (RevocationReason) Enum 

func (x RevocationReason) Enum() *RevocationReason

func (RevocationReason) EnumDescriptor deprecated 

func (RevocationReason) EnumDescriptor() ([]byte, []int)

Deprecated: Use RevocationReason.Descriptor instead.

func (RevocationReason) Number 

func (x RevocationReason) Number() protoreflect.EnumNumber

func (RevocationReason) String 

func (x RevocationReason) String() string

func (RevocationReason) Type 

func (RevocationReason) Type() protoreflect.EnumType

type RevokeCertificateRequest 

type RevokeCertificateRequest struct {

	// Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
	// format
	// `projects/*/locations/*/caPools/*/certificates/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
	Reason RevocationReason `protobuf:"varint,2,opt,name=reason,proto3,enum=google.cloud.security.privateca.v1.RevocationReason" json:"reason,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.RevokeCertificate].

func (*RevokeCertificateRequest) Descriptor deprecated 

func (*RevokeCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use RevokeCertificateRequest.ProtoReflect.Descriptor instead.

func (*RevokeCertificateRequest) GetName 

func (x *RevokeCertificateRequest) GetName() string

func (*RevokeCertificateRequest) GetReason 

func (x *RevokeCertificateRequest) GetReason() RevocationReason

func (*RevokeCertificateRequest) GetRequestId 

func (x *RevokeCertificateRequest) GetRequestId() string

func (*RevokeCertificateRequest) ProtoMessage 

func (*RevokeCertificateRequest) ProtoMessage()

func (*RevokeCertificateRequest) ProtoReflect 

func (x *RevokeCertificateRequest) ProtoReflect() protoreflect.Message

func (*RevokeCertificateRequest) Reset 

func (x *RevokeCertificateRequest) Reset()

func (*RevokeCertificateRequest) String 

func (x *RevokeCertificateRequest) String() string

type Subject 

type Subject struct {

	// The "common name" of the subject.
	CommonName string `protobuf:"bytes,1,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty"`
	// The country code of the subject.
	CountryCode string `protobuf:"bytes,2,opt,name=country_code,json=countryCode,proto3" json:"country_code,omitempty"`
	// The organization of the subject.
	Organization string `protobuf:"bytes,3,opt,name=organization,proto3" json:"organization,omitempty"`
	// The organizational_unit of the subject.
	OrganizationalUnit string `protobuf:"bytes,4,opt,name=organizational_unit,json=organizationalUnit,proto3" json:"organizational_unit,omitempty"`
	// The locality or city of the subject.
	Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"`
	// The province, territory, or regional state of the subject.
	Province string `protobuf:"bytes,6,opt,name=province,proto3" json:"province,omitempty"`
	// The street address of the subject.
	StreetAddress string `protobuf:"bytes,7,opt,name=street_address,json=streetAddress,proto3" json:"street_address,omitempty"`
	// The postal code of the subject.
	PostalCode string `protobuf:"bytes,8,opt,name=postal_code,json=postalCode,proto3" json:"postal_code,omitempty"`
	// contains filtered or unexported fields
}

Subject[google.cloud.security.privateca.v1.Subject] describes parts of a distinguished name that, in turn, describes the subject of the certificate.

func (*Subject) Descriptor deprecated 

func (*Subject) Descriptor() ([]byte, []int)

Deprecated: Use Subject.ProtoReflect.Descriptor instead.

func (*Subject) GetCommonName 

func (x *Subject) GetCommonName() string

func (*Subject) GetCountryCode 

func (x *Subject) GetCountryCode() string

func (*Subject) GetLocality 

func (x *Subject) GetLocality() string

func (*Subject) GetOrganization 

func (x *Subject) GetOrganization() string

func (*Subject) GetOrganizationalUnit 

func (x *Subject) GetOrganizationalUnit() string

func (*Subject) GetPostalCode 

func (x *Subject) GetPostalCode() string

func (*Subject) GetProvince 

func (x *Subject) GetProvince() string

func (*Subject) GetStreetAddress 

func (x *Subject) GetStreetAddress() string

func (*Subject) ProtoMessage 

func (*Subject) ProtoMessage()

func (*Subject) ProtoReflect 

func (x *Subject) ProtoReflect() protoreflect.Message

func (*Subject) Reset 

func (x *Subject) Reset()

func (*Subject) String 

func (x *Subject) String() string

type SubjectAltNames 

type SubjectAltNames struct {

	// Contains only valid, fully-qualified host names.
	DnsNames []string `protobuf:"bytes,1,rep,name=dns_names,json=dnsNames,proto3" json:"dns_names,omitempty"`
	// Contains only valid RFC 3986 URIs.
	Uris []string `protobuf:"bytes,2,rep,name=uris,proto3" json:"uris,omitempty"`
	// Contains only valid RFC 2822 E-mail addresses.
	EmailAddresses []string `protobuf:"bytes,3,rep,name=email_addresses,json=emailAddresses,proto3" json:"email_addresses,omitempty"`
	// Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
	IpAddresses []string `protobuf:"bytes,4,rep,name=ip_addresses,json=ipAddresses,proto3" json:"ip_addresses,omitempty"`
	// Contains additional subject alternative name values.
	// For each custom_san, the `value` field must contain an ASN.1 encoded
	// UTF8String.
	CustomSans []*X509Extension `protobuf:"bytes,5,rep,name=custom_sans,json=customSans,proto3" json:"custom_sans,omitempty"`
	// contains filtered or unexported fields
}

SubjectAltNames[google.cloud.security.privateca.v1.SubjectAltNames] corresponds to a more modern way of listing what the asserted identity is in a certificate (i.e., compared to the "common name" in the distinguished name).

func (*SubjectAltNames) Descriptor deprecated 

func (*SubjectAltNames) Descriptor() ([]byte, []int)

Deprecated: Use SubjectAltNames.ProtoReflect.Descriptor instead.

func (*SubjectAltNames) GetCustomSans 

func (x *SubjectAltNames) GetCustomSans() []*X509Extension

func (*SubjectAltNames) GetDnsNames 

func (x *SubjectAltNames) GetDnsNames() []string

func (*SubjectAltNames) GetEmailAddresses 

func (x *SubjectAltNames) GetEmailAddresses() []string

func (*SubjectAltNames) GetIpAddresses 

func (x *SubjectAltNames) GetIpAddresses() []string

func (*SubjectAltNames) GetUris 

func (x *SubjectAltNames) GetUris() []string

func (*SubjectAltNames) ProtoMessage 

func (*SubjectAltNames) ProtoMessage()

func (*SubjectAltNames) ProtoReflect 

func (x *SubjectAltNames) ProtoReflect() protoreflect.Message

func (*SubjectAltNames) Reset 

func (x *SubjectAltNames) Reset()

func (*SubjectAltNames) String 

func (x *SubjectAltNames) String() string

type SubjectRequestMode 

type SubjectRequestMode int32

Describes the way in which a Certificate[google.cloud.security.privateca.v1.Certificate]'s Subject[google.cloud.security.privateca.v1.Subject] and/or SubjectAltNames[google.cloud.security.privateca.v1.SubjectAltNames] will be resolved. 

const (
	// Not specified.
	SubjectRequestMode_SUBJECT_REQUEST_MODE_UNSPECIFIED SubjectRequestMode = 0
	// The default mode used in most cases. Indicates that the certificate's
	// [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are specified in the certificate
	// request. This mode requires the caller to have the
	// `privateca.certificates.create` permission.
	SubjectRequestMode_DEFAULT SubjectRequestMode = 1
	// A mode reserved for special cases. Indicates that the certificate should
	// have one or more SPIFFE [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set by the service based
	// on the caller's identity. This mode will ignore any explicitly specified
	// [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
	// This mode requires the caller to have the
	// `privateca.certificates.createForSelf` permission.
	SubjectRequestMode_REFLECTED_SPIFFE SubjectRequestMode = 2
)

func (SubjectRequestMode) Descriptor 

func (SubjectRequestMode) Descriptor() protoreflect.EnumDescriptor

func (SubjectRequestMode) Enum 

func (x SubjectRequestMode) Enum() *SubjectRequestMode

func (SubjectRequestMode) EnumDescriptor deprecated 

func (SubjectRequestMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use SubjectRequestMode.Descriptor instead.

func (SubjectRequestMode) Number 

func (x SubjectRequestMode) Number() protoreflect.EnumNumber

func (SubjectRequestMode) String 

func (x SubjectRequestMode) String() string

func (SubjectRequestMode) Type 

func (SubjectRequestMode) Type() protoreflect.EnumType

type SubordinateConfig 

type SubordinateConfig struct {

	// Types that are assignable to SubordinateConfig:
	//	*SubordinateConfig_CertificateAuthority
	//	*SubordinateConfig_PemIssuerChain
	SubordinateConfig isSubordinateConfig_SubordinateConfig `protobuf_oneof:"subordinate_config"`
	// contains filtered or unexported fields
}

Describes a subordinate CA's issuers. This is either a resource name to a known issuing CertificateAuthority[google.cloud.security.privateca.v1.CertificateAuthority], or a PEM issuer certificate chain.

func (*SubordinateConfig) Descriptor deprecated 

func (*SubordinateConfig) Descriptor() ([]byte, []int)

Deprecated: Use SubordinateConfig.ProtoReflect.Descriptor instead.

func (*SubordinateConfig) GetCertificateAuthority 

func (x *SubordinateConfig) GetCertificateAuthority() string

func (*SubordinateConfig) GetPemIssuerChain 

func (x *SubordinateConfig) GetPemIssuerChain() *SubordinateConfig_SubordinateConfigChain

func (*SubordinateConfig) GetSubordinateConfig 

func (m *SubordinateConfig) GetSubordinateConfig() isSubordinateConfig_SubordinateConfig

func (*SubordinateConfig) ProtoMessage 

func (*SubordinateConfig) ProtoMessage()

func (*SubordinateConfig) ProtoReflect 

func (x *SubordinateConfig) ProtoReflect() protoreflect.Message

func (*SubordinateConfig) Reset 

func (x *SubordinateConfig) Reset()

func (*SubordinateConfig) String 

func (x *SubordinateConfig) String() string

type SubordinateConfig_CertificateAuthority 

type SubordinateConfig_CertificateAuthority struct {
	// Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
	// subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
	// and usability purposes only. The resource name is in the format
	// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	CertificateAuthority string `protobuf:"bytes,1,opt,name=certificate_authority,json=certificateAuthority,proto3,oneof"`
}

type SubordinateConfig_PemIssuerChain 

type SubordinateConfig_PemIssuerChain struct {
	// Required. Contains the PEM certificate chain for the issuers of this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
	PemIssuerChain *SubordinateConfig_SubordinateConfigChain `protobuf:"bytes,2,opt,name=pem_issuer_chain,json=pemIssuerChain,proto3,oneof"`
}

type SubordinateConfig_SubordinateConfigChain 

type SubordinateConfig_SubordinateConfigChain struct {

	// Required. Expected to be in leaf-to-root order according to RFC 5246.
	PemCertificates []string `protobuf:"bytes,1,rep,name=pem_certificates,json=pemCertificates,proto3" json:"pem_certificates,omitempty"`
	// contains filtered or unexported fields
}

This message describes a subordinate CA's issuer certificate chain. This wrapper exists for compatibility reasons.

func (*SubordinateConfig_SubordinateConfigChain) Descriptor deprecated 

func (*SubordinateConfig_SubordinateConfigChain) Descriptor() ([]byte, []int)

Deprecated: Use SubordinateConfig_SubordinateConfigChain.ProtoReflect.Descriptor instead.

func (*SubordinateConfig_SubordinateConfigChain) GetPemCertificates 

func (x *SubordinateConfig_SubordinateConfigChain) GetPemCertificates() []string

func (*SubordinateConfig_SubordinateConfigChain) ProtoMessage 

func (*SubordinateConfig_SubordinateConfigChain) ProtoMessage()

func (*SubordinateConfig_SubordinateConfigChain) ProtoReflect 

func (x *SubordinateConfig_SubordinateConfigChain) ProtoReflect() protoreflect.Message

func (*SubordinateConfig_SubordinateConfigChain) Reset 

func (x *SubordinateConfig_SubordinateConfigChain) Reset()

func (*SubordinateConfig_SubordinateConfigChain) String 

func (x *SubordinateConfig_SubordinateConfigChain) String() string

type UndeleteCertificateAuthorityRequest 

type UndeleteCertificateAuthorityRequest struct {

	// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
	// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority].

func (*UndeleteCertificateAuthorityRequest) Descriptor deprecated 

func (*UndeleteCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use UndeleteCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*UndeleteCertificateAuthorityRequest) GetName 

func (x *UndeleteCertificateAuthorityRequest) GetName() string

func (*UndeleteCertificateAuthorityRequest) GetRequestId 

func (x *UndeleteCertificateAuthorityRequest) GetRequestId() string

func (*UndeleteCertificateAuthorityRequest) ProtoMessage 

func (*UndeleteCertificateAuthorityRequest) ProtoMessage()

func (*UndeleteCertificateAuthorityRequest) ProtoReflect 

func (x *UndeleteCertificateAuthorityRequest) ProtoReflect() protoreflect.Message

func (*UndeleteCertificateAuthorityRequest) Reset 

func (x *UndeleteCertificateAuthorityRequest) Reset()

func (*UndeleteCertificateAuthorityRequest) String 

func (x *UndeleteCertificateAuthorityRequest) String() string

type UnimplementedCertificateAuthorityServiceServer 

type UnimplementedCertificateAuthorityServiceServer struct {
}

UnimplementedCertificateAuthorityServiceServer should be embedded to have forward compatible implementations.

func (UnimplementedCertificateAuthorityServiceServer) ActivateCertificateAuthority 

func (UnimplementedCertificateAuthorityServiceServer) ActivateCertificateAuthority(context.Context, *ActivateCertificateAuthorityRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) CreateCaPool 

func (UnimplementedCertificateAuthorityServiceServer) CreateCaPool(context.Context, *CreateCaPoolRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) CreateCertificate 

func (UnimplementedCertificateAuthorityServiceServer) CreateCertificate(context.Context, *CreateCertificateRequest) (*Certificate, error)

func (UnimplementedCertificateAuthorityServiceServer) CreateCertificateAuthority 

func (UnimplementedCertificateAuthorityServiceServer) CreateCertificateAuthority(context.Context, *CreateCertificateAuthorityRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) CreateCertificateTemplate 

func (UnimplementedCertificateAuthorityServiceServer) CreateCertificateTemplate(context.Context, *CreateCertificateTemplateRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) DeleteCaPool 

func (UnimplementedCertificateAuthorityServiceServer) DeleteCaPool(context.Context, *DeleteCaPoolRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) DeleteCertificateAuthority 

func (UnimplementedCertificateAuthorityServiceServer) DeleteCertificateAuthority(context.Context, *DeleteCertificateAuthorityRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) DeleteCertificateTemplate 

func (UnimplementedCertificateAuthorityServiceServer) DeleteCertificateTemplate(context.Context, *DeleteCertificateTemplateRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) DisableCertificateAuthority 

func (UnimplementedCertificateAuthorityServiceServer) DisableCertificateAuthority(context.Context, *DisableCertificateAuthorityRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) EnableCertificateAuthority 

func (UnimplementedCertificateAuthorityServiceServer) EnableCertificateAuthority(context.Context, *EnableCertificateAuthorityRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) FetchCaCerts 

func (UnimplementedCertificateAuthorityServiceServer) FetchCaCerts(context.Context, *FetchCaCertsRequest) (*FetchCaCertsResponse, error)

func (UnimplementedCertificateAuthorityServiceServer) FetchCertificateAuthorityCsr 

func (UnimplementedCertificateAuthorityServiceServer) FetchCertificateAuthorityCsr(context.Context, *FetchCertificateAuthorityCsrRequest) (*FetchCertificateAuthorityCsrResponse, error)

func (UnimplementedCertificateAuthorityServiceServer) GetCaPool 

func (UnimplementedCertificateAuthorityServiceServer) GetCaPool(context.Context, *GetCaPoolRequest) (*CaPool, error)

func (UnimplementedCertificateAuthorityServiceServer) GetCertificate 

func (UnimplementedCertificateAuthorityServiceServer) GetCertificate(context.Context, *GetCertificateRequest) (*Certificate, error)

func (UnimplementedCertificateAuthorityServiceServer) GetCertificateAuthority 

func (UnimplementedCertificateAuthorityServiceServer) GetCertificateAuthority(context.Context, *GetCertificateAuthorityRequest) (*CertificateAuthority, error)

func (UnimplementedCertificateAuthorityServiceServer) GetCertificateRevocationList 

func (UnimplementedCertificateAuthorityServiceServer) GetCertificateRevocationList(context.Context, *GetCertificateRevocationListRequest) (*CertificateRevocationList, error)

func (UnimplementedCertificateAuthorityServiceServer) GetCertificateTemplate 

func (UnimplementedCertificateAuthorityServiceServer) GetCertificateTemplate(context.Context, *GetCertificateTemplateRequest) (*CertificateTemplate, error)

func (UnimplementedCertificateAuthorityServiceServer) ListCaPools 

func (UnimplementedCertificateAuthorityServiceServer) ListCaPools(context.Context, *ListCaPoolsRequest) (*ListCaPoolsResponse, error)

func (UnimplementedCertificateAuthorityServiceServer) ListCertificateAuthorities 

func (UnimplementedCertificateAuthorityServiceServer) ListCertificateAuthorities(context.Context, *ListCertificateAuthoritiesRequest) (*ListCertificateAuthoritiesResponse, error)

func (UnimplementedCertificateAuthorityServiceServer) ListCertificateRevocationLists 

func (UnimplementedCertificateAuthorityServiceServer) ListCertificateRevocationLists(context.Context, *ListCertificateRevocationListsRequest) (*ListCertificateRevocationListsResponse, error)

func (UnimplementedCertificateAuthorityServiceServer) ListCertificateTemplates 

func (UnimplementedCertificateAuthorityServiceServer) ListCertificateTemplates(context.Context, *ListCertificateTemplatesRequest) (*ListCertificateTemplatesResponse, error)

func (UnimplementedCertificateAuthorityServiceServer) ListCertificates 

func (UnimplementedCertificateAuthorityServiceServer) ListCertificates(context.Context, *ListCertificatesRequest) (*ListCertificatesResponse, error)

func (UnimplementedCertificateAuthorityServiceServer) RevokeCertificate 

func (UnimplementedCertificateAuthorityServiceServer) RevokeCertificate(context.Context, *RevokeCertificateRequest) (*Certificate, error)

func (UnimplementedCertificateAuthorityServiceServer) UndeleteCertificateAuthority 

func (UnimplementedCertificateAuthorityServiceServer) UndeleteCertificateAuthority(context.Context, *UndeleteCertificateAuthorityRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) UpdateCaPool 

func (UnimplementedCertificateAuthorityServiceServer) UpdateCaPool(context.Context, *UpdateCaPoolRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificate 

func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificate(context.Context, *UpdateCertificateRequest) (*Certificate, error)

func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateAuthority 

func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateAuthority(context.Context, *UpdateCertificateAuthorityRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateRevocationList 

func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateRevocationList(context.Context, *UpdateCertificateRevocationListRequest) (*longrunning.Operation, error)

func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateTemplate 

func (UnimplementedCertificateAuthorityServiceServer) UpdateCertificateTemplate(context.Context, *UpdateCertificateTemplateRequest) (*longrunning.Operation, error)

type UnsafeCertificateAuthorityServiceServer 

type UnsafeCertificateAuthorityServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeCertificateAuthorityServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to CertificateAuthorityServiceServer will result in compilation errors.

type UpdateCaPoolRequest 

type UpdateCaPoolRequest struct {

	// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
	CaPool *CaPool `protobuf:"bytes,1,opt,name=ca_pool,json=caPool,proto3" json:"ca_pool,omitempty"`
	// Required. A list of fields to be updated in this request.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.UpdateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCaPool].

func (*UpdateCaPoolRequest) Descriptor deprecated 

func (*UpdateCaPoolRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCaPoolRequest.ProtoReflect.Descriptor instead.

func (*UpdateCaPoolRequest) GetCaPool 

func (x *UpdateCaPoolRequest) GetCaPool() *CaPool

func (*UpdateCaPoolRequest) GetRequestId 

func (x *UpdateCaPoolRequest) GetRequestId() string

func (*UpdateCaPoolRequest) GetUpdateMask 

func (x *UpdateCaPoolRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*UpdateCaPoolRequest) ProtoMessage 

func (*UpdateCaPoolRequest) ProtoMessage()

func (*UpdateCaPoolRequest) ProtoReflect 

func (x *UpdateCaPoolRequest) ProtoReflect() protoreflect.Message

func (*UpdateCaPoolRequest) Reset 

func (x *UpdateCaPoolRequest) Reset()

func (*UpdateCaPoolRequest) String 

func (x *UpdateCaPoolRequest) String() string

type UpdateCertificateAuthorityRequest 

type UpdateCertificateAuthorityRequest struct {

	// Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
	CertificateAuthority *CertificateAuthority `protobuf:"bytes,1,opt,name=certificate_authority,json=certificateAuthority,proto3" json:"certificate_authority,omitempty"`
	// Required. A list of fields to be updated in this request.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateAuthority].

func (*UpdateCertificateAuthorityRequest) Descriptor deprecated 

func (*UpdateCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*UpdateCertificateAuthorityRequest) GetCertificateAuthority 

func (x *UpdateCertificateAuthorityRequest) GetCertificateAuthority() *CertificateAuthority

func (*UpdateCertificateAuthorityRequest) GetRequestId 

func (x *UpdateCertificateAuthorityRequest) GetRequestId() string

func (*UpdateCertificateAuthorityRequest) GetUpdateMask 

func (x *UpdateCertificateAuthorityRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*UpdateCertificateAuthorityRequest) ProtoMessage 

func (*UpdateCertificateAuthorityRequest) ProtoMessage()

func (*UpdateCertificateAuthorityRequest) ProtoReflect 

func (x *UpdateCertificateAuthorityRequest) ProtoReflect() protoreflect.Message

func (*UpdateCertificateAuthorityRequest) Reset 

func (x *UpdateCertificateAuthorityRequest) Reset()

func (*UpdateCertificateAuthorityRequest) String 

func (x *UpdateCertificateAuthorityRequest) String() string

type UpdateCertificateRequest 

type UpdateCertificateRequest struct {

	// Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
	Certificate *Certificate `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// Required. A list of fields to be updated in this request.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].

func (*UpdateCertificateRequest) Descriptor deprecated 

func (*UpdateCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCertificateRequest.ProtoReflect.Descriptor instead.

func (*UpdateCertificateRequest) GetCertificate 

func (x *UpdateCertificateRequest) GetCertificate() *Certificate

func (*UpdateCertificateRequest) GetRequestId 

func (x *UpdateCertificateRequest) GetRequestId() string

func (*UpdateCertificateRequest) GetUpdateMask 

func (x *UpdateCertificateRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*UpdateCertificateRequest) ProtoMessage 

func (*UpdateCertificateRequest) ProtoMessage()

func (*UpdateCertificateRequest) ProtoReflect 

func (x *UpdateCertificateRequest) ProtoReflect() protoreflect.Message

func (*UpdateCertificateRequest) Reset 

func (x *UpdateCertificateRequest) Reset()

func (*UpdateCertificateRequest) String 

func (x *UpdateCertificateRequest) String() string

type UpdateCertificateRevocationListRequest 

type UpdateCertificateRevocationListRequest struct {

	// Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
	CertificateRevocationList *CertificateRevocationList `` /* 138-byte string literal not displayed */
	// Required. A list of fields to be updated in this request.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateRevocationList].

func (*UpdateCertificateRevocationListRequest) Descriptor deprecated 

func (*UpdateCertificateRevocationListRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCertificateRevocationListRequest.ProtoReflect.Descriptor instead.

func (*UpdateCertificateRevocationListRequest) GetCertificateRevocationList 

func (x *UpdateCertificateRevocationListRequest) GetCertificateRevocationList() *CertificateRevocationList

func (*UpdateCertificateRevocationListRequest) GetRequestId 

func (x *UpdateCertificateRevocationListRequest) GetRequestId() string

func (*UpdateCertificateRevocationListRequest) GetUpdateMask 

func (x *UpdateCertificateRevocationListRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*UpdateCertificateRevocationListRequest) ProtoMessage 

func (*UpdateCertificateRevocationListRequest) ProtoMessage()

func (*UpdateCertificateRevocationListRequest) ProtoReflect 

func (x *UpdateCertificateRevocationListRequest) ProtoReflect() protoreflect.Message

func (*UpdateCertificateRevocationListRequest) Reset 

func (x *UpdateCertificateRevocationListRequest) Reset()

func (*UpdateCertificateRevocationListRequest) String 

func (x *UpdateCertificateRevocationListRequest) String() string

type UpdateCertificateTemplateRequest 

type UpdateCertificateTemplateRequest struct {

	// Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
	CertificateTemplate *CertificateTemplate `protobuf:"bytes,1,opt,name=certificate_template,json=certificateTemplate,proto3" json:"certificate_template,omitempty"`
	// Required. A list of fields to be updated in this request.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.UpdateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateTemplate].

func (*UpdateCertificateTemplateRequest) Descriptor deprecated 

func (*UpdateCertificateTemplateRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCertificateTemplateRequest.ProtoReflect.Descriptor instead.

func (*UpdateCertificateTemplateRequest) GetCertificateTemplate 

func (x *UpdateCertificateTemplateRequest) GetCertificateTemplate() *CertificateTemplate

func (*UpdateCertificateTemplateRequest) GetRequestId 

func (x *UpdateCertificateTemplateRequest) GetRequestId() string

func (*UpdateCertificateTemplateRequest) GetUpdateMask 

func (x *UpdateCertificateTemplateRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*UpdateCertificateTemplateRequest) ProtoMessage 

func (*UpdateCertificateTemplateRequest) ProtoMessage()

func (*UpdateCertificateTemplateRequest) ProtoReflect 

func (x *UpdateCertificateTemplateRequest) ProtoReflect() protoreflect.Message

func (*UpdateCertificateTemplateRequest) Reset 

func (x *UpdateCertificateTemplateRequest) Reset()

func (*UpdateCertificateTemplateRequest) String 

func (x *UpdateCertificateTemplateRequest) String() string

type X509Extension 

type X509Extension struct {

	// Required. The OID for this X.509 extension.
	ObjectId *ObjectId `protobuf:"bytes,1,opt,name=object_id,json=objectId,proto3" json:"object_id,omitempty"`
	// Optional. Indicates whether or not this extension is critical (i.e., if the client
	// does not know how to handle this extension, the client should consider this
	// to be an error).
	Critical bool `protobuf:"varint,2,opt,name=critical,proto3" json:"critical,omitempty"`
	// Required. The value of this X.509 extension.
	Value []byte `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
	// contains filtered or unexported fields
}

An X509Extension[google.cloud.security.privateca.v1.X509Extension] specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.

func (*X509Extension) Descriptor deprecated 

func (*X509Extension) Descriptor() ([]byte, []int)

Deprecated: Use X509Extension.ProtoReflect.Descriptor instead.

func (*X509Extension) GetCritical 

func (x *X509Extension) GetCritical() bool

func (*X509Extension) GetObjectId 

func (x *X509Extension) GetObjectId() *ObjectId

func (*X509Extension) GetValue 

func (x *X509Extension) GetValue() []byte

func (*X509Extension) ProtoMessage 

func (*X509Extension) ProtoMessage()

func (*X509Extension) ProtoReflect 

func (x *X509Extension) ProtoReflect() protoreflect.Message

func (*X509Extension) Reset 

func (x *X509Extension) Reset()

func (*X509Extension) String 

func (x *X509Extension) String() string

type X509Parameters 

type X509Parameters struct {

	// Optional. Indicates the intended use for keys that correspond to a certificate.
	KeyUsage *KeyUsage `protobuf:"bytes,1,opt,name=key_usage,json=keyUsage,proto3" json:"key_usage,omitempty"`
	// Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
	// certificate.
	CaOptions *X509Parameters_CaOptions `protobuf:"bytes,2,opt,name=ca_options,json=caOptions,proto3" json:"ca_options,omitempty"`
	// Optional. Describes the X.509 certificate policy object identifiers, per
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
	PolicyIds []*ObjectId `protobuf:"bytes,3,rep,name=policy_ids,json=policyIds,proto3" json:"policy_ids,omitempty"`
	// Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
	// that appear in the "Authority Information Access" extension in the
	// certificate.
	AiaOcspServers []string `protobuf:"bytes,4,rep,name=aia_ocsp_servers,json=aiaOcspServers,proto3" json:"aia_ocsp_servers,omitempty"`
	// Optional. Describes custom X.509 extensions.
	AdditionalExtensions []*X509Extension `protobuf:"bytes,5,rep,name=additional_extensions,json=additionalExtensions,proto3" json:"additional_extensions,omitempty"`
	// contains filtered or unexported fields
}

An X509Parameters[google.cloud.security.privateca.v1.X509Parameters] is used to describe certain fields of an X.509 certificate, such as the key usage fields, fields specific to CA certificates, certificate policy extensions and custom extensions.

func (*X509Parameters) Descriptor deprecated 

func (*X509Parameters) Descriptor() ([]byte, []int)

Deprecated: Use X509Parameters.ProtoReflect.Descriptor instead.

func (*X509Parameters) GetAdditionalExtensions 

func (x *X509Parameters) GetAdditionalExtensions() []*X509Extension

func (*X509Parameters) GetAiaOcspServers 

func (x *X509Parameters) GetAiaOcspServers() []string

func (*X509Parameters) GetCaOptions 

func (x *X509Parameters) GetCaOptions() *X509Parameters_CaOptions

func (*X509Parameters) GetKeyUsage 

func (x *X509Parameters) GetKeyUsage() *KeyUsage

func (*X509Parameters) GetPolicyIds 

func (x *X509Parameters) GetPolicyIds() []*ObjectId

func (*X509Parameters) ProtoMessage 

func (*X509Parameters) ProtoMessage()

func (*X509Parameters) ProtoReflect 

func (x *X509Parameters) ProtoReflect() protoreflect.Message

func (*X509Parameters) Reset 

func (x *X509Parameters) Reset()

func (*X509Parameters) String 

func (x *X509Parameters) String() string

type X509Parameters_CaOptions 

type X509Parameters_CaOptions struct {

	// Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
	// value is missing, the extension will be omitted from the CA certificate.
	IsCa *bool `protobuf:"varint,1,opt,name=is_ca,json=isCa,proto3,oneof" json:"is_ca,omitempty"`
	// Optional. Refers to the path length restriction X.509 extension. For a CA
	// certificate, this value describes the depth of subordinate CA
	// certificates that are allowed.
	// If this value is less than 0, the request will fail.
	// If this value is missing, the max path length will be omitted from the
	// CA certificate.
	MaxIssuerPathLength *int32 `` /* 129-byte string literal not displayed */
	// contains filtered or unexported fields
}

Describes values that are relevant in a CA certificate.

func (*X509Parameters_CaOptions) Descriptor deprecated 

func (*X509Parameters_CaOptions) Descriptor() ([]byte, []int)

Deprecated: Use X509Parameters_CaOptions.ProtoReflect.Descriptor instead.

func (*X509Parameters_CaOptions) GetIsCa 

func (x *X509Parameters_CaOptions) GetIsCa() bool

func (*X509Parameters_CaOptions) GetMaxIssuerPathLength 

func (x *X509Parameters_CaOptions) GetMaxIssuerPathLength() int32

func (*X509Parameters_CaOptions) ProtoMessage 

func (*X509Parameters_CaOptions) ProtoMessage()

func (*X509Parameters_CaOptions) ProtoReflect 

func (x *X509Parameters_CaOptions) ProtoReflect() protoreflect.Message

func (*X509Parameters_CaOptions) Reset 

func (x *X509Parameters_CaOptions) Reset()

func (*X509Parameters_CaOptions) String 

func (x *X509Parameters_CaOptions) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.