@datafire/google_privateca
v3.0.0
Published
DataFire integration for Certificate Authority API
Downloads
8
Readme
@datafire/google_privateca
Client library for Certificate Authority API
Installation and Usage
npm install --save @datafire/google_privateca
let google_privateca = require('@datafire/google_privateca').create({
access_token: "",
refresh_token: "",
client_id: "",
client_secret: "",
redirect_uri: ""
});
.then(data => {
console.log(data);
});
Description
The Certificate Authority Service API is a highly-available, scalable service that enables you to simplify and automate the management of private certificate authorities (CAs) while staying in control of your private keys."
Actions
oauthCallback
Exchange the code passed to your redirect URI for an access_token
google_privateca.oauthCallback({
"code": ""
}, context)
Input
- input
object
- code required
string
- code required
Output
- output
object
- access_token
string
- refresh_token
string
- token_type
string
- scope
string
- expiration
string
- access_token
oauthRefresh
Exchange a refresh_token for an access_token
google_privateca.oauthRefresh(null, context)
Input
This action has no parameters
Output
- output
object
- access_token
string
- refresh_token
string
- token_type
string
- scope
string
- expiration
string
- access_token
privateca.projects.locations.operations.delete
Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns google.rpc.Code.UNIMPLEMENTED
.
google_privateca.privateca.projects.locations.operations.delete({
"name": ""
}, context)
Input
- input
object
- name required
string
: The name of the operation resource to be deleted. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output Empty
privateca.projects.locations.reusableConfigs.get
Returns a ReusableConfig.
google_privateca.privateca.projects.locations.reusableConfigs.get({
"name": ""
}, context)
Input
- input
object
- name required
string
: Required. The name of the ReusableConfigs to get. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output ReusableConfig
privateca.projects.locations.certificateAuthorities.certificates.patch
Update a Certificate. Currently, the only field you can update is the labels field.
google_privateca.privateca.projects.locations.certificateAuthorities.certificates.patch({
"name": ""
}, context)
Input
- input
object
- name required
string
: Output only. The resource path for this Certificate in the formatprojects/*/locations/*/certificateAuthorities/*/certificates/*
. - requestId
string
: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000). - updateMask
string
: Required. A list of fields to be updated in this request. - body Certificate
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output Certificate
privateca.projects.locations.list
Lists information about the supported locations for this service.
google_privateca.privateca.projects.locations.list({
"name": ""
}, context)
Input
- input
object
- name required
string
: The resource that owns the locations collection, if applicable. - filter
string
: The standard list filter. - pageSize
integer
: The standard list page size. - pageToken
string
: The standard list page token. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output ListLocationsResponse
privateca.projects.locations.operations.list
Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns UNIMPLEMENTED
. NOTE: the name
binding allows API services to override the binding to use different resource name schemes, such as users/*/operations
. To override the binding, API services can add a binding such as "/v1/{name=users/*}/operations"
to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.
google_privateca.privateca.projects.locations.operations.list({
"name": ""
}, context)
Input
- input
object
- name required
string
: The name of the operation's parent resource. - filter
string
: The standard list filter. - pageSize
integer
: The standard list page size. - pageToken
string
: The standard list page token. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output ListOperationsResponse
privateca.projects.locations.certificateAuthorities.activate
Activate a CertificateAuthority that is in state PENDING_ACTIVATION and is of type SUBORDINATE. After the parent Certificate Authority signs a certificate signing request from FetchCertificateAuthorityCsr, this method can complete the activation process.
google_privateca.privateca.projects.locations.certificateAuthorities.activate({
"name": ""
}, context)
Input
- input
object
- name required
string
: Required. The resource name for this CertificateAuthority in the formatprojects/*/locations/*/certificateAuthorities/*
. - body ActivateCertificateAuthorityRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output Operation
privateca.projects.locations.operations.cancel
Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns google.rpc.Code.UNIMPLEMENTED
. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED
.
google_privateca.privateca.projects.locations.operations.cancel({
"name": ""
}, context)
Input
- input
object
- name required
string
: The name of the operation resource to be cancelled. - body CancelOperationRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output Empty
privateca.projects.locations.certificateAuthorities.disable
Disable a CertificateAuthority.
google_privateca.privateca.projects.locations.certificateAuthorities.disable({
"name": ""
}, context)
Input
- input
object
- name required
string
: Required. The resource name for this CertificateAuthority in the formatprojects/*/locations/*/certificateAuthorities/*
. - body DisableCertificateAuthorityRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output Operation
privateca.projects.locations.certificateAuthorities.enable
Enable a CertificateAuthority.
google_privateca.privateca.projects.locations.certificateAuthorities.enable({
"name": ""
}, context)
Input
- input
object
- name required
string
: Required. The resource name for this CertificateAuthority in the formatprojects/*/locations/*/certificateAuthorities/*
. - body EnableCertificateAuthorityRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output Operation
privateca.projects.locations.certificateAuthorities.fetch
Fetch a certificate signing request (CSR) from a CertificateAuthority that is in state PENDING_ACTIVATION and is of type SUBORDINATE. The CSR must then be signed by the desired parent Certificate Authority, which could be another CertificateAuthority resource, or could be an on-prem certificate authority. See also ActivateCertificateAuthority.
google_privateca.privateca.projects.locations.certificateAuthorities.fetch({
"name": ""
}, context)
Input
- input
object
- name required
string
: Required. The resource name for this CertificateAuthority in the formatprojects/*/locations/*/certificateAuthorities/*
. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
privateca.projects.locations.certificateAuthorities.restore
Restore a CertificateAuthority that is scheduled for deletion.
google_privateca.privateca.projects.locations.certificateAuthorities.restore({
"name": ""
}, context)
Input
- input
object
- name required
string
: Required. The resource name for this CertificateAuthority in the formatprojects/*/locations/*/certificateAuthorities/*
. - body RestoreCertificateAuthorityRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output Operation
privateca.projects.locations.certificateAuthorities.certificates.revoke
Revoke a Certificate.
google_privateca.privateca.projects.locations.certificateAuthorities.certificates.revoke({
"name": ""
}, context)
Input
- input
object
- name required
string
: Required. The resource name for this Certificate in the formatprojects/*/locations/*/certificateAuthorities/*/certificates/*
. - body RevokeCertificateRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output Certificate
privateca.projects.locations.certificateAuthorities.scheduleDelete
Schedule a CertificateAuthority for deletion.
google_privateca.privateca.projects.locations.certificateAuthorities.scheduleDelete({
"name": ""
}, context)
Input
- input
object
- name required
string
: Required. The resource name for this CertificateAuthority in the formatprojects/*/locations/*/certificateAuthorities/*
. - body ScheduleDeleteCertificateAuthorityRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- name required
Output
- output Operation
privateca.projects.locations.certificateAuthorities.list
Lists CertificateAuthorities.
google_privateca.privateca.projects.locations.certificateAuthorities.list({
"parent": ""
}, context)
Input
- input
object
- parent required
string
: Required. The resource name of the location associated with the CertificateAuthorities, in the formatprojects/*/locations/*
. - filter
string
: Optional. Only include resources that match the filter in the response. - orderBy
string
: Optional. Specify how the results should be sorted. - pageSize
integer
: Optional. Limit on the number of CertificateAuthorities to include in the response. Further CertificateAuthorities can subsequently be obtained by including the ListCertificateAuthoritiesResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default. - pageToken
string
: Optional. Pagination token, returned earlier via ListCertificateAuthoritiesResponse.next_page_token. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- parent required
Output
privateca.projects.locations.certificateAuthorities.create
Create a new CertificateAuthority in a given Project and Location.
google_privateca.privateca.projects.locations.certificateAuthorities.create({
"parent": ""
}, context)
Input
- input
object
- parent required
string
: Required. The resource name of the location associated with the CertificateAuthorities, in the formatprojects/*/locations/*
. - certificateAuthorityId
string
: Required. It must be unique within a location and match the regular expression[a-zA-Z0-9_-]{1,63}
- requestId
string
: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000). - body CertificateAuthority
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- parent required
Output
- output Operation
privateca.projects.locations.certificateAuthorities.certificateRevocationLists.list
Lists CertificateRevocationLists.
google_privateca.privateca.projects.locations.certificateAuthorities.certificateRevocationLists.list({
"parent": ""
}, context)
Input
- input
object
- parent required
string
: Required. The resource name of the location associated with the CertificateRevocationLists, in the formatprojects/*/locations/*/certificateauthorities/*
. - filter
string
: Optional. Only include resources that match the filter in the response. - orderBy
string
: Optional. Specify how the results should be sorted. - pageSize
integer
: Optional. Limit on the number of CertificateRevocationLists to include in the response. Further CertificateRevocationLists can subsequently be obtained by including the ListCertificateRevocationListsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default. - pageToken
string
: Optional. Pagination token, returned earlier via ListCertificateRevocationListsResponse.next_page_token. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- parent required
Output
privateca.projects.locations.certificateAuthorities.certificates.list
Lists Certificates.
google_privateca.privateca.projects.locations.certificateAuthorities.certificates.list({
"parent": ""
}, context)
Input
- input
object
- parent required
string
: Required. The resource name of the location associated with the Certificates, in the formatprojects/*/locations/*/certificateauthorities/*
. - filter
string
: Optional. Only include resources that match the filter in the response. For details on supported filters and syntax, see Certificates Filtering documentation. - orderBy
string
: Optional. Specify how the results should be sorted. For details on supported fields and syntax, see Certificates Sorting documentation. - pageSize
integer
: Optional. Limit on the number of Certificates to include in the response. Further Certificates can subsequently be obtained by including the ListCertificatesResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default. - pageToken
string
: Optional. Pagination token, returned earlier via ListCertificatesResponse.next_page_token. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- parent required
Output
- output ListCertificatesResponse
privateca.projects.locations.certificateAuthorities.certificates.create
Create a new Certificate in a given Project, Location from a particular CertificateAuthority.
google_privateca.privateca.projects.locations.certificateAuthorities.certificates.create({
"parent": ""
}, context)
Input
- input
object
- parent required
string
: Required. The resource name of the location and CertificateAuthority associated with the Certificate, in the formatprojects/*/locations/*/certificateAuthorities/*
. - certificateId
string
: Optional. It must be unique within a location and match the regular expression[a-zA-Z0-9_-]{1,63}
. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.Tier, but is optional and its value is ignored otherwise. - requestId
string
: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000). - body Certificate
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- parent required
Output
- output Certificate
privateca.projects.locations.reusableConfigs.list
Lists ReusableConfigs.
google_privateca.privateca.projects.locations.reusableConfigs.list({
"parent": ""
}, context)
Input
- input
object
- parent required
string
: Required. The resource name of the location associated with the ReusableConfigs, in the formatprojects/*/locations/*
. - filter
string
: Optional. Only include resources that match the filter in the response. - orderBy
string
: Optional. Specify how the results should be sorted. - pageSize
integer
: Optional. Limit on the number of ReusableConfigs to include in the response. Further ReusableConfigs can subsequently be obtained by including the ListReusableConfigsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default. - pageToken
string
: Optional. Pagination token, returned earlier via ListReusableConfigsResponse.next_page_token. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- parent required
Output
- output ListReusableConfigsResponse
privateca.projects.locations.reusableConfigs.getIamPolicy
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
google_privateca.privateca.projects.locations.reusableConfigs.getIamPolicy({
"resource": ""
}, context)
Input
- input
object
- resource required
string
: REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. - options.requestedPolicyVersion
integer
: Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- resource required
Output
- output Policy
privateca.projects.locations.reusableConfigs.setIamPolicy
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND
, INVALID_ARGUMENT
, and PERMISSION_DENIED
errors.
google_privateca.privateca.projects.locations.reusableConfigs.setIamPolicy({
"resource": ""
}, context)
Input
- input
object
- resource required
string
: REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. - body SetIamPolicyRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- resource required
Output
- output Policy
privateca.projects.locations.reusableConfigs.testIamPermissions
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND
error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
google_privateca.privateca.projects.locations.reusableConfigs.testIamPermissions({
"resource": ""
}, context)
Input
- input
object
- resource required
string
: REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. - body TestIamPermissionsRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- resource required
Output
- output TestIamPermissionsResponse
Definitions
AccessUrls
- AccessUrls
object
: URLs where a CertificateAuthority will publish content.- caCertificateAccessUrl
string
: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated. - crlAccessUrl
string
: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.
- caCertificateAccessUrl
ActivateCertificateAuthorityRequest
- ActivateCertificateAuthorityRequest
object
: Request message for CertificateAuthorityService.ActivateCertificateAuthority.- pemCaCertificate
string
: Required. The signed CA certificate issued from FetchCertificateAuthorityCsrResponse.pem_csr. - requestId
string
: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000). - subordinateConfig SubordinateConfig
- pemCaCertificate
AllowedConfigList
- AllowedConfigList
object
- allowedConfigValues
array
: Required. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.- items ReusableConfigWrapper
- allowedConfigValues
AllowedSubjectAltNames
- AllowedSubjectAltNames
object
: AllowedSubjectAltNames specifies the allowed values for SubjectAltNames by the CertificateAuthority when issuing Certificates.- allowCustomSans
boolean
: Optional. Specifies if to allow custom X509Extension values. - allowGlobbingDnsWildcards
boolean
: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard. - allowedDnsNames
array
: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. "*"). E.g. for globbed entries: 'bar.com' will allow 'foo.bar.com', but not '.bar.com', unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: '*.bar.com' will allow '*.bar.com', but not 'foo.bar.com'.- items
string
- items
- allowedEmailAddresses
array
: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.- items
string
- items
- allowedIps
array
: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).- items
string
- items
- allowedUris
array
: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').- items
string
- items
- allowCustomSans
AuditConfig
- AuditConfig
object
: Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for bothallServices
and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:[email protected]" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:[email protected]" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts [email protected] from DATA_READ logging, and [email protected] from DATA_WRITE logging.- auditLogConfigs
array
: The configuration for logging of each type of permission.- items AuditLogConfig
- service
string
: Specifies a service that will be enabled for audit logging. For example,storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- auditLogConfigs
AuditLogConfig
- AuditLogConfig
object
: Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:[email protected]" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting [email protected] from DATA_READ logging.- exemptedMembers
array
: Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.- items
string
- items
- logType
string
(values: LOG_TYPE_UNSPECIFIED, ADMIN_READ, DATA_WRITE, DATA_READ): The log type that this config enables.
- exemptedMembers
Binding
- Binding
object
: Associatesmembers
with arole
.- condition Expr
- members
array
: Specifies the identities requesting access for a Cloud Platform resource.members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. *user:{emailid}
: An email address that represents a specific Google account. For example,[email protected]
. *serviceAccount:{emailid}
: An email address that represents a service account. For example,[email protected]
. *group:{emailid}
: An email address that represents a Google group. For example,[email protected]
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,[email protected]?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,[email protected]?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,[email protected]?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
.- items
string
- items
- role
string
: Role that is assigned tomembers
. For example,roles/viewer
,roles/editor
, orroles/owner
.
CaOptions
- CaOptions
object
: Describes values that are relevant in a CA certificate.- isCa
boolean
: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate. - maxIssuerPathLength
integer
: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.
- isCa
CancelOperationRequest
- CancelOperationRequest
object
: The request message for Operations.CancelOperation.
Certificate
- Certificate
object
: A Certificate corresponds to a signed X.509 certificate issued by a CertificateAuthority.- certificateDescription CertificateDescription
- config CertificateConfig
- createTime
string
: Output only. The time at which this Certificate was created. - labels
object
: Optional. Labels with user-defined metadata. - lifetime
string
: Required. Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain. - name
string
: Output only. The resource path for this Certificate in the formatprojects/*/locations/*/certificateAuthorities/*/certificates/*
. - pemCertificate
string
: Output only. The pem-encoded, signed X.509 certificate. - pemCertificateChain
array
: Output only. The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.- items
string
- items
- pemCsr
string
: Immutable. A pem-encoded X.509 certificate signing request (CSR). - revocationDetails RevocationDetails
- updateTime
string
: Output only. The time at which this Certificate was updated.
CertificateAuthority
- CertificateAuthority
object
: A CertificateAuthority represents an individual Certificate Authority. A CertificateAuthority can be used to create Certificates.- accessUrls AccessUrls
- caCertificateDescriptions
array
: Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.- items CertificateDescription
- certificatePolicy CertificateAuthorityPolicy
- config CertificateConfig
- createTime
string
: Output only. The time at which this CertificateAuthority was created. - deleteTime
string
: Output only. The time at which this CertificateAuthority will be deleted, if scheduled for deletion. - gcsBucket
string
: Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such asgs://
) or suffixes (such as.googleapis.com
). For example, to use a bucket namedmy-bucket
, you would simply specifymy-bucket
. If not specified, a managed bucket will be created. - issuingOptions IssuingOptions
- keySpec KeyVersionSpec
- labels
object
: Optional. Labels with user-defined metadata. - lifetime
string
: Required. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. - name
string
: Output only. The resource name for this CertificateAuthority in the formatprojects/*/locations/*/certificateAuthorities/*
. - pemCaCertificates
array
: Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.- items
string
- items
- state
string
(values: STATE_UNSPECIFIED, ENABLED, DISABLED, PENDING_ACTIVATION, PENDING_DELETION): Output only. The State for this CertificateAuthority. - subordinateConfig SubordinateConfig
- tier
string
(values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS): Required. Immutable. The Tier of this CertificateAuthority. - type
string
(values: TYPE_UNSPECIFIED, SELF_SIGNED, SUBORDINATE): Required. Immutable. The Type of this CertificateAuthority. - updateTime
string
: Output only. The time at which this CertificateAuthority was updated.
CertificateAuthorityPolicy
- CertificateAuthorityPolicy
object
: The issuing policy for a CertificateAuthority. Certificates will not be successfully issued from this CertificateAuthority if they violate the policy.- allowedCommonNames
array
: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.- items
string
- items
- allowedConfigList AllowedConfigList
- allowedIssuanceModes IssuanceModes
- allowedLocationsAndOrganizations
array
: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.- items Subject
- allowedSans AllowedSubjectAltNames
- maximumLifetime
string
: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated. - overwriteConfigValues ReusableConfigWrapper
- allowedCommonNames
CertificateConfig
- CertificateConfig
object
: A CertificateConfig describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.- publicKey PublicKey
- reusableConfig ReusableConfigWrapper
- subjectConfig SubjectConfig
CertificateDescription
- CertificateDescription
object
: A CertificateDescription describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.- aiaIssuingCertificateUrls
array
: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.- items
string
- items
- authorityKeyId KeyId
- certFingerprint CertificateFingerprint
- configValues ReusableConfigValues
- crlDistributionPoints
array
: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13- items
string
- items
- publicKey PublicKey
- subjectDescription SubjectDescription
- subjectKeyId KeyId
- aiaIssuingCertificateUrls
CertificateFingerprint
- CertificateFingerprint
object
: A group of fingerprints for the x509 certificate.- sha256Hash
string
: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- sha256Hash
CertificateRevocationList
- CertificateRevocationList
object
: A CertificateRevocationList corresponds to a signed X.509 certificate Revocation List (CRL). A CRL contains the serial numbers of certificates that should no longer be trusted.- accessUrl
string
: Output only. The location where 'pem_crl' can be accessed. - createTime
string
: Output only. The time at which this CertificateRevocationList was created. - labels
object
: Optional. Labels with user-defined metadata. - name
string
: Output only. The resource path for this CertificateRevocationList in the formatprojects/*/locations/*/certificateAuthorities/*/ certificateRevocationLists/*
. - pemCrl
string
: Output only. The PEM-encoded X.509 CRL. - revokedCertificates
array
: Output only. The revoked serial numbers that appear in pem_crl.- items RevokedCertificate
- sequenceNumber
string
: Output only. The CRL sequence number that appears in pem_crl. - state
string
(values: STATE_UNSPECIFIED, ACTIVE, SUPERSEDED): Output only. The State for this CertificateRevocationList. - updateTime
string
: Output only. The time at which this CertificateRevocationList was updated.
- accessUrl
DisableCertificateAuthorityRequest
- DisableCertificateAuthorityRequest
object
: Request message for CertificateAuthorityService.DisableCertificateAuthority.- requestId
string
: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- requestId
Empty
- Empty
object
: A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation forEmpty
is empty JSON object{}
.
EnableCertificateAuthorityRequest
- EnableCertificateAuthorityRequest
object
: Request message for CertificateAuthorityService.EnableCertificateAuthority.- requestId
string
: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- requestId
Expr
- Expr
object
: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.- description
string
: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. - expression
string
: Textual representation of an expression in Common Expression Language syntax. - location
string
: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. - title
string
: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description
ExtendedKeyUsageOptions
- ExtendedKeyUsageOptions
object
: KeyUsage.ExtendedKeyUsageOptions has fields that correspond to certain common OIDs that could be specified as an extended key usage value.- clientAuth
boolean
: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. - codeSigning
boolean
: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". - emailProtection
boolean
: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". - ocspSigning
boolean
: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". - serverAuth
boolean
: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. - timeStamping
boolean
: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- clientAuth
FetchCertificateAuthorityCsrResponse
- FetchCertificateAuthorityCsrResponse
object
: Response message for CertificateAuthorityService.FetchCertificateAuthorityCsr.- pemCsr
string
: Output only. The PEM-encoded signed certificate signing request (CSR).
- pemCsr
IssuanceModes
- IssuanceModes
object
: IssuanceModes specifies the allowed ways in which Certificates may be requested from this CertificateAuthority.- allowConfigBasedIssuance
boolean
: Required. When true, allows callers to create Certificates by specifying a CertificateConfig. - allowCsrBasedIssuance
boolean
: Required. When true, allows callers to create Certificates by specifying a CSR.
- allowConfigBasedIssuance
IssuingOptions
- IssuingOptions
object
: Options that affect all certificates issued by a CertificateAuthority.- includeCaCertUrl
boolean
: Required. When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension. - includeCrlAccessUrl
boolean
: Required. When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.
- includeCaCertUrl
KeyId
- KeyId
object
: A KeyId identifies a specific public key, usually by hashing the public key.- keyId
string
: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
- keyId
KeyUsage
- KeyUsage
object
: A KeyUsage describes key usage values that may appear in an X.509 certificate.- baseKeyUsage KeyUsageOptions
- extendedKeyUsage ExtendedKeyUsageOptions
- unknownExtendedKeyUsages
array
: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.- items ObjectId
KeyUsageOptions
- KeyUsageOptions
object
: KeyUsage.KeyUsageOptions corresponds to the key usage values described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.- certSign `bo