@datafire/google_privateca

Client library for Certificate Authority API

Installation and Usage

npm install --save @datafire/google_privateca

let google_privateca = require('@datafire/google_privateca').create({
  access_token: "",
  refresh_token: "",
  client_id: "",
  client_secret: "",
  redirect_uri: ""
});

.then(data => {
  console.log(data);
});

Description

The Certificate Authority Service API is a highly-available, scalable service that enables you to simplify and automate the management of private certificate authorities (CAs) while staying in control of your private keys."

Actions

oauthCallback

Exchange the code passed to your redirect URI for an access_token

google_privateca.oauthCallback({
  "code": ""
}, context)

Input

• input object
  • code required string

Output

• output object
  • access_token string
  • refresh_token string
  • token_type string
  • scope string
  • expiration string

oauthRefresh

Exchange a refresh_token for an access_token

google_privateca.oauthRefresh(null, context)

Input

This action has no parameters

Output

• output object
  • access_token string
  • refresh_token string
  • token_type string
  • scope string
  • expiration string

privateca.projects.locations.operations.delete

Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns google.rpc.Code.UNIMPLEMENTED.

google_privateca.privateca.projects.locations.operations.delete({
  "name": ""
}, context)

Input

• input object
  • name required string: The name of the operation resource to be deleted.
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Empty

privateca.projects.locations.reusableConfigs.get

Returns a ReusableConfig.

google_privateca.privateca.projects.locations.reusableConfigs.get({
  "name": ""
}, context)

Input

• input object
  • name required string: Required. The name of the ReusableConfigs to get.
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output ReusableConfig

privateca.projects.locations.certificateAuthorities.certificates.patch

Update a Certificate. Currently, the only field you can update is the labels field.

google_privateca.privateca.projects.locations.certificateAuthorities.certificates.patch({
  "name": ""
}, context)

Input

• input object
  • name required string: Output only. The resource path for this Certificate in the format projects/*/locations/*/certificateAuthorities/*/certificates/*.
  • requestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
  • updateMask string: Required. A list of fields to be updated in this request.
  • body Certificate
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Certificate

privateca.projects.locations.list

Lists information about the supported locations for this service.

google_privateca.privateca.projects.locations.list({
  "name": ""
}, context)

Input

• input object
  • name required string: The resource that owns the locations collection, if applicable.
  • filter string: The standard list filter.
  • pageSize integer: The standard list page size.
  • pageToken string: The standard list page token.
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output ListLocationsResponse

privateca.projects.locations.operations.list

Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns UNIMPLEMENTED. NOTE: the name binding allows API services to override the binding to use different resource name schemes, such as users/*/operations. To override the binding, API services can add a binding such as "/v1/{name=users/*}/operations" to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.

google_privateca.privateca.projects.locations.operations.list({
  "name": ""
}, context)

Input

• input object
  • name required string: The name of the operation's parent resource.
  • filter string: The standard list filter.
  • pageSize integer: The standard list page size.
  • pageToken string: The standard list page token.
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output ListOperationsResponse

privateca.projects.locations.certificateAuthorities.activate

Activate a CertificateAuthority that is in state PENDING_ACTIVATION and is of type SUBORDINATE. After the parent Certificate Authority signs a certificate signing request from FetchCertificateAuthorityCsr, this method can complete the activation process.

google_privateca.privateca.projects.locations.certificateAuthorities.activate({
  "name": ""
}, context)

Input

• input object
  • name required string: Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
  • body ActivateCertificateAuthorityRequest
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Operation

privateca.projects.locations.operations.cancel

Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns google.rpc.Code.UNIMPLEMENTED. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED.

google_privateca.privateca.projects.locations.operations.cancel({
  "name": ""
}, context)

Input

• input object
  • name required string: The name of the operation resource to be cancelled.
  • body CancelOperationRequest
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Empty

privateca.projects.locations.certificateAuthorities.disable

Disable a CertificateAuthority.

google_privateca.privateca.projects.locations.certificateAuthorities.disable({
  "name": ""
}, context)

Input

• input object
  • name required string: Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
  • body DisableCertificateAuthorityRequest
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Operation

privateca.projects.locations.certificateAuthorities.enable

Enable a CertificateAuthority.

google_privateca.privateca.projects.locations.certificateAuthorities.enable({
  "name": ""
}, context)

Input

• input object
  • name required string: Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
  • body EnableCertificateAuthorityRequest
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Operation

privateca.projects.locations.certificateAuthorities.fetch

Fetch a certificate signing request (CSR) from a CertificateAuthority that is in state PENDING_ACTIVATION and is of type SUBORDINATE. The CSR must then be signed by the desired parent Certificate Authority, which could be another CertificateAuthority resource, or could be an on-prem certificate authority. See also ActivateCertificateAuthority.

google_privateca.privateca.projects.locations.certificateAuthorities.fetch({
  "name": ""
}, context)

Input

• input object
  • name required string: Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output FetchCertificateAuthorityCsrResponse

privateca.projects.locations.certificateAuthorities.restore

Restore a CertificateAuthority that is scheduled for deletion.

google_privateca.privateca.projects.locations.certificateAuthorities.restore({
  "name": ""
}, context)

Input

• input object
  • name required string: Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
  • body RestoreCertificateAuthorityRequest
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Operation

privateca.projects.locations.certificateAuthorities.certificates.revoke

Revoke a Certificate.

google_privateca.privateca.projects.locations.certificateAuthorities.certificates.revoke({
  "name": ""
}, context)

Input

• input object
  • name required string: Required. The resource name for this Certificate in the format projects/*/locations/*/certificateAuthorities/*/certificates/*.
  • body RevokeCertificateRequest
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Certificate

privateca.projects.locations.certificateAuthorities.scheduleDelete

Schedule a CertificateAuthority for deletion.

google_privateca.privateca.projects.locations.certificateAuthorities.scheduleDelete({
  "name": ""
}, context)

Input

• input object
  • name required string: Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
  • body ScheduleDeleteCertificateAuthorityRequest
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Operation

privateca.projects.locations.certificateAuthorities.list

Lists CertificateAuthorities.

google_privateca.privateca.projects.locations.certificateAuthorities.list({
  "parent": ""
}, context)

Input

• input object
  • parent required string: Required. The resource name of the location associated with the CertificateAuthorities, in the format projects/*/locations/*.
  • filter string: Optional. Only include resources that match the filter in the response.
  • orderBy string: Optional. Specify how the results should be sorted.
  • pageSize integer: Optional. Limit on the number of CertificateAuthorities to include in the response. Further CertificateAuthorities can subsequently be obtained by including the ListCertificateAuthoritiesResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
  • pageToken string: Optional. Pagination token, returned earlier via ListCertificateAuthoritiesResponse.next_page_token.
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output ListCertificateAuthoritiesResponse

privateca.projects.locations.certificateAuthorities.create

Create a new CertificateAuthority in a given Project and Location.

google_privateca.privateca.projects.locations.certificateAuthorities.create({
  "parent": ""
}, context)

Input

• input object
  • parent required string: Required. The resource name of the location associated with the CertificateAuthorities, in the format projects/*/locations/*.
  • certificateAuthorityId string: Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
  • requestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
  • body CertificateAuthority
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Operation

privateca.projects.locations.certificateAuthorities.certificateRevocationLists.list

Lists CertificateRevocationLists.

google_privateca.privateca.projects.locations.certificateAuthorities.certificateRevocationLists.list({
  "parent": ""
}, context)

Input

• input object
  • parent required string: Required. The resource name of the location associated with the CertificateRevocationLists, in the format projects/*/locations/*/certificateauthorities/*.
  • filter string: Optional. Only include resources that match the filter in the response.
  • orderBy string: Optional. Specify how the results should be sorted.
  • pageSize integer: Optional. Limit on the number of CertificateRevocationLists to include in the response. Further CertificateRevocationLists can subsequently be obtained by including the ListCertificateRevocationListsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
  • pageToken string: Optional. Pagination token, returned earlier via ListCertificateRevocationListsResponse.next_page_token.
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output ListCertificateRevocationListsResponse

privateca.projects.locations.certificateAuthorities.certificates.list

Lists Certificates.

google_privateca.privateca.projects.locations.certificateAuthorities.certificates.list({
  "parent": ""
}, context)

Input

• input object
  • parent required string: Required. The resource name of the location associated with the Certificates, in the format projects/*/locations/*/certificateauthorities/*.
  • filter string: Optional. Only include resources that match the filter in the response. For details on supported filters and syntax, see Certificates Filtering documentation.
  • orderBy string: Optional. Specify how the results should be sorted. For details on supported fields and syntax, see Certificates Sorting documentation.
  • pageSize integer: Optional. Limit on the number of Certificates to include in the response. Further Certificates can subsequently be obtained by including the ListCertificatesResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
  • pageToken string: Optional. Pagination token, returned earlier via ListCertificatesResponse.next_page_token.
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output ListCertificatesResponse

privateca.projects.locations.certificateAuthorities.certificates.create

Create a new Certificate in a given Project, Location from a particular CertificateAuthority.

google_privateca.privateca.projects.locations.certificateAuthorities.certificates.create({
  "parent": ""
}, context)

Input

• input object
  • parent required string: Required. The resource name of the location and CertificateAuthority associated with the Certificate, in the format projects/*/locations/*/certificateAuthorities/*.
  • certificateId string: Optional. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.Tier, but is optional and its value is ignored otherwise.
  • requestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
  • body Certificate
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Certificate

privateca.projects.locations.reusableConfigs.list

Lists ReusableConfigs.

google_privateca.privateca.projects.locations.reusableConfigs.list({
  "parent": ""
}, context)

Input

• input object
  • parent required string: Required. The resource name of the location associated with the ReusableConfigs, in the format projects/*/locations/*.
  • filter string: Optional. Only include resources that match the filter in the response.
  • orderBy string: Optional. Specify how the results should be sorted.
  • pageSize integer: Optional. Limit on the number of ReusableConfigs to include in the response. Further ReusableConfigs can subsequently be obtained by including the ListReusableConfigsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
  • pageToken string: Optional. Pagination token, returned earlier via ListReusableConfigsResponse.next_page_token.
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output ListReusableConfigsResponse

privateca.projects.locations.reusableConfigs.getIamPolicy

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

google_privateca.privateca.projects.locations.reusableConfigs.getIamPolicy({
  "resource": ""
}, context)

Input

• input object
  • resource required string: REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
  • options.requestedPolicyVersion integer: Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Policy

privateca.projects.locations.reusableConfigs.setIamPolicy

Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.

google_privateca.privateca.projects.locations.reusableConfigs.setIamPolicy({
  "resource": ""
}, context)

Input

• input object
  • resource required string: REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
  • body SetIamPolicyRequest
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output Policy

privateca.projects.locations.reusableConfigs.testIamPermissions

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

google_privateca.privateca.projects.locations.reusableConfigs.testIamPermissions({
  "resource": ""
}, context)

Input

• input object
  • resource required string: REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
  • body TestIamPermissionsRequest
  • $.xgafv string (values: 1, 2): V1 error format.
  • access_token string: OAuth access token.
  • alt string (values: json, media, proto): Data format for response.
  • callback string: JSONP
  • fields string: Selector specifying which fields to include in a partial response.
  • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • oauth_token string: OAuth 2.0 token for the current user.
  • prettyPrint boolean: Returns response with indentations and line breaks.
  • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
  • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

• output TestIamPermissionsResponse

Definitions

AccessUrls

• AccessUrls object: URLs where a CertificateAuthority will publish content.
  • caCertificateAccessUrl string: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.
  • crlAccessUrl string: The URL where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.

ActivateCertificateAuthorityRequest

• ActivateCertificateAuthorityRequest object: Request message for CertificateAuthorityService.ActivateCertificateAuthority.
  • pemCaCertificate string: Required. The signed CA certificate issued from FetchCertificateAuthorityCsrResponse.pem_csr.
  • requestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
  • subordinateConfig SubordinateConfig

AllowedConfigList

• AllowedConfigList object
  • allowedConfigValues array: Required. All Certificates issued by the CertificateAuthority must match at least one listed ReusableConfigWrapper. If a ReusableConfigWrapper has an empty field, any value will be allowed for that field.
    • items ReusableConfigWrapper

AllowedSubjectAltNames

• AllowedSubjectAltNames object: AllowedSubjectAltNames specifies the allowed values for SubjectAltNames by the CertificateAuthority when issuing Certificates.
  • allowCustomSans boolean: Optional. Specifies if to allow custom X509Extension values.
  • allowGlobbingDnsWildcards boolean: Optional. Specifies if glob patterns used for allowed_dns_names allow wildcard certificates. If this is set, certificate requests with wildcard domains will be permitted to match a glob pattern specified in allowed_dns_names. Otherwise, certificate requests with wildcard domains will be permitted only if allowed_dns_names contains a literal wildcard.
  • allowedDnsNames array: Optional. Contains valid, fully-qualified host names. Glob patterns are also supported. To allow an explicit wildcard certificate, escape with backlash (i.e. "*"). E.g. for globbed entries: 'bar.com' will allow 'foo.bar.com', but not '.bar.com', unless the allow_globbing_dns_wildcards field is set. E.g. for wildcard entries: '*.bar.com' will allow '*.bar.com', but not 'foo.bar.com'.
    • items string
  • allowedEmailAddresses array: Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also supported.
    • items string
  • allowedIps array: Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6 addresses and subnet ranges. Subnet ranges are specified using the '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns are supported only for ip address entries (i.e. not for subnet ranges).
    • items string
  • allowedUris array: Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To match across path seperators (i.e. '/') use the double star glob pattern (i.e. '**').
    • items string

AuditConfig

• AuditConfig object: Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:[email protected]" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:[email protected]" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts [email protected] from DATA_READ logging, and [email protected] from DATA_WRITE logging.
  • auditLogConfigs array: The configuration for logging of each type of permission.
    • items AuditLogConfig
  • service string: Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

AuditLogConfig

• AuditLogConfig object: Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:[email protected]" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting [email protected] from DATA_READ logging.
  • exemptedMembers array: Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
    • items string
  • logType string (values: LOG_TYPE_UNSPECIFIED, ADMIN_READ, DATA_WRITE, DATA_READ): The log type that this config enables.

Binding

• Binding object: Associates members with a role.
  • condition Expr
  • members array: Specifies the identities requesting access for a Cloud Platform resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. * user:{emailid}: An email address that represents a specific Google account. For example, [email protected] . * serviceAccount:{emailid}: An email address that represents a service account. For example, [email protected]. * group:{emailid}: An email address that represents a Google group. For example, [email protected]. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, [email protected]?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, [email protected]?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, [email protected]?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com.
    • items string
  • role string: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.

CaOptions

• CaOptions object: Describes values that are relevant in a CA certificate.
  • isCa boolean: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.
  • maxIssuerPathLength integer: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.

CancelOperationRequest

• CancelOperationRequest object: The request message for Operations.CancelOperation.

Certificate

• Certificate object: A Certificate corresponds to a signed X.509 certificate issued by a CertificateAuthority.
  • certificateDescription CertificateDescription
  • config CertificateConfig
  • createTime string: Output only. The time at which this Certificate was created.
  • labels object: Optional. Labels with user-defined metadata.
  • lifetime string: Required. Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
  • name string: Output only. The resource path for this Certificate in the format projects/*/locations/*/certificateAuthorities/*/certificates/*.
  • pemCertificate string: Output only. The pem-encoded, signed X.509 certificate.
  • pemCertificateChain array: Output only. The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
    • items string
  • pemCsr string: Immutable. A pem-encoded X.509 certificate signing request (CSR).
  • revocationDetails RevocationDetails
  • updateTime string: Output only. The time at which this Certificate was updated.

CertificateAuthority

• CertificateAuthority object: A CertificateAuthority represents an individual Certificate Authority. A CertificateAuthority can be used to create Certificates.
  • accessUrls AccessUrls
  • caCertificateDescriptions array: Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
    • items CertificateDescription
  • certificatePolicy CertificateAuthorityPolicy
  • config CertificateConfig
  • createTime string: Output only. The time at which this CertificateAuthority was created.
  • deleteTime string: Output only. The time at which this CertificateAuthority will be deleted, if scheduled for deletion.
  • gcsBucket string: Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.
  • issuingOptions IssuingOptions
  • keySpec KeyVersionSpec
  • labels object: Optional. Labels with user-defined metadata.
  • lifetime string: Required. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
  • name string: Output only. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.
  • pemCaCertificates array: Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
    • items string
  • state string (values: STATE_UNSPECIFIED, ENABLED, DISABLED, PENDING_ACTIVATION, PENDING_DELETION): Output only. The State for this CertificateAuthority.
  • subordinateConfig SubordinateConfig
  • tier string (values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS): Required. Immutable. The Tier of this CertificateAuthority.
  • type string (values: TYPE_UNSPECIFIED, SELF_SIGNED, SUBORDINATE): Required. Immutable. The Type of this CertificateAuthority.
  • updateTime string: Output only. The time at which this CertificateAuthority was updated.

CertificateAuthorityPolicy

• CertificateAuthorityPolicy object: The issuing policy for a CertificateAuthority. Certificates will not be successfully issued from this CertificateAuthority if they violate the policy.
  • allowedCommonNames array: Optional. If any value is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed value. If no value is specified, all values will be allowed for this fied. Glob patterns are also supported.
    • items string
  • allowedConfigList AllowedConfigList
  • allowedIssuanceModes IssuanceModes
  • allowedLocationsAndOrganizations array: Optional. If any Subject is specified here, then all Certificates issued by the CertificateAuthority must match at least one listed Subject. If a Subject has an empty field, any value will be allowed for that field.
    • items Subject
  • allowedSans AllowedSubjectAltNames
  • maximumLifetime string: Optional. The maximum lifetime allowed by the CertificateAuthority. Note that if the any part if the issuing chain expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated.
  • overwriteConfigValues ReusableConfigWrapper

CertificateConfig

• CertificateConfig object: A CertificateConfig describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.
  • publicKey PublicKey
  • reusableConfig ReusableConfigWrapper
  • subjectConfig SubjectConfig

CertificateDescription

• CertificateDescription object: A CertificateDescription describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.
  • aiaIssuingCertificateUrls array: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
    • items string
  • authorityKeyId KeyId
  • certFingerprint CertificateFingerprint
  • configValues ReusableConfigValues
  • crlDistributionPoints array: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
    • items string
  • publicKey PublicKey
  • subjectDescription SubjectDescription
  • subjectKeyId KeyId

CertificateFingerprint

• CertificateFingerprint object: A group of fingerprints for the x509 certificate.
  • sha256Hash string: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

CertificateRevocationList

• CertificateRevocationList object: A CertificateRevocationList corresponds to a signed X.509 certificate Revocation List (CRL). A CRL contains the serial numbers of certificates that should no longer be trusted.
  • accessUrl string: Output only. The location where 'pem_crl' can be accessed.
  • createTime string: Output only. The time at which this CertificateRevocationList was created.
  • labels object: Optional. Labels with user-defined metadata.
  • name string: Output only. The resource path for this CertificateRevocationList in the format projects/*/locations/*/certificateAuthorities/*/ certificateRevocationLists/*.
  • pemCrl string: Output only. The PEM-encoded X.509 CRL.
  • revokedCertificates array: Output only. The revoked serial numbers that appear in pem_crl.
    • items RevokedCertificate
  • sequenceNumber string: Output only. The CRL sequence number that appears in pem_crl.
  • state string (values: STATE_UNSPECIFIED, ACTIVE, SUPERSEDED): Output only. The State for this CertificateRevocationList.
  • updateTime string: Output only. The time at which this CertificateRevocationList was updated.

DisableCertificateAuthorityRequest

• DisableCertificateAuthorityRequest object: Request message for CertificateAuthorityService.DisableCertificateAuthority.
  • requestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

Empty

• Empty object: A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}.

EnableCertificateAuthorityRequest

• EnableCertificateAuthorityRequest object: Request message for CertificateAuthorityService.EnableCertificateAuthority.
  • requestId string: Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

Expr

• Expr object: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
  • description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
  • expression string: Textual representation of an expression in Common Expression Language syntax.
  • location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
  • title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

ExtendedKeyUsageOptions

• ExtendedKeyUsageOptions object: KeyUsage.ExtendedKeyUsageOptions has fields that correspond to certain common OIDs that could be specified as an extended key usage value.
  • clientAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
  • codeSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
  • emailProtection boolean: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
  • ocspSigning boolean: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
  • serverAuth boolean: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
  • timeStamping boolean: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".

FetchCertificateAuthorityCsrResponse

• FetchCertificateAuthorityCsrResponse object: Response message for CertificateAuthorityService.FetchCertificateAuthorityCsr.
  • pemCsr string: Output only. The PEM-encoded signed certificate signing request (CSR).

IssuanceModes

• IssuanceModes object: IssuanceModes specifies the allowed ways in which Certificates may be requested from this CertificateAuthority.
  • allowConfigBasedIssuance boolean: Required. When true, allows callers to create Certificates by specifying a CertificateConfig.
  • allowCsrBasedIssuance boolean: Required. When true, allows callers to create Certificates by specifying a CSR.

IssuingOptions

• IssuingOptions object: Options that affect all certificates issued by a CertificateAuthority.
  • includeCaCertUrl boolean: Required. When true, includes a URL to the issuing CA certificate in the "authority information access" X.509 extension.
  • includeCrlAccessUrl boolean: Required. When true, includes a URL to the CRL corresponding to certificates issued from a CertificateAuthority. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.

KeyId

• KeyId object: A KeyId identifies a specific public key, usually by hashing the public key.
  • keyId string: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

KeyUsage

• KeyUsage object: A KeyUsage describes key usage values that may appear in an X.509 certificate.
  • baseKeyUsage KeyUsageOptions
  • extendedKeyUsage ExtendedKeyUsageOptions
  • unknownExtendedKeyUsages array: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.
    • items ObjectId

KeyUsageOptions

• KeyUsageOptions object: KeyUsage.KeyUsageOptions corresponds to the key usage values described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
  • certSign `bo