blob: 64f3b15a2621553f84255d77498fdc9f66710a8a [file] [edit]
// Copyright 2021 Google LLC
//
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file or at
// https://developers.google.com/open-source/licenses/bsd
// This is a generated file (see the discoveryapis_generator project).
// ignore_for_file: camel_case_types
// ignore_for_file: comment_references
// ignore_for_file: deprecated_member_use_from_same_package
// ignore_for_file: doc_directive_unknown
// ignore_for_file: lines_longer_than_80_chars
// ignore_for_file: non_constant_identifier_names
// ignore_for_file: prefer_interpolation_to_compose_strings
// ignore_for_file: unintended_html_in_doc_comment
// ignore_for_file: unnecessary_brace_in_string_interps
// ignore_for_file: unnecessary_lambdas
// ignore_for_file: unnecessary_string_interpolations
/// Certificate Authority API - v1
///
/// The Certificate Authority Service API is a highly-available, scalable
/// service that enables you to simplify and automate the management of private
/// certificate authorities (CAs) while staying in control of your private keys.
///
/// For more information, see <https://cloud.google.com/>
///
/// Create an instance of [CertificateAuthorityServiceApi] to access these
/// resources:
///
/// - [ProjectsResource]
/// - [ProjectsLocationsResource]
/// - [ProjectsLocationsCaPoolsResource]
/// - [ProjectsLocationsCaPoolsCertificateAuthoritiesResource]
/// -
/// [ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsResource]
/// - [ProjectsLocationsCaPoolsCertificatesResource]
/// - [ProjectsLocationsCertificateTemplatesResource]
/// - [ProjectsLocationsOperationsResource]
library;
import 'dart:async' as async;
import 'dart:convert' as convert;
import 'dart:core' as core;
import 'package:_discoveryapis_commons/_discoveryapis_commons.dart' as commons;
import 'package:http/http.dart' as http;
import '../shared.dart';
import '../src/user_agent.dart';
export 'package:_discoveryapis_commons/_discoveryapis_commons.dart'
show ApiRequestError, DetailedApiRequestError;
/// The Certificate Authority Service API is a highly-available, scalable
/// service that enables you to simplify and automate the management of private
/// certificate authorities (CAs) while staying in control of your private keys.
class CertificateAuthorityServiceApi {
/// See, edit, configure, and delete your Google Cloud data and see the email
/// address for your Google Account.
static const cloudPlatformScope =
'https://www.googleapis.com/auth/cloud-platform';
final commons.ApiRequester _requester;
ProjectsResource get projects => ProjectsResource(_requester);
CertificateAuthorityServiceApi(
http.Client client, {
core.String rootUrl = 'https://privateca.googleapis.com/',
core.String servicePath = '',
}) : _requester = commons.ApiRequester(
client,
rootUrl,
servicePath,
requestHeaders,
);
}
class ProjectsResource {
final commons.ApiRequester _requester;
ProjectsLocationsResource get locations =>
ProjectsLocationsResource(_requester);
ProjectsResource(commons.ApiRequester client) : _requester = client;
}
class ProjectsLocationsResource {
final commons.ApiRequester _requester;
ProjectsLocationsCaPoolsResource get caPools =>
ProjectsLocationsCaPoolsResource(_requester);
ProjectsLocationsCertificateTemplatesResource get certificateTemplates =>
ProjectsLocationsCertificateTemplatesResource(_requester);
ProjectsLocationsOperationsResource get operations =>
ProjectsLocationsOperationsResource(_requester);
ProjectsLocationsResource(commons.ApiRequester client) : _requester = client;
/// Gets information about a location.
///
/// Request parameters:
///
/// [name] - Resource name for the location.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Location].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Location> get(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Location.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists information about the supported locations for this service.
///
/// This method lists locations based on the resource scope provided in the
/// \[ListLocationsRequest.name\] field: * **Global locations**: If `name` is
/// empty, the method lists the public locations available to all projects. *
/// **Project-specific locations**: If `name` follows the format
/// `projects/{project}`, the method lists locations visible to that specific
/// project. This includes public, private, or other project-specific
/// locations enabled for the project. For gRPC and client library
/// implementations, the resource name is passed as the `name` field. For
/// direct service calls, the resource name is incorporated into the request
/// path based on the specific service implementation and version.
///
/// Request parameters:
///
/// [name] - The resource that owns the locations collection, if applicable.
/// Value must have pattern `^projects/\[^/\]+$`.
///
/// [extraLocationTypes] - Optional. Do not use this field. It is unsupported
/// and is ignored unless explicitly documented otherwise. This is primarily
/// for internal usage.
///
/// [filter] - A filter to narrow down results to a preferred subset. The
/// filtering language accepts strings like `"displayName=tokyo"`, and is
/// documented in more detail in \[AIP-160\](https://google.aip.dev/160).
///
/// [pageSize] - The maximum number of results to return. If not set, the
/// service selects a default.
///
/// [pageToken] - A page token received from the `next_page_token` field in
/// the response. Send that page token to receive the subsequent page.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListLocationsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListLocationsResponse> list(
core.String name, {
core.List<core.String>? extraLocationTypes,
core.String? filter,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'extraLocationTypes': ?extraLocationTypes,
'filter': ?filter == null ? null : [filter],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + '/locations';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListLocationsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsCaPoolsResource {
final commons.ApiRequester _requester;
ProjectsLocationsCaPoolsCertificateAuthoritiesResource
get certificateAuthorities =>
ProjectsLocationsCaPoolsCertificateAuthoritiesResource(_requester);
ProjectsLocationsCaPoolsCertificatesResource get certificates =>
ProjectsLocationsCaPoolsCertificatesResource(_requester);
ProjectsLocationsCaPoolsResource(commons.ApiRequester client)
: _requester = client;
/// Create a CaPool.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// CaPool, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [caPoolId] - Required. It must be unique within a location and match the
/// regular expression `[a-zA-Z0-9_-]{1,63}`
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> create(
CaPool request,
core.String parent, {
core.String? caPoolId,
core.String? requestId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'caPoolId': ?caPoolId == null ? null : [caPoolId],
'requestId': ?requestId == null ? null : [requestId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/caPools';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Delete a CaPool.
///
/// Request parameters:
///
/// [name] - Required. The resource name for this CaPool in the format
/// `projects / * /locations / * /caPools / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [ignoreDependentResources] - Optional. This field allows this pool to be
/// deleted even if it's being depended on by another resource. However, doing
/// so may result in unintended and unrecoverable effects on any dependent
/// resources since the pool will no longer be able to issue certificates.
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> delete(
core.String name, {
core.bool? ignoreDependentResources,
core.String? requestId,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'ignoreDependentResources': ?ignoreDependentResources == null
? null
: ['${ignoreDependentResources}'],
'requestId': ?requestId == null ? null : [requestId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'DELETE',
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// FetchCaCerts returns the current trust anchor for the CaPool.
///
/// This will include CA certificate chains for all certificate authorities in
/// the ENABLED, DISABLED, or STAGED states.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [caPool] - Required. The resource name for the CaPool in the format
/// `projects / * /locations / * /caPools / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [FetchCaCertsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<FetchCaCertsResponse> fetchCaCerts(
FetchCaCertsRequest request,
core.String caPool, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$caPool') + ':fetchCaCerts';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return FetchCaCertsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Returns a CaPool.
///
/// Request parameters:
///
/// [name] - Required. The name of the CaPool to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CaPool].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CaPool> get(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return CaPool.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null
? null
: ['${options_requestedPolicyVersion}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists CaPools.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// CaPools, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response.
///
/// [orderBy] - Optional. Specify how the results should be sorted.
///
/// [pageSize] - Optional. Limit on the number of CaPools to include in the
/// response. Further CaPools can subsequently be obtained by including the
/// ListCaPoolsResponse.next_page_token in a subsequent request. If
/// unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Pagination token, returned earlier via
/// ListCaPoolsResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListCaPoolsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListCaPoolsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/caPools';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListCaPoolsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Update a CaPool.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. The resource name for this CaPool in the format
/// `projects / * /locations / * /caPools / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [updateMask] - Required. A list of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> patch(
CaPool request,
core.String name, {
core.String? requestId,
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'requestId': ?requestId == null ? null : [requestId],
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsCaPoolsCertificateAuthoritiesResource {
final commons.ApiRequester _requester;
ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsResource
get certificateRevocationLists =>
ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsResource(
_requester,
);
ProjectsLocationsCaPoolsCertificateAuthoritiesResource(
commons.ApiRequester client,
) : _requester = client;
/// Activate a CertificateAuthority that is in state AWAITING_USER_ACTIVATION
/// and is of type SUBORDINATE.
///
/// After the parent Certificate Authority signs a certificate signing request
/// from FetchCertificateAuthorityCsr, this method can complete the activation
/// process.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name for this CertificateAuthority in the
/// format `projects / * /locations / * /caPools / * /certificateAuthorities /
/// * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> activate(
ActivateCertificateAuthorityRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':activate';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Create a new CertificateAuthority in a given Project and Location.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the CaPool associated with the
/// CertificateAuthorities, in the format `projects / * /locations / *
/// /caPools / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [certificateAuthorityId] - Required. It must be unique within a location
/// and match the regular expression `[a-zA-Z0-9_-]{1,63}`
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> create(
CertificateAuthority request,
core.String parent, {
core.String? certificateAuthorityId,
core.String? requestId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'certificateAuthorityId': ?certificateAuthorityId == null
? null
: [certificateAuthorityId],
'requestId': ?requestId == null ? null : [requestId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$parent') + '/certificateAuthorities';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Delete a CertificateAuthority.
///
/// Request parameters:
///
/// [name] - Required. The resource name for this CertificateAuthority in the
/// format `projects / * /locations / * /caPools / * /certificateAuthorities /
/// * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+$`.
///
/// [ignoreActiveCertificates] - Optional. This field allows the CA to be
/// deleted even if the CA has active certs. Active certs include both
/// unrevoked and unexpired certs.
///
/// [ignoreDependentResources] - Optional. This field allows this CA to be
/// deleted even if it's being depended on by another resource. However, doing
/// so may result in unintended and unrecoverable effects on any dependent
/// resources since the CA will no longer be able to issue certificates.
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [skipGracePeriod] - Optional. If this flag is set, the Certificate
/// Authority will be deleted as soon as possible without a 30-day grace
/// period where undeletion would have been allowed. If you proceed, there
/// will be no way to recover this CA.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> delete(
core.String name, {
core.bool? ignoreActiveCertificates,
core.bool? ignoreDependentResources,
core.String? requestId,
core.bool? skipGracePeriod,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'ignoreActiveCertificates': ?ignoreActiveCertificates == null
? null
: ['${ignoreActiveCertificates}'],
'ignoreDependentResources': ?ignoreDependentResources == null
? null
: ['${ignoreDependentResources}'],
'requestId': ?requestId == null ? null : [requestId],
'skipGracePeriod': ?skipGracePeriod == null
? null
: ['${skipGracePeriod}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'DELETE',
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Disable a CertificateAuthority.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name for this CertificateAuthority in the
/// format `projects / * /locations / * /caPools / * /certificateAuthorities /
/// * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> disable(
DisableCertificateAuthorityRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':disable';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Enable a CertificateAuthority.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name for this CertificateAuthority in the
/// format `projects / * /locations / * /caPools / * /certificateAuthorities /
/// * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> enable(
EnableCertificateAuthorityRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':enable';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Fetch a certificate signing request (CSR) from a CertificateAuthority that
/// is in state AWAITING_USER_ACTIVATION and is of type SUBORDINATE.
///
/// The CSR must then be signed by the desired parent Certificate Authority,
/// which could be another CertificateAuthority resource, or could be an
/// on-prem certificate authority. See also ActivateCertificateAuthority.
///
/// Request parameters:
///
/// [name] - Required. The resource name for this CertificateAuthority in the
/// format `projects / * /locations / * /caPools / * /certificateAuthorities /
/// * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [FetchCertificateAuthorityCsrResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<FetchCertificateAuthorityCsrResponse> fetch(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':fetch';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return FetchCertificateAuthorityCsrResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Returns a CertificateAuthority.
///
/// Request parameters:
///
/// [name] - Required. The name of the CertificateAuthority to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CertificateAuthority].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CertificateAuthority> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return CertificateAuthority.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Lists CertificateAuthorities.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the CaPool associated with the
/// CertificateAuthorities, in the format `projects / * /locations / *
/// /caPools / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response.
///
/// [orderBy] - Optional. Specify how the results should be sorted.
///
/// [pageSize] - Optional. Limit on the number of CertificateAuthorities to
/// include in the response. Further CertificateAuthorities can subsequently
/// be obtained by including the
/// ListCertificateAuthoritiesResponse.next_page_token in a subsequent
/// request. If unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Pagination token, returned earlier via
/// ListCertificateAuthoritiesResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListCertificateAuthoritiesResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListCertificateAuthoritiesResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$parent') + '/certificateAuthorities';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListCertificateAuthoritiesResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Update a CertificateAuthority.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. The resource name for this CertificateAuthority in
/// the format `projects / * /locations / * /caPools / *
/// /certificateAuthorities / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+$`.
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [updateMask] - Required. A list of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> patch(
CertificateAuthority request,
core.String name, {
core.String? requestId,
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'requestId': ?requestId == null ? null : [requestId],
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Undelete a CertificateAuthority that has been deleted.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name for this CertificateAuthority in the
/// format `projects / * /locations / * /caPools / * /certificateAuthorities /
/// * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> undelete(
UndeleteCertificateAuthorityRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':undelete';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
}
class ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsResource {
final commons.ApiRequester _requester;
ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsResource(
commons.ApiRequester client,
) : _requester = client;
/// Returns a CertificateRevocationList.
///
/// Request parameters:
///
/// [name] - Required. The name of the CertificateRevocationList to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+/certificateRevocationLists/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CertificateRevocationList].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CertificateRevocationList> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return CertificateRevocationList.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+/certificateRevocationLists/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null
? null
: ['${options_requestedPolicyVersion}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists CertificateRevocationLists.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// CertificateRevocationLists, in the format `projects / * /locations / *
/// /caPools / * /certificateAuthorities / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response.
///
/// [orderBy] - Optional. Specify how the results should be sorted.
///
/// [pageSize] - Optional. Limit on the number of CertificateRevocationLists
/// to include in the response. Further CertificateRevocationLists can
/// subsequently be obtained by including the
/// ListCertificateRevocationListsResponse.next_page_token in a subsequent
/// request. If unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Pagination token, returned earlier via
/// ListCertificateRevocationListsResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListCertificateRevocationListsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListCertificateRevocationListsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$parent') + '/certificateRevocationLists';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListCertificateRevocationListsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Update a CertificateRevocationList.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. The resource name for this CertificateRevocationList
/// in the format `projects / * /locations / * /caPools / *
/// certificateAuthorities / * / certificateRevocationLists / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+/certificateRevocationLists/\[^/\]+$`.
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [updateMask] - Required. A list of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> patch(
CertificateRevocationList request,
core.String name, {
core.String? requestId,
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'requestId': ?requestId == null ? null : [requestId],
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+/certificateRevocationLists/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificateAuthorities/\[^/\]+/certificateRevocationLists/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsCaPoolsCertificatesResource {
final commons.ApiRequester _requester;
ProjectsLocationsCaPoolsCertificatesResource(commons.ApiRequester client)
: _requester = client;
/// Create a new Certificate in a given Project, Location from a particular
/// CaPool.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the CaPool associated with the
/// Certificate, in the format `projects / * /locations / * /caPools / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [certificateId] - Optional. It must be unique within a location and match
/// the regular expression `[a-zA-Z0-9_-]{1,63}`. This field is required when
/// using a CertificateAuthority in the Enterprise CertificateAuthority.tier,
/// but is optional and its value is ignored otherwise.
///
/// [issuingCertificateAuthorityId] - Optional. The resource ID of the
/// CertificateAuthority that should issue the certificate. This optional
/// field will ignore the load-balancing scheme of the Pool and directly issue
/// the certificate from the CA with the specified ID, contained in the same
/// CaPool referenced by `parent`. Per-CA quota rules apply. If left empty, a
/// CertificateAuthority will be chosen from the CaPool by the service. For
/// example, to issue a Certificate from a Certificate Authority with resource
/// name
/// "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
/// you can set the parent to
/// "projects/my-project/locations/us-central1/caPools/my-pool" and the
/// issuing_certificate_authority_id to "my-ca".
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [validateOnly] - Optional. If this is true, no Certificate resource will
/// be persisted regardless of the CaPool's tier, and the returned Certificate
/// will not contain the pem_certificate field.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Certificate].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Certificate> create(
Certificate request,
core.String parent, {
core.String? certificateId,
core.String? issuingCertificateAuthorityId,
core.String? requestId,
core.bool? validateOnly,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'certificateId': ?certificateId == null ? null : [certificateId],
'issuingCertificateAuthorityId': ?issuingCertificateAuthorityId == null
? null
: [issuingCertificateAuthorityId],
'requestId': ?requestId == null ? null : [requestId],
'validateOnly': ?validateOnly == null ? null : ['${validateOnly}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/certificates';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Certificate.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Returns a Certificate.
///
/// Request parameters:
///
/// [name] - Required. The name of the Certificate to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificates/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Certificate].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Certificate> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Certificate.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Lists Certificates.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the parent associated with the
/// Certificates, in the format `projects / * /locations / * /caPools / * `.
/// The parent resource name can be in one of two forms: 1. **Specific CA
/// Pool:** To list certificates within a single CA Pool: `projects / *
/// /locations / * /caPools / * ` 2. **All CA Pools in a Location:** To list
/// certificates across *all* CA Pools in a given project and location, use
/// the wildcard character (`-`) in place of the CA Pool ID. Example:
/// `projects / * /locations / * /caPools/-` See
/// go/ccfe-nested-collections#aggregate-listing for more details.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For details on supported filters and syntax, see
/// [Certificates Filtering documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
///
/// [orderBy] - Optional. Specify how the results should be sorted. For
/// details on supported fields and syntax, see
/// [Certificates Sorting documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
///
/// [pageSize] - Optional. Limit on the number of Certificates to include in
/// the response. Further Certificates can subsequently be obtained by
/// including the ListCertificatesResponse.next_page_token in a subsequent
/// request. If unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Pagination token, returned earlier via
/// ListCertificatesResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListCertificatesResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListCertificatesResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/certificates';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListCertificatesResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Update a Certificate.
///
/// Currently, the only field you can update is the labels field.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. The resource name for this Certificate in the format
/// `projects / * /locations / * /caPools / * /certificates / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificates/\[^/\]+$`.
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [updateMask] - Required. A list of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Certificate].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Certificate> patch(
Certificate request,
core.String name, {
core.String? requestId,
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'requestId': ?requestId == null ? null : [requestId],
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return Certificate.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Revoke a Certificate.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name for this Certificate in the format
/// `projects / * /locations / * /caPools / * /certificates / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/caPools/\[^/\]+/certificates/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Certificate].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Certificate> revoke(
RevokeCertificateRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':revoke';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Certificate.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsCertificateTemplatesResource {
final commons.ApiRequester _requester;
ProjectsLocationsCertificateTemplatesResource(commons.ApiRequester client)
: _requester = client;
/// Create a new CertificateTemplate in a given Project and Location.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// CertificateTemplate, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [certificateTemplateId] - Required. It must be unique within a location
/// and match the regular expression `[a-zA-Z0-9_-]{1,63}`
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> create(
CertificateTemplate request,
core.String parent, {
core.String? certificateTemplateId,
core.String? requestId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'certificateTemplateId': ?certificateTemplateId == null
? null
: [certificateTemplateId],
'requestId': ?requestId == null ? null : [requestId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$parent') + '/certificateTemplates';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// DeleteCertificateTemplate deletes a CertificateTemplate.
///
/// Request parameters:
///
/// [name] - Required. The resource name for this CertificateTemplate in the
/// format `projects / * /locations / * /certificateTemplates / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/certificateTemplates/\[^/\]+$`.
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> delete(
core.String name, {
core.String? requestId,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'requestId': ?requestId == null ? null : [requestId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'DELETE',
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns a CertificateTemplate.
///
/// Request parameters:
///
/// [name] - Required. The name of the CertificateTemplate to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/certificateTemplates/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CertificateTemplate].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CertificateTemplate> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return CertificateTemplate.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/certificateTemplates/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null
? null
: ['${options_requestedPolicyVersion}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists CertificateTemplates.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// CertificateTemplates, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response.
///
/// [orderBy] - Optional. Specify how the results should be sorted.
///
/// [pageSize] - Optional. Limit on the number of CertificateTemplates to
/// include in the response. Further CertificateTemplates can subsequently be
/// obtained by including the ListCertificateTemplatesResponse.next_page_token
/// in a subsequent request. If unspecified, the server will pick an
/// appropriate default.
///
/// [pageToken] - Optional. Pagination token, returned earlier via
/// ListCertificateTemplatesResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListCertificateTemplatesResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListCertificateTemplatesResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$parent') + '/certificateTemplates';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListCertificateTemplatesResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Update a CertificateTemplate.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. The resource name for this CertificateTemplate in the
/// format `projects / * /locations / * /certificateTemplates / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/certificateTemplates/\[^/\]+$`.
///
/// [requestId] - Optional. An ID to identify requests. Specify a unique
/// request ID so that if you must retry your request, the server will know to
/// ignore the request if it has already been completed. The server will
/// guarantee that for at least 60 minutes since the first request. For
/// example, consider a situation where you make an initial request and the
/// request times out. If you make the request again with the same request ID,
/// the server can check if original operation with the same request ID was
/// received, and if so, will ignore the second request. This prevents clients
/// from accidentally creating duplicate commitments. The request ID must be a
/// valid UUID with the exception that zero UUID is not supported
/// (00000000-0000-0000-0000-000000000000).
///
/// [updateMask] - Required. A list of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> patch(
CertificateTemplate request,
core.String name, {
core.String? requestId,
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'requestId': ?requestId == null ? null : [requestId],
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/certificateTemplates/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/certificateTemplates/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsOperationsResource {
final commons.ApiRequester _requester;
ProjectsLocationsOperationsResource(commons.ApiRequester client)
: _requester = client;
/// Starts asynchronous cancellation on a long-running operation.
///
/// The server makes a best effort to cancel the operation, but success is not
/// guaranteed. If the server doesn't support this method, it returns
/// `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation
/// or other methods to check whether the cancellation succeeded or whether
/// the operation completed despite cancellation. On successful cancellation,
/// the operation is not deleted; instead, it becomes an operation with an
/// Operation.error value with a google.rpc.Status.code of `1`, corresponding
/// to `Code.CANCELLED`.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - The name of the operation resource to be cancelled.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/operations/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Empty].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Empty> cancel(
CancelOperationRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':cancel';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Empty.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Deletes a long-running operation.
///
/// This method indicates that the client is no longer interested in the
/// operation result. It does not cancel the operation. If the server doesn't
/// support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.
///
/// Request parameters:
///
/// [name] - The name of the operation resource to be deleted.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/operations/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Empty].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Empty> delete(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'DELETE',
queryParams: queryParams_,
);
return Empty.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Gets the latest state of a long-running operation.
///
/// Clients can use this method to poll the operation result at intervals as
/// recommended by the API service.
///
/// Request parameters:
///
/// [name] - The name of the operation resource.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/operations/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> get(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists operations that match the specified filter in the request.
///
/// If the server doesn't support this method, it returns `UNIMPLEMENTED`.
///
/// Request parameters:
///
/// [name] - The name of the operation's parent resource.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [filter] - The standard list filter.
///
/// [pageSize] - The standard list page size.
///
/// [pageToken] - The standard list page token.
///
/// [returnPartialSuccess] - When set to `true`, operations that are reachable
/// are returned as normal, and those that are unreachable are returned in the
/// ListOperationsResponse.unreachable field. This can only be `true` when
/// reading across collections. For example, when `parent` is set to
/// `"projects/example/locations/-"`. This field is not supported by default
/// and will result in an `UNIMPLEMENTED` error if set unless explicitly
/// documented otherwise in service or product specific documentation.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListOperationsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListOperationsResponse> list(
core.String name, {
core.String? filter,
core.int? pageSize,
core.String? pageToken,
core.bool? returnPartialSuccess,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'returnPartialSuccess': ?returnPartialSuccess == null
? null
: ['${returnPartialSuccess}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + '/operations';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListOperationsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
/// URLs where a CertificateAuthority will publish content.
class AccessUrls {
/// The URL where this CertificateAuthority's CA certificate is published.
///
/// This will only be set for CAs that have been activated.
core.String? caCertificateAccessUrl;
/// The URLs where this CertificateAuthority's CRLs are published.
///
/// This will only be set for CAs that have been activated.
core.List<core.String>? crlAccessUrls;
AccessUrls({this.caCertificateAccessUrl, this.crlAccessUrls});
AccessUrls.fromJson(core.Map json_)
: this(
caCertificateAccessUrl: json_['caCertificateAccessUrl'] as core.String?,
crlAccessUrls: (json_['crlAccessUrls'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final caCertificateAccessUrl = this.caCertificateAccessUrl;
final crlAccessUrls = this.crlAccessUrls;
return {
'caCertificateAccessUrl': ?caCertificateAccessUrl,
'crlAccessUrls': ?crlAccessUrls,
};
}
}
/// Request message for
/// CertificateAuthorityService.ActivateCertificateAuthority.
class ActivateCertificateAuthorityRequest {
/// The signed CA certificate issued from
/// FetchCertificateAuthorityCsrResponse.pem_csr.
///
/// Required.
core.String? pemCaCertificate;
/// An ID to identify requests.
///
/// Specify a unique request ID so that if you must retry your request, the
/// server will know to ignore the request if it has already been completed.
/// The server will guarantee that for at least 60 minutes since the first
/// request. For example, consider a situation where you make an initial
/// request and the request times out. If you make the request again with the
/// same request ID, the server can check if original operation with the same
/// request ID was received, and if so, will ignore the second request. This
/// prevents clients from accidentally creating duplicate commitments. The
/// request ID must be a valid UUID with the exception that zero UUID is not
/// supported (00000000-0000-0000-0000-000000000000).
///
/// Optional.
core.String? requestId;
/// Must include information about the issuer of 'pem_ca_certificate', and any
/// further issuers until the self-signed CA.
///
/// Required.
SubordinateConfig? subordinateConfig;
ActivateCertificateAuthorityRequest({
this.pemCaCertificate,
this.requestId,
this.subordinateConfig,
});
ActivateCertificateAuthorityRequest.fromJson(core.Map json_)
: this(
pemCaCertificate: json_['pemCaCertificate'] as core.String?,
requestId: json_['requestId'] as core.String?,
subordinateConfig: json_.containsKey('subordinateConfig')
? SubordinateConfig.fromJson(
json_['subordinateConfig']
as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final pemCaCertificate = this.pemCaCertificate;
final requestId = this.requestId;
final subordinateConfig = this.subordinateConfig;
return {
'pemCaCertificate': ?pemCaCertificate,
'requestId': ?requestId,
'subordinateConfig': ?subordinateConfig,
};
}
}
/// Describes a "type" of key that may be used in a Certificate issued from a
/// CaPool.
///
/// Note that a single AllowedKeyType may refer to either a fully-qualified key
/// algorithm, such as RSA 4096, or a family of key algorithms, such as any RSA
/// key.
class AllowedKeyType {
/// Represents an allowed Elliptic Curve key type.
EcKeyType? ellipticCurve;
/// Represents an allowed RSA key type.
RsaKeyType? rsa;
AllowedKeyType({this.ellipticCurve, this.rsa});
AllowedKeyType.fromJson(core.Map json_)
: this(
ellipticCurve: json_.containsKey('ellipticCurve')
? EcKeyType.fromJson(
json_['ellipticCurve'] as core.Map<core.String, core.dynamic>,
)
: null,
rsa: json_.containsKey('rsa')
? RsaKeyType.fromJson(
json_['rsa'] as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final ellipticCurve = this.ellipticCurve;
final rsa = this.rsa;
return {'ellipticCurve': ?ellipticCurve, 'rsa': ?rsa};
}
}
/// AttributeTypeAndValue specifies an attribute type and value.
///
/// It can use either a OID or enum value to specify the attribute type.
class AttributeTypeAndValue {
/// Object ID for an attribute type of an attribute and value pair.
ObjectId? objectId;
/// The attribute type of the attribute and value pair.
/// Possible string values are:
/// - "ATTRIBUTE_TYPE_UNSPECIFIED" : Attribute type is unspecified.
/// - "COMMON_NAME" : The "common name" of the subject.
/// - "COUNTRY_CODE" : The country code of the subject.
/// - "ORGANIZATION" : The organization of the subject.
/// - "ORGANIZATIONAL_UNIT" : The organizational unit of the subject.
/// - "LOCALITY" : The locality or city of the subject.
/// - "PROVINCE" : The province, territory, or regional state of the subject.
/// - "STREET_ADDRESS" : The street address of the subject.
/// - "POSTAL_CODE" : The postal code of the subject.
core.String? type;
/// The value for the attribute type.
core.String? value;
AttributeTypeAndValue({this.objectId, this.type, this.value});
AttributeTypeAndValue.fromJson(core.Map json_)
: this(
objectId: json_.containsKey('objectId')
? ObjectId.fromJson(
json_['objectId'] as core.Map<core.String, core.dynamic>,
)
: null,
type: json_['type'] as core.String?,
value: json_['value'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final objectId = this.objectId;
final type = this.type;
final value = this.value;
return {'objectId': ?objectId, 'type': ?type, 'value': ?value};
}
}
/// Specifies the audit configuration for a service.
///
/// The configuration determines which permission types are logged, and what
/// identities, if any, are exempted from logging. An AuditConfig must have one
/// or more AuditLogConfigs. If there are AuditConfigs for both `allServices`
/// and a specific service, the union of the two AuditConfigs is used for that
/// service: the log_types specified in each AuditConfig are enabled, and the
/// exempted_members in each AuditLogConfig are exempted. Example Policy with
/// multiple AuditConfigs: { "audit_configs": \[ { "service": "allServices",
/// "audit_log_configs": \[ { "log_type": "DATA_READ", "exempted_members": \[
/// "user:jose@example.com" \] }, { "log_type": "DATA_WRITE" }, { "log_type":
/// "ADMIN_READ" } \] }, { "service": "sampleservice.googleapis.com",
/// "audit_log_configs": \[ { "log_type": "DATA_READ" }, { "log_type":
/// "DATA_WRITE", "exempted_members": \[ "user:aliya@example.com" \] } \] } \] }
/// For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
/// logging. It also exempts `jose@example.com` from DATA_READ logging, and
/// `aliya@example.com` from DATA_WRITE logging.
class AuditConfig {
/// The configuration for logging of each type of permission.
core.List<AuditLogConfig>? auditLogConfigs;
/// Specifies a service that will be enabled for audit logging.
///
/// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
/// `allServices` is a special value that covers all services.
core.String? service;
AuditConfig({this.auditLogConfigs, this.service});
AuditConfig.fromJson(core.Map json_)
: this(
auditLogConfigs: (json_['auditLogConfigs'] as core.List?)
?.map(
(value) => AuditLogConfig.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
service: json_['service'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final auditLogConfigs = this.auditLogConfigs;
final service = this.service;
return {'auditLogConfigs': ?auditLogConfigs, 'service': ?service};
}
}
/// Provides the configuration for logging a type of permissions.
///
/// Example: { "audit_log_configs": \[ { "log_type": "DATA_READ",
/// "exempted_members": \[ "user:jose@example.com" \] }, { "log_type":
/// "DATA_WRITE" } \] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while
/// exempting jose@example.com from DATA_READ logging.
typedef AuditLogConfig = $AuditLogConfig;
/// Associates `members`, or principals, with a `role`.
class Binding {
/// The condition that is associated with this binding.
///
/// If the condition evaluates to `true`, then this binding applies to the
/// current request. If the condition evaluates to `false`, then this binding
/// does not apply to the current request. However, a different role binding
/// might grant the same role to one or more of the principals in this
/// binding. To learn which resources support conditions in their IAM
/// policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Expr? condition;
/// Specifies the principals requesting access for a Google Cloud resource.
///
/// `members` can have the following values: * `allUsers`: A special
/// identifier that represents anyone who is on the internet; with or without
/// a Google account. * `allAuthenticatedUsers`: A special identifier that
/// represents anyone who is authenticated with a Google account or a service
/// account. Does not include identities that come from external identity
/// providers (IdPs) through identity federation. * `user:{emailid}`: An email
/// address that represents a specific Google account. For example,
/// `alice@example.com` . * `serviceAccount:{emailid}`: An email address that
/// represents a Google service account. For example,
/// `my-other-app@appspot.gserviceaccount.com`. *
/// `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An
/// identifier for a
/// [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
/// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
/// `group:{emailid}`: An email address that represents a Google group. For
/// example, `admins@example.com`. * `domain:{domain}`: The G Suite domain
/// (primary) that represents all the users of that domain. For example,
/// `google.com` or `example.com`. *
/// `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
/// A single identity in a workforce identity pool. *
/// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
/// All workforce identities in a group. *
/// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
/// All workforce identities with a specific attribute value. *
/// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}
/// / * `: All identities in a workforce identity pool. *
/// `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`:
/// A single identity in a workload identity pool. *
/// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`:
/// A workload identity pool group. *
/// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
/// All identities in a workload identity pool with a certain attribute. *
/// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}
/// / * `: All identities in a workload identity pool. *
/// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
/// identifier) representing a user that has been recently deleted. For
/// example, `alice@example.com?uid=123456789012345678901`. If the user is
/// recovered, this value reverts to `user:{emailid}` and the recovered user
/// retains the role in the binding. *
/// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
/// unique identifier) representing a service account that has been recently
/// deleted. For example,
/// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If
/// the service account is undeleted, this value reverts to
/// `serviceAccount:{emailid}` and the undeleted service account retains the
/// role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email
/// address (plus unique identifier) representing a Google group that has been
/// recently deleted. For example,
/// `admins@example.com?uid=123456789012345678901`. If the group is recovered,
/// this value reverts to `group:{emailid}` and the recovered group retains
/// the role in the binding. *
/// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
/// Deleted single identity in a workforce identity pool. For example,
/// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
core.List<core.String>? members;
/// Role that is assigned to the list of `members`, or principals.
///
/// For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an
/// overview of the IAM roles and permissions, see the
/// [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For
/// a list of the available pre-defined roles, see
/// [here](https://cloud.google.com/iam/docs/understanding-roles).
core.String? role;
Binding({this.condition, this.members, this.role});
Binding.fromJson(core.Map json_)
: this(
condition: json_.containsKey('condition')
? Expr.fromJson(
json_['condition'] as core.Map<core.String, core.dynamic>,
)
: null,
members: (json_['members'] as core.List?)
?.map((value) => value as core.String)
.toList(),
role: json_['role'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final condition = this.condition;
final members = this.members;
final role = this.role;
return {'condition': ?condition, 'members': ?members, 'role': ?role};
}
}
/// Describes the X.509 basic constraints extension, per
/// [RFC 5280 section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9)
class CaOptions {
/// Refers to the "CA" boolean field in the X.509 extension.
///
/// When this value is missing, the basic constraints extension will be
/// omitted from the certificate.
///
/// Optional.
core.bool? isCa;
/// Refers to the path length constraint field in the X.509 extension.
///
/// For a CA certificate, this value describes the depth of subordinate CA
/// certificates that are allowed. If this value is less than 0, the request
/// will fail. If this value is missing, the max path length will be omitted
/// from the certificate.
///
/// Optional.
core.int? maxIssuerPathLength;
CaOptions({this.isCa, this.maxIssuerPathLength});
CaOptions.fromJson(core.Map json_)
: this(
isCa: json_['isCa'] as core.bool?,
maxIssuerPathLength: json_['maxIssuerPathLength'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final isCa = this.isCa;
final maxIssuerPathLength = this.maxIssuerPathLength;
return {'isCa': ?isCa, 'maxIssuerPathLength': ?maxIssuerPathLength};
}
}
/// A CaPool represents a group of CertificateAuthorities that form a trust
/// anchor.
///
/// A CaPool can be used to manage issuance policies for one or more
/// CertificateAuthority resources and to rotate CA certificates in and out of
/// the trust anchor.
class CaPool {
/// When EncryptionSpec is provided, the Subject, SubjectAltNames, and the
/// PEM-encoded certificate fields will be encrypted at rest.
///
/// Optional.
EncryptionSpec? encryptionSpec;
/// The IssuancePolicy to control how Certificates will be issued from this
/// CaPool.
///
/// Optional.
IssuancePolicy? issuancePolicy;
/// Labels with user-defined metadata.
///
/// Optional.
core.Map<core.String, core.String>? labels;
/// Identifier.
///
/// The resource name for this CaPool in the format `projects / * /locations /
/// * /caPools / * `.
core.String? name;
/// The PublishingOptions to follow when issuing Certificates from any
/// CertificateAuthority in this CaPool.
///
/// Optional.
PublishingOptions? publishingOptions;
/// The Tier of this CaPool.
///
/// Required. Immutable.
/// Possible string values are:
/// - "TIER_UNSPECIFIED" : Not specified.
/// - "ENTERPRISE" : Enterprise tier.
/// - "DEVOPS" : DevOps tier.
core.String? tier;
CaPool({
this.encryptionSpec,
this.issuancePolicy,
this.labels,
this.name,
this.publishingOptions,
this.tier,
});
CaPool.fromJson(core.Map json_)
: this(
encryptionSpec: json_.containsKey('encryptionSpec')
? EncryptionSpec.fromJson(
json_['encryptionSpec'] as core.Map<core.String, core.dynamic>,
)
: null,
issuancePolicy: json_.containsKey('issuancePolicy')
? IssuancePolicy.fromJson(
json_['issuancePolicy'] as core.Map<core.String, core.dynamic>,
)
: null,
labels: (json_['labels'] as core.Map<core.String, core.dynamic>?)?.map(
(key, value) => core.MapEntry(key, value as core.String),
),
name: json_['name'] as core.String?,
publishingOptions: json_.containsKey('publishingOptions')
? PublishingOptions.fromJson(
json_['publishingOptions']
as core.Map<core.String, core.dynamic>,
)
: null,
tier: json_['tier'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final encryptionSpec = this.encryptionSpec;
final issuancePolicy = this.issuancePolicy;
final labels = this.labels;
final name = this.name;
final publishingOptions = this.publishingOptions;
final tier = this.tier;
return {
'encryptionSpec': ?encryptionSpec,
'issuancePolicy': ?issuancePolicy,
'labels': ?labels,
'name': ?name,
'publishingOptions': ?publishingOptions,
'tier': ?tier,
};
}
}
/// The request message for Operations.CancelOperation.
typedef CancelOperationRequest = $Empty;
typedef CertChain = $CertChain;
/// A Certificate corresponds to a signed X.509 certificate issued by a
/// CertificateAuthority.
class Certificate {
/// A structured description of the issued X.509 certificate.
///
/// Output only.
CertificateDescription? certificateDescription;
/// The resource name for a CertificateTemplate used to issue this
/// certificate, in the format `projects / * /locations / *
/// /certificateTemplates / * `.
///
/// If this is specified, the caller must have the necessary permission to use
/// this template. If this is omitted, no template will be used. This template
/// must be in the same location as the Certificate.
///
/// Immutable.
core.String? certificateTemplate;
/// A description of the certificate and key that does not require X.509 or
/// ASN.1.
///
/// Immutable.
CertificateConfig? config;
/// The time at which this Certificate was created.
///
/// Output only.
core.String? createTime;
/// The resource name of the issuing CertificateAuthority in the format
/// `projects / * /locations / * /caPools / * /certificateAuthorities / * `.
///
/// Output only.
core.String? issuerCertificateAuthority;
/// Labels with user-defined metadata.
///
/// Optional.
core.Map<core.String, core.String>? labels;
/// The desired lifetime of a certificate.
///
/// Used to create the "not_before_time" and "not_after_time" fields inside an
/// X.509 certificate. Note that the lifetime may be truncated if it would
/// extend past the life of any certificate authority in the issuing chain.
///
/// Required. Immutable.
core.String? lifetime;
/// Identifier.
///
/// The resource name for this Certificate in the format `projects / *
/// /locations / * /caPools / * /certificates / * `.
core.String? name;
/// The pem-encoded, signed X.509 certificate.
///
/// Output only.
core.String? pemCertificate;
/// The chain that may be used to verify the X.509 certificate.
///
/// Expected to be in issuer-to-root order according to RFC 5246.
///
/// Output only.
core.List<core.String>? pemCertificateChain;
/// A pem-encoded X.509 certificate signing request (CSR).
///
/// Immutable.
core.String? pemCsr;
/// Details regarding the revocation of this Certificate.
///
/// This Certificate is considered revoked if and only if this field is
/// present.
///
/// Output only.
RevocationDetails? revocationDetails;
/// Specifies how the Certificate's identity fields are to be decided.
///
/// If this is omitted, the `DEFAULT` subject mode will be used.
///
/// Immutable.
/// Possible string values are:
/// - "SUBJECT_REQUEST_MODE_UNSPECIFIED" : Not specified.
/// - "DEFAULT" : The default mode used in most cases. Indicates that the
/// certificate's Subject and/or SubjectAltNames are specified in the
/// certificate request. This mode requires the caller to have the
/// `privateca.certificates.create` permission.
/// - "RDN_SEQUENCE" : A mode used to get an accurate representation of the
/// Subject field's distinguished name. Indicates that the certificate's
/// Subject and/or SubjectAltNames are specified in the certificate request.
/// When parsing a PEM CSR this mode will maintain the sequence of RDNs found
/// in the CSR's subject field in the issued Certificate. This mode requires
/// the caller to have the `privateca.certificates.create` permission.
/// - "REFLECTED_SPIFFE" : A mode reserved for special cases. Indicates that
/// the certificate should have one SPIFFE SubjectAltNames set by the service
/// based on the caller's identity. This mode will ignore any explicitly
/// specified Subject and/or SubjectAltNames in the certificate request. This
/// mode requires the caller to have the
/// `privateca.certificates.createForSelf` permission.
core.String? subjectMode;
/// The time at which this Certificate was updated.
///
/// Output only.
core.String? updateTime;
Certificate({
this.certificateDescription,
this.certificateTemplate,
this.config,
this.createTime,
this.issuerCertificateAuthority,
this.labels,
this.lifetime,
this.name,
this.pemCertificate,
this.pemCertificateChain,
this.pemCsr,
this.revocationDetails,
this.subjectMode,
this.updateTime,
});
Certificate.fromJson(core.Map json_)
: this(
certificateDescription: json_.containsKey('certificateDescription')
? CertificateDescription.fromJson(
json_['certificateDescription']
as core.Map<core.String, core.dynamic>,
)
: null,
certificateTemplate: json_['certificateTemplate'] as core.String?,
config: json_.containsKey('config')
? CertificateConfig.fromJson(
json_['config'] as core.Map<core.String, core.dynamic>,
)
: null,
createTime: json_['createTime'] as core.String?,
issuerCertificateAuthority:
json_['issuerCertificateAuthority'] as core.String?,
labels: (json_['labels'] as core.Map<core.String, core.dynamic>?)?.map(
(key, value) => core.MapEntry(key, value as core.String),
),
lifetime: json_['lifetime'] as core.String?,
name: json_['name'] as core.String?,
pemCertificate: json_['pemCertificate'] as core.String?,
pemCertificateChain: (json_['pemCertificateChain'] as core.List?)
?.map((value) => value as core.String)
.toList(),
pemCsr: json_['pemCsr'] as core.String?,
revocationDetails: json_.containsKey('revocationDetails')
? RevocationDetails.fromJson(
json_['revocationDetails']
as core.Map<core.String, core.dynamic>,
)
: null,
subjectMode: json_['subjectMode'] as core.String?,
updateTime: json_['updateTime'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final certificateDescription = this.certificateDescription;
final certificateTemplate = this.certificateTemplate;
final config = this.config;
final createTime = this.createTime;
final issuerCertificateAuthority = this.issuerCertificateAuthority;
final labels = this.labels;
final lifetime = this.lifetime;
final name = this.name;
final pemCertificate = this.pemCertificate;
final pemCertificateChain = this.pemCertificateChain;
final pemCsr = this.pemCsr;
final revocationDetails = this.revocationDetails;
final subjectMode = this.subjectMode;
final updateTime = this.updateTime;
return {
'certificateDescription': ?certificateDescription,
'certificateTemplate': ?certificateTemplate,
'config': ?config,
'createTime': ?createTime,
'issuerCertificateAuthority': ?issuerCertificateAuthority,
'labels': ?labels,
'lifetime': ?lifetime,
'name': ?name,
'pemCertificate': ?pemCertificate,
'pemCertificateChain': ?pemCertificateChain,
'pemCsr': ?pemCsr,
'revocationDetails': ?revocationDetails,
'subjectMode': ?subjectMode,
'updateTime': ?updateTime,
};
}
}
/// A CertificateAuthority represents an individual Certificate Authority.
///
/// A CertificateAuthority can be used to create Certificates.
class CertificateAuthority {
/// URLs for accessing content published by this CA, such as the CA
/// certificate and CRLs.
///
/// Output only.
AccessUrls? accessUrls;
/// A structured description of this CertificateAuthority's CA certificate and
/// its issuers.
///
/// Ordered as self-to-root.
///
/// Output only.
core.List<CertificateDescription>? caCertificateDescriptions;
/// The config used to create a self-signed X.509 certificate or CSR.
///
/// Required. Immutable.
CertificateConfig? config;
/// The time at which this CertificateAuthority was created.
///
/// Output only.
core.String? createTime;
/// The time at which this CertificateAuthority was soft deleted, if it is in
/// the DELETED state.
///
/// Output only.
core.String? deleteTime;
/// The time at which this CertificateAuthority will be permanently purged, if
/// it is in the DELETED state.
///
/// Output only.
core.String? expireTime;
/// The name of a Cloud Storage bucket where this CertificateAuthority will
/// publish content, such as the CA certificate and CRLs.
///
/// This must be a bucket name, without any prefixes (such as `gs://`) or
/// suffixes (such as `.googleapis.com`). For example, to use a bucket named
/// `my-bucket`, you would simply specify `my-bucket`. If not specified, a
/// managed bucket will be created.
///
/// Immutable.
core.String? gcsBucket;
/// Used when issuing certificates for this CertificateAuthority.
///
/// If this CertificateAuthority is a self-signed CertificateAuthority, this
/// key is also used to sign the self-signed CA certificate. Otherwise, it is
/// used to sign a CSR.
///
/// Required. Immutable.
KeyVersionSpec? keySpec;
/// Labels with user-defined metadata.
///
/// Optional.
core.Map<core.String, core.String>? labels;
/// The desired lifetime of the CA certificate.
///
/// Used to create the "not_before_time" and "not_after_time" fields inside an
/// X.509 certificate.
///
/// Required. Immutable.
core.String? lifetime;
/// Identifier.
///
/// The resource name for this CertificateAuthority in the format `projects /
/// * /locations / * /caPools / * /certificateAuthorities / * `.
core.String? name;
/// This CertificateAuthority's certificate chain, including the current
/// CertificateAuthority's certificate.
///
/// Ordered such that the root issuer is the final element (consistent with
/// RFC 5246). For a self-signed CA, this will only list the current
/// CertificateAuthority's certificate.
///
/// Output only.
core.List<core.String>? pemCaCertificates;
/// Reserved for future use.
///
/// Output only.
core.bool? satisfiesPzi;
/// Reserved for future use.
///
/// Output only.
core.bool? satisfiesPzs;
/// The State for this CertificateAuthority.
///
/// Output only.
/// Possible string values are:
/// - "STATE_UNSPECIFIED" : Not specified.
/// - "ENABLED" : Certificates can be issued from this CA. CRLs will be
/// generated for this CA. The CA will be part of the CaPool's trust anchor,
/// and will be used to issue certificates from the CaPool.
/// - "DISABLED" : Certificates cannot be issued from this CA. CRLs will still
/// be generated. The CA will be part of the CaPool's trust anchor, but will
/// not be used to issue certificates from the CaPool.
/// - "STAGED" : Certificates can be issued from this CA. CRLs will be
/// generated for this CA. The CA will be part of the CaPool's trust anchor,
/// but will not be used to issue certificates from the CaPool.
/// - "AWAITING_USER_ACTIVATION" : Certificates cannot be issued from this CA.
/// CRLs will not be generated. The CA will not be part of the CaPool's trust
/// anchor, and will not be used to issue certificates from the CaPool.
/// - "DELETED" : Certificates cannot be issued from this CA. CRLs will not be
/// generated. The CA may still be recovered by calling
/// CertificateAuthorityService.UndeleteCertificateAuthority before
/// expire_time. The CA will not be part of the CaPool's trust anchor, and
/// will not be used to issue certificates from the CaPool.
core.String? state;
/// If this is a subordinate CertificateAuthority, this field will be set with
/// the subordinate configuration, which describes its issuers.
///
/// This may be updated, but this CertificateAuthority must continue to
/// validate.
///
/// Optional.
SubordinateConfig? subordinateConfig;
/// The CaPool.Tier of the CaPool that includes this CertificateAuthority.
///
/// Output only.
/// Possible string values are:
/// - "TIER_UNSPECIFIED" : Not specified.
/// - "ENTERPRISE" : Enterprise tier.
/// - "DEVOPS" : DevOps tier.
core.String? tier;
/// The Type of this CertificateAuthority.
///
/// Required. Immutable.
/// Possible string values are:
/// - "TYPE_UNSPECIFIED" : Not specified.
/// - "SELF_SIGNED" : Self-signed CA.
/// - "SUBORDINATE" : Subordinate CA. Could be issued by a Private CA
/// CertificateAuthority or an unmanaged CA.
core.String? type;
/// The time at which this CertificateAuthority was last updated.
///
/// Output only.
core.String? updateTime;
/// User-defined URLs for CA certificate and CRLs.
///
/// The service does not publish content to these URLs. It is up to the user
/// to mirror content to these URLs.
///
/// Optional.
UserDefinedAccessUrls? userDefinedAccessUrls;
CertificateAuthority({
this.accessUrls,
this.caCertificateDescriptions,
this.config,
this.createTime,
this.deleteTime,
this.expireTime,
this.gcsBucket,
this.keySpec,
this.labels,
this.lifetime,
this.name,
this.pemCaCertificates,
this.satisfiesPzi,
this.satisfiesPzs,
this.state,
this.subordinateConfig,
this.tier,
this.type,
this.updateTime,
this.userDefinedAccessUrls,
});
CertificateAuthority.fromJson(core.Map json_)
: this(
accessUrls: json_.containsKey('accessUrls')
? AccessUrls.fromJson(
json_['accessUrls'] as core.Map<core.String, core.dynamic>,
)
: null,
caCertificateDescriptions:
(json_['caCertificateDescriptions'] as core.List?)
?.map(
(value) => CertificateDescription.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
config: json_.containsKey('config')
? CertificateConfig.fromJson(
json_['config'] as core.Map<core.String, core.dynamic>,
)
: null,
createTime: json_['createTime'] as core.String?,
deleteTime: json_['deleteTime'] as core.String?,
expireTime: json_['expireTime'] as core.String?,
gcsBucket: json_['gcsBucket'] as core.String?,
keySpec: json_.containsKey('keySpec')
? KeyVersionSpec.fromJson(
json_['keySpec'] as core.Map<core.String, core.dynamic>,
)
: null,
labels: (json_['labels'] as core.Map<core.String, core.dynamic>?)?.map(
(key, value) => core.MapEntry(key, value as core.String),
),
lifetime: json_['lifetime'] as core.String?,
name: json_['name'] as core.String?,
pemCaCertificates: (json_['pemCaCertificates'] as core.List?)
?.map((value) => value as core.String)
.toList(),
satisfiesPzi: json_['satisfiesPzi'] as core.bool?,
satisfiesPzs: json_['satisfiesPzs'] as core.bool?,
state: json_['state'] as core.String?,
subordinateConfig: json_.containsKey('subordinateConfig')
? SubordinateConfig.fromJson(
json_['subordinateConfig']
as core.Map<core.String, core.dynamic>,
)
: null,
tier: json_['tier'] as core.String?,
type: json_['type'] as core.String?,
updateTime: json_['updateTime'] as core.String?,
userDefinedAccessUrls: json_.containsKey('userDefinedAccessUrls')
? UserDefinedAccessUrls.fromJson(
json_['userDefinedAccessUrls']
as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final accessUrls = this.accessUrls;
final caCertificateDescriptions = this.caCertificateDescriptions;
final config = this.config;
final createTime = this.createTime;
final deleteTime = this.deleteTime;
final expireTime = this.expireTime;
final gcsBucket = this.gcsBucket;
final keySpec = this.keySpec;
final labels = this.labels;
final lifetime = this.lifetime;
final name = this.name;
final pemCaCertificates = this.pemCaCertificates;
final satisfiesPzi = this.satisfiesPzi;
final satisfiesPzs = this.satisfiesPzs;
final state = this.state;
final subordinateConfig = this.subordinateConfig;
final tier = this.tier;
final type = this.type;
final updateTime = this.updateTime;
final userDefinedAccessUrls = this.userDefinedAccessUrls;
return {
'accessUrls': ?accessUrls,
'caCertificateDescriptions': ?caCertificateDescriptions,
'config': ?config,
'createTime': ?createTime,
'deleteTime': ?deleteTime,
'expireTime': ?expireTime,
'gcsBucket': ?gcsBucket,
'keySpec': ?keySpec,
'labels': ?labels,
'lifetime': ?lifetime,
'name': ?name,
'pemCaCertificates': ?pemCaCertificates,
'satisfiesPzi': ?satisfiesPzi,
'satisfiesPzs': ?satisfiesPzs,
'state': ?state,
'subordinateConfig': ?subordinateConfig,
'tier': ?tier,
'type': ?type,
'updateTime': ?updateTime,
'userDefinedAccessUrls': ?userDefinedAccessUrls,
};
}
}
/// A CertificateConfig describes an X.509 certificate or CSR that is to be
/// created, as an alternative to using ASN.1.
class CertificateConfig {
/// The public key that corresponds to this config.
///
/// This is, for example, used when issuing Certificates, but not when
/// creating a self-signed CertificateAuthority or CertificateAuthority CSR.
///
/// Optional.
PublicKey? publicKey;
/// Specifies some of the values in a certificate that are related to the
/// subject.
///
/// Required.
SubjectConfig? subjectConfig;
/// When specified this provides a custom SKI to be used in the certificate.
///
/// This should only be used to maintain a SKI of an existing CA originally
/// created outside CA service, which was not generated using method (1)
/// described in RFC 5280 section 4.2.1.2.
///
/// Optional.
CertificateConfigKeyId? subjectKeyId;
/// Describes how some of the technical X.509 fields in a certificate should
/// be populated.
///
/// Required.
X509Parameters? x509Config;
CertificateConfig({
this.publicKey,
this.subjectConfig,
this.subjectKeyId,
this.x509Config,
});
CertificateConfig.fromJson(core.Map json_)
: this(
publicKey: json_.containsKey('publicKey')
? PublicKey.fromJson(
json_['publicKey'] as core.Map<core.String, core.dynamic>,
)
: null,
subjectConfig: json_.containsKey('subjectConfig')
? SubjectConfig.fromJson(
json_['subjectConfig'] as core.Map<core.String, core.dynamic>,
)
: null,
subjectKeyId: json_.containsKey('subjectKeyId')
? CertificateConfigKeyId.fromJson(
json_['subjectKeyId'] as core.Map<core.String, core.dynamic>,
)
: null,
x509Config: json_.containsKey('x509Config')
? X509Parameters.fromJson(
json_['x509Config'] as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final publicKey = this.publicKey;
final subjectConfig = this.subjectConfig;
final subjectKeyId = this.subjectKeyId;
final x509Config = this.x509Config;
return {
'publicKey': ?publicKey,
'subjectConfig': ?subjectConfig,
'subjectKeyId': ?subjectKeyId,
'x509Config': ?x509Config,
};
}
}
/// A KeyId identifies a specific public key, usually by hashing the public key.
class CertificateConfigKeyId {
/// The value of this KeyId encoded in lowercase hexadecimal.
///
/// This is most likely the 160 bit SHA-1 hash of the public key.
///
/// Required.
core.String? keyId;
CertificateConfigKeyId({this.keyId});
CertificateConfigKeyId.fromJson(core.Map json_)
: this(keyId: json_['keyId'] as core.String?);
core.Map<core.String, core.dynamic> toJson() {
final keyId = this.keyId;
return {'keyId': ?keyId};
}
}
/// A CertificateDescription describes an X.509 certificate or CSR that has been
/// issued, as an alternative to using ASN.1 / X.509.
class CertificateDescription {
/// Describes lists of issuer CA certificate URLs that appear in the
/// "Authority Information Access" extension in the certificate.
core.List<core.String>? aiaIssuingCertificateUrls;
/// Identifies the subject_key_id of the parent certificate, per
/// https://tools.ietf.org/html/rfc5280#section-4.2.1.1
KeyId? authorityKeyId;
/// The hash of the x.509 certificate.
CertificateFingerprint? certFingerprint;
/// Describes a list of locations to obtain CRL information, i.e. the
/// DistributionPoint.fullName described by
/// https://tools.ietf.org/html/rfc5280#section-4.2.1.13
core.List<core.String>? crlDistributionPoints;
/// The public key that corresponds to an issued certificate.
PublicKey? publicKey;
/// Describes some of the values in a certificate that are related to the
/// subject and lifetime.
SubjectDescription? subjectDescription;
/// Provides a means of identifiying certificates that contain a particular
/// public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
KeyId? subjectKeyId;
/// The hash of the pre-signed certificate, which will be signed by the CA.
///
/// Corresponds to the TBS Certificate in
/// https://tools.ietf.org/html/rfc5280#section-4.1.2. The field will always
/// be populated.
core.String? tbsCertificateDigest;
/// Describes some of the technical X.509 fields in a certificate.
X509Parameters? x509Description;
CertificateDescription({
this.aiaIssuingCertificateUrls,
this.authorityKeyId,
this.certFingerprint,
this.crlDistributionPoints,
this.publicKey,
this.subjectDescription,
this.subjectKeyId,
this.tbsCertificateDigest,
this.x509Description,
});
CertificateDescription.fromJson(core.Map json_)
: this(
aiaIssuingCertificateUrls:
(json_['aiaIssuingCertificateUrls'] as core.List?)
?.map((value) => value as core.String)
.toList(),
authorityKeyId: json_.containsKey('authorityKeyId')
? KeyId.fromJson(
json_['authorityKeyId'] as core.Map<core.String, core.dynamic>,
)
: null,
certFingerprint: json_.containsKey('certFingerprint')
? CertificateFingerprint.fromJson(
json_['certFingerprint'] as core.Map<core.String, core.dynamic>,
)
: null,
crlDistributionPoints: (json_['crlDistributionPoints'] as core.List?)
?.map((value) => value as core.String)
.toList(),
publicKey: json_.containsKey('publicKey')
? PublicKey.fromJson(
json_['publicKey'] as core.Map<core.String, core.dynamic>,
)
: null,
subjectDescription: json_.containsKey('subjectDescription')
? SubjectDescription.fromJson(
json_['subjectDescription']
as core.Map<core.String, core.dynamic>,
)
: null,
subjectKeyId: json_.containsKey('subjectKeyId')
? KeyId.fromJson(
json_['subjectKeyId'] as core.Map<core.String, core.dynamic>,
)
: null,
tbsCertificateDigest: json_['tbsCertificateDigest'] as core.String?,
x509Description: json_.containsKey('x509Description')
? X509Parameters.fromJson(
json_['x509Description'] as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final aiaIssuingCertificateUrls = this.aiaIssuingCertificateUrls;
final authorityKeyId = this.authorityKeyId;
final certFingerprint = this.certFingerprint;
final crlDistributionPoints = this.crlDistributionPoints;
final publicKey = this.publicKey;
final subjectDescription = this.subjectDescription;
final subjectKeyId = this.subjectKeyId;
final tbsCertificateDigest = this.tbsCertificateDigest;
final x509Description = this.x509Description;
return {
'aiaIssuingCertificateUrls': ?aiaIssuingCertificateUrls,
'authorityKeyId': ?authorityKeyId,
'certFingerprint': ?certFingerprint,
'crlDistributionPoints': ?crlDistributionPoints,
'publicKey': ?publicKey,
'subjectDescription': ?subjectDescription,
'subjectKeyId': ?subjectKeyId,
'tbsCertificateDigest': ?tbsCertificateDigest,
'x509Description': ?x509Description,
};
}
}
/// Describes a set of X.509 extensions that may be part of some certificate
/// issuance controls.
class CertificateExtensionConstraints {
/// A set of ObjectIds identifying custom X.509 extensions.
///
/// Will be combined with known_extensions to determine the full set of X.509
/// extensions.
///
/// Optional.
core.List<ObjectId>? additionalExtensions;
/// A set of named X.509 extensions.
///
/// Will be combined with additional_extensions to determine the full set of
/// X.509 extensions.
///
/// Optional.
core.List<core.String>? knownExtensions;
CertificateExtensionConstraints({
this.additionalExtensions,
this.knownExtensions,
});
CertificateExtensionConstraints.fromJson(core.Map json_)
: this(
additionalExtensions: (json_['additionalExtensions'] as core.List?)
?.map(
(value) => ObjectId.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
knownExtensions: (json_['knownExtensions'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final additionalExtensions = this.additionalExtensions;
final knownExtensions = this.knownExtensions;
return {
'additionalExtensions': ?additionalExtensions,
'knownExtensions': ?knownExtensions,
};
}
}
/// A group of fingerprints for the x509 certificate.
class CertificateFingerprint {
/// The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
core.String? sha256Hash;
CertificateFingerprint({this.sha256Hash});
CertificateFingerprint.fromJson(core.Map json_)
: this(sha256Hash: json_['sha256Hash'] as core.String?);
core.Map<core.String, core.dynamic> toJson() {
final sha256Hash = this.sha256Hash;
return {'sha256Hash': ?sha256Hash};
}
}
/// Describes constraints on a Certificate's Subject and SubjectAltNames.
class CertificateIdentityConstraints {
/// If this is true, the SubjectAltNames extension may be copied from a
/// certificate request into the signed certificate.
///
/// Otherwise, the requested SubjectAltNames will be discarded.
///
/// Required.
core.bool? allowSubjectAltNamesPassthrough;
/// If this is true, the Subject field may be copied from a certificate
/// request into the signed certificate.
///
/// Otherwise, the requested Subject will be discarded.
///
/// Required.
core.bool? allowSubjectPassthrough;
/// A CEL expression that may be used to validate the resolved X.509 Subject
/// and/or Subject Alternative Name before a certificate is signed.
///
/// To see the full allowed syntax and some examples, see
/// https://cloud.google.com/certificate-authority-service/docs/using-cel
///
/// Optional.
Expr? celExpression;
CertificateIdentityConstraints({
this.allowSubjectAltNamesPassthrough,
this.allowSubjectPassthrough,
this.celExpression,
});
CertificateIdentityConstraints.fromJson(core.Map json_)
: this(
allowSubjectAltNamesPassthrough:
json_['allowSubjectAltNamesPassthrough'] as core.bool?,
allowSubjectPassthrough: json_['allowSubjectPassthrough'] as core.bool?,
celExpression: json_.containsKey('celExpression')
? Expr.fromJson(
json_['celExpression'] as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final allowSubjectAltNamesPassthrough =
this.allowSubjectAltNamesPassthrough;
final allowSubjectPassthrough = this.allowSubjectPassthrough;
final celExpression = this.celExpression;
return {
'allowSubjectAltNamesPassthrough': ?allowSubjectAltNamesPassthrough,
'allowSubjectPassthrough': ?allowSubjectPassthrough,
'celExpression': ?celExpression,
};
}
}
/// A CertificateRevocationList corresponds to a signed X.509 certificate
/// Revocation List (CRL).
///
/// A CRL contains the serial numbers of certificates that should no longer be
/// trusted.
class CertificateRevocationList {
/// The location where 'pem_crl' can be accessed.
///
/// Output only.
core.String? accessUrl;
/// The time at which this CertificateRevocationList was created.
///
/// Output only.
core.String? createTime;
/// Labels with user-defined metadata.
///
/// Optional.
core.Map<core.String, core.String>? labels;
/// Identifier.
///
/// The resource name for this CertificateRevocationList in the format
/// `projects / * /locations / * /caPools / * certificateAuthorities / * /
/// certificateRevocationLists / * `.
core.String? name;
/// The PEM-encoded X.509 CRL.
///
/// Output only.
core.String? pemCrl;
/// The revision ID of this CertificateRevocationList.
///
/// A new revision is committed whenever a new CRL is published. The format is
/// an 8-character hexadecimal string.
///
/// Output only.
core.String? revisionId;
/// The revoked serial numbers that appear in pem_crl.
///
/// Output only.
core.List<RevokedCertificate>? revokedCertificates;
/// The CRL sequence number that appears in pem_crl.
///
/// Output only.
core.String? sequenceNumber;
/// The State for this CertificateRevocationList.
///
/// Output only.
/// Possible string values are:
/// - "STATE_UNSPECIFIED" : Not specified.
/// - "ACTIVE" : The CertificateRevocationList is up to date.
/// - "SUPERSEDED" : The CertificateRevocationList is no longer current.
core.String? state;
/// The time at which this CertificateRevocationList was updated.
///
/// Output only.
core.String? updateTime;
CertificateRevocationList({
this.accessUrl,
this.createTime,
this.labels,
this.name,
this.pemCrl,
this.revisionId,
this.revokedCertificates,
this.sequenceNumber,
this.state,
this.updateTime,
});
CertificateRevocationList.fromJson(core.Map json_)
: this(
accessUrl: json_['accessUrl'] as core.String?,
createTime: json_['createTime'] as core.String?,
labels: (json_['labels'] as core.Map<core.String, core.dynamic>?)?.map(
(key, value) => core.MapEntry(key, value as core.String),
),
name: json_['name'] as core.String?,
pemCrl: json_['pemCrl'] as core.String?,
revisionId: json_['revisionId'] as core.String?,
revokedCertificates: (json_['revokedCertificates'] as core.List?)
?.map(
(value) => RevokedCertificate.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
sequenceNumber: json_['sequenceNumber'] as core.String?,
state: json_['state'] as core.String?,
updateTime: json_['updateTime'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final accessUrl = this.accessUrl;
final createTime = this.createTime;
final labels = this.labels;
final name = this.name;
final pemCrl = this.pemCrl;
final revisionId = this.revisionId;
final revokedCertificates = this.revokedCertificates;
final sequenceNumber = this.sequenceNumber;
final state = this.state;
final updateTime = this.updateTime;
return {
'accessUrl': ?accessUrl,
'createTime': ?createTime,
'labels': ?labels,
'name': ?name,
'pemCrl': ?pemCrl,
'revisionId': ?revisionId,
'revokedCertificates': ?revokedCertificates,
'sequenceNumber': ?sequenceNumber,
'state': ?state,
'updateTime': ?updateTime,
};
}
}
/// A CertificateTemplate refers to a managed template for certificate issuance.
class CertificateTemplate {
/// The time at which this CertificateTemplate was created.
///
/// Output only.
core.String? createTime;
/// A human-readable description of scenarios this template is intended for.
///
/// Optional.
core.String? description;
/// Describes constraints on identities that may be appear in Certificates
/// issued using this template.
///
/// If this is omitted, then this template will not add restrictions on a
/// certificate's identity.
///
/// Optional.
CertificateIdentityConstraints? identityConstraints;
/// Labels with user-defined metadata.
///
/// Optional.
core.Map<core.String, core.String>? labels;
/// The maximum lifetime allowed for issued Certificates that use this
/// template.
///
/// If the issuing CaPool resource's IssuancePolicy specifies a
/// maximum_lifetime the minimum of the two durations will be the maximum
/// lifetime for issued Certificates. Note that if the issuing
/// CertificateAuthority expires before a Certificate's requested
/// maximum_lifetime, the effective lifetime will be explicitly truncated to
/// match it.
///
/// Optional.
core.String? maximumLifetime;
/// Identifier.
///
/// The resource name for this CertificateTemplate in the format `projects / *
/// /locations / * /certificateTemplates / * `.
core.String? name;
/// Describes the set of X.509 extensions that may appear in a Certificate
/// issued using this CertificateTemplate.
///
/// If a certificate request sets extensions that don't appear in the
/// passthrough_extensions, those extensions will be dropped. If the issuing
/// CaPool's IssuancePolicy defines baseline_values that don't appear here,
/// the certificate issuance request will fail. If this is omitted, then this
/// template will not add restrictions on a certificate's X.509 extensions.
/// These constraints do not apply to X.509 extensions set in this
/// CertificateTemplate's predefined_values.
///
/// Optional.
CertificateExtensionConstraints? passthroughExtensions;
/// A set of X.509 values that will be applied to all issued certificates that
/// use this template.
///
/// If the certificate request includes conflicting values for the same
/// properties, they will be overwritten by the values defined here. If the
/// issuing CaPool's IssuancePolicy defines conflicting baseline_values for
/// the same properties, the certificate issuance request will fail.
///
/// Optional.
X509Parameters? predefinedValues;
/// The time at which this CertificateTemplate was updated.
///
/// Output only.
core.String? updateTime;
CertificateTemplate({
this.createTime,
this.description,
this.identityConstraints,
this.labels,
this.maximumLifetime,
this.name,
this.passthroughExtensions,
this.predefinedValues,
this.updateTime,
});
CertificateTemplate.fromJson(core.Map json_)
: this(
createTime: json_['createTime'] as core.String?,
description: json_['description'] as core.String?,
identityConstraints: json_.containsKey('identityConstraints')
? CertificateIdentityConstraints.fromJson(
json_['identityConstraints']
as core.Map<core.String, core.dynamic>,
)
: null,
labels: (json_['labels'] as core.Map<core.String, core.dynamic>?)?.map(
(key, value) => core.MapEntry(key, value as core.String),
),
maximumLifetime: json_['maximumLifetime'] as core.String?,
name: json_['name'] as core.String?,
passthroughExtensions: json_.containsKey('passthroughExtensions')
? CertificateExtensionConstraints.fromJson(
json_['passthroughExtensions']
as core.Map<core.String, core.dynamic>,
)
: null,
predefinedValues: json_.containsKey('predefinedValues')
? X509Parameters.fromJson(
json_['predefinedValues']
as core.Map<core.String, core.dynamic>,
)
: null,
updateTime: json_['updateTime'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final createTime = this.createTime;
final description = this.description;
final identityConstraints = this.identityConstraints;
final labels = this.labels;
final maximumLifetime = this.maximumLifetime;
final name = this.name;
final passthroughExtensions = this.passthroughExtensions;
final predefinedValues = this.predefinedValues;
final updateTime = this.updateTime;
return {
'createTime': ?createTime,
'description': ?description,
'identityConstraints': ?identityConstraints,
'labels': ?labels,
'maximumLifetime': ?maximumLifetime,
'name': ?name,
'passthroughExtensions': ?passthroughExtensions,
'predefinedValues': ?predefinedValues,
'updateTime': ?updateTime,
};
}
}
/// Request message for CertificateAuthorityService.DisableCertificateAuthority.
class DisableCertificateAuthorityRequest {
/// This field allows this CA to be disabled even if it's being depended on by
/// another resource.
///
/// However, doing so may result in unintended and unrecoverable effects on
/// any dependent resources since the CA will no longer be able to issue
/// certificates.
///
/// Optional.
core.bool? ignoreDependentResources;
/// An ID to identify requests.
///
/// Specify a unique request ID so that if you must retry your request, the
/// server will know to ignore the request if it has already been completed.
/// The server will guarantee that for at least 60 minutes since the first
/// request. For example, consider a situation where you make an initial
/// request and the request times out. If you make the request again with the
/// same request ID, the server can check if original operation with the same
/// request ID was received, and if so, will ignore the second request. This
/// prevents clients from accidentally creating duplicate commitments. The
/// request ID must be a valid UUID with the exception that zero UUID is not
/// supported (00000000-0000-0000-0000-000000000000).
///
/// Optional.
core.String? requestId;
DisableCertificateAuthorityRequest({
this.ignoreDependentResources,
this.requestId,
});
DisableCertificateAuthorityRequest.fromJson(core.Map json_)
: this(
ignoreDependentResources:
json_['ignoreDependentResources'] as core.bool?,
requestId: json_['requestId'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final ignoreDependentResources = this.ignoreDependentResources;
final requestId = this.requestId;
return {
'ignoreDependentResources': ?ignoreDependentResources,
'requestId': ?requestId,
};
}
}
/// Describes an Elliptic Curve key that may be used in a Certificate issued
/// from a CaPool.
class EcKeyType {
/// A signature algorithm that must be used.
///
/// If this is omitted, any EC-based signature algorithm will be allowed.
///
/// Optional.
/// Possible string values are:
/// - "EC_SIGNATURE_ALGORITHM_UNSPECIFIED" : Not specified. Signifies that any
/// signature algorithm may be used.
/// - "ECDSA_P256" : Refers to the Elliptic Curve Digital Signature Algorithm
/// over the NIST P-256 curve.
/// - "ECDSA_P384" : Refers to the Elliptic Curve Digital Signature Algorithm
/// over the NIST P-384 curve.
/// - "EDDSA_25519" : Refers to the Edwards-curve Digital Signature Algorithm
/// over curve 25519, as described in RFC 8410.
core.String? signatureAlgorithm;
EcKeyType({this.signatureAlgorithm});
EcKeyType.fromJson(core.Map json_)
: this(signatureAlgorithm: json_['signatureAlgorithm'] as core.String?);
core.Map<core.String, core.dynamic> toJson() {
final signatureAlgorithm = this.signatureAlgorithm;
return {'signatureAlgorithm': ?signatureAlgorithm};
}
}
/// A generic empty message that you can re-use to avoid defining duplicated
/// empty messages in your APIs.
///
/// A typical example is to use it as the request or the response type of an API
/// method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns
/// (google.protobuf.Empty); }
typedef Empty = $Empty;
/// Request message for CertificateAuthorityService.EnableCertificateAuthority.
typedef EnableCertificateAuthorityRequest = $Request03;
/// The configuration used for encrypting data at rest.
class EncryptionSpec {
/// The resource name for a Cloud KMS key in the format `projects / *
/// /locations / * /keyRings / * /cryptoKeys / * `.
core.String? cloudKmsKey;
EncryptionSpec({this.cloudKmsKey});
EncryptionSpec.fromJson(core.Map json_)
: this(cloudKmsKey: json_['cloudKmsKey'] as core.String?);
core.Map<core.String, core.dynamic> toJson() {
final cloudKmsKey = this.cloudKmsKey;
return {'cloudKmsKey': ?cloudKmsKey};
}
}
/// Represents a textual expression in the Common Expression Language (CEL)
/// syntax.
///
/// CEL is a C-like expression language. The syntax and semantics of CEL are
/// documented at https://github.com/google/cel-spec. Example (Comparison):
/// title: "Summary size limit" description: "Determines if a summary is less
/// than 100 chars" expression: "document.summary.size() \< 100" Example
/// (Equality): title: "Requestor is owner" description: "Determines if
/// requestor is the document owner" expression: "document.owner ==
/// request.auth.claims.email" Example (Logic): title: "Public documents"
/// description: "Determine whether the document should be publicly visible"
/// expression: "document.type != 'private' && document.type != 'internal'"
/// Example (Data Manipulation): title: "Notification string" description:
/// "Create a notification string with a timestamp." expression: "'New message
/// received at ' + string(document.create_time)" The exact variables and
/// functions that may be referenced within an expression are determined by the
/// service that evaluates it. See the service documentation for additional
/// information.
typedef Expr = $Expr;
/// KeyUsage.ExtendedKeyUsageOptions has fields that correspond to certain
/// common OIDs that could be specified as an extended key usage value.
class ExtendedKeyUsageOptions {
/// Corresponds to OID 1.3.6.1.5.5.7.3.2.
///
/// Officially described as "TLS WWW client authentication", though regularly
/// used for non-WWW TLS.
core.bool? clientAuth;
/// Corresponds to OID 1.3.6.1.5.5.7.3.3.
///
/// Officially described as "Signing of downloadable executable code client
/// authentication".
core.bool? codeSigning;
/// Corresponds to OID 1.3.6.1.5.5.7.3.4.
///
/// Officially described as "Email protection".
core.bool? emailProtection;
/// Corresponds to OID 1.3.6.1.5.5.7.3.9.
///
/// Officially described as "Signing OCSP responses".
core.bool? ocspSigning;
/// Corresponds to OID 1.3.6.1.5.5.7.3.1.
///
/// Officially described as "TLS WWW server authentication", though regularly
/// used for non-WWW TLS.
core.bool? serverAuth;
/// Corresponds to OID 1.3.6.1.5.5.7.3.8.
///
/// Officially described as "Binding the hash of an object to a time".
core.bool? timeStamping;
ExtendedKeyUsageOptions({
this.clientAuth,
this.codeSigning,
this.emailProtection,
this.ocspSigning,
this.serverAuth,
this.timeStamping,
});
ExtendedKeyUsageOptions.fromJson(core.Map json_)
: this(
clientAuth: json_['clientAuth'] as core.bool?,
codeSigning: json_['codeSigning'] as core.bool?,
emailProtection: json_['emailProtection'] as core.bool?,
ocspSigning: json_['ocspSigning'] as core.bool?,
serverAuth: json_['serverAuth'] as core.bool?,
timeStamping: json_['timeStamping'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final clientAuth = this.clientAuth;
final codeSigning = this.codeSigning;
final emailProtection = this.emailProtection;
final ocspSigning = this.ocspSigning;
final serverAuth = this.serverAuth;
final timeStamping = this.timeStamping;
return {
'clientAuth': ?clientAuth,
'codeSigning': ?codeSigning,
'emailProtection': ?emailProtection,
'ocspSigning': ?ocspSigning,
'serverAuth': ?serverAuth,
'timeStamping': ?timeStamping,
};
}
}
/// Request message for CertificateAuthorityService.FetchCaCerts.
typedef FetchCaCertsRequest = $Request03;
/// Response message for CertificateAuthorityService.FetchCaCerts.
class FetchCaCertsResponse {
/// The PEM encoded CA certificate chains of all certificate authorities in
/// this CaPool in the ENABLED, DISABLED, or STAGED states.
core.List<CertChain>? caCerts;
FetchCaCertsResponse({this.caCerts});
FetchCaCertsResponse.fromJson(core.Map json_)
: this(
caCerts: (json_['caCerts'] as core.List?)
?.map(
(value) => CertChain.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final caCerts = this.caCerts;
return {'caCerts': ?caCerts};
}
}
/// Response message for
/// CertificateAuthorityService.FetchCertificateAuthorityCsr.
class FetchCertificateAuthorityCsrResponse {
/// The PEM-encoded signed certificate signing request (CSR).
///
/// Output only.
core.String? pemCsr;
FetchCertificateAuthorityCsrResponse({this.pemCsr});
FetchCertificateAuthorityCsrResponse.fromJson(core.Map json_)
: this(pemCsr: json_['pemCsr'] as core.String?);
core.Map<core.String, core.dynamic> toJson() {
final pemCsr = this.pemCsr;
return {'pemCsr': ?pemCsr};
}
}
/// IssuanceModes specifies the allowed ways in which Certificates may be
/// requested from this CaPool.
class IssuanceModes {
/// When true, allows callers to create Certificates by specifying a
/// CertificateConfig.
///
/// Optional.
core.bool? allowConfigBasedIssuance;
/// When true, allows callers to create Certificates by specifying a CSR.
///
/// Optional.
core.bool? allowCsrBasedIssuance;
IssuanceModes({this.allowConfigBasedIssuance, this.allowCsrBasedIssuance});
IssuanceModes.fromJson(core.Map json_)
: this(
allowConfigBasedIssuance:
json_['allowConfigBasedIssuance'] as core.bool?,
allowCsrBasedIssuance: json_['allowCsrBasedIssuance'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final allowConfigBasedIssuance = this.allowConfigBasedIssuance;
final allowCsrBasedIssuance = this.allowCsrBasedIssuance;
return {
'allowConfigBasedIssuance': ?allowConfigBasedIssuance,
'allowCsrBasedIssuance': ?allowCsrBasedIssuance,
};
}
}
/// Defines controls over all certificate issuance within a CaPool.
class IssuancePolicy {
/// If specified, then only methods allowed in the IssuanceModes may be used
/// to issue Certificates.
///
/// Optional.
IssuanceModes? allowedIssuanceModes;
/// If any AllowedKeyType is specified, then the certificate request's public
/// key must match one of the key types listed here.
///
/// Otherwise, any key may be used.
///
/// Optional.
core.List<AllowedKeyType>? allowedKeyTypes;
/// If set, all certificates issued from this CaPool will be backdated by this
/// duration.
///
/// The 'not_before_time' will be the issuance time minus this
/// backdate_duration, and the 'not_after_time' will be adjusted to preserve
/// the requested lifetime. The maximum duration that a certificate can be
/// backdated with these options is 48 hours in the past. This option cannot
/// be set if allow_requester_specified_not_before_time is set.
///
/// Optional.
core.String? backdateDuration;
/// A set of X.509 values that will be applied to all certificates issued
/// through this CaPool.
///
/// If a certificate request includes conflicting values for the same
/// properties, they will be overwritten by the values defined here. If a
/// certificate request uses a CertificateTemplate that defines conflicting
/// predefined_values for the same properties, the certificate issuance
/// request will fail.
///
/// Optional.
X509Parameters? baselineValues;
/// Describes constraints on identities that may appear in Certificates issued
/// through this CaPool.
///
/// If this is omitted, then this CaPool will not add restrictions on a
/// certificate's identity.
///
/// Optional.
CertificateIdentityConstraints? identityConstraints;
/// The maximum lifetime allowed for issued Certificates.
///
/// Note that if the issuing CertificateAuthority expires before a Certificate
/// resource's requested maximum_lifetime, the effective lifetime will be
/// explicitly truncated to match it.
///
/// Optional.
core.String? maximumLifetime;
/// Describes the set of X.509 extensions that may appear in a Certificate
/// issued through this CaPool.
///
/// If a certificate request sets extensions that don't appear in the
/// passthrough_extensions, those extensions will be dropped. If a certificate
/// request uses a CertificateTemplate with predefined_values that don't
/// appear here, the certificate issuance request will fail. If this is
/// omitted, then this CaPool will not add restrictions on a certificate's
/// X.509 extensions. These constraints do not apply to X.509 extensions set
/// in this CaPool's baseline_values.
///
/// Optional.
CertificateExtensionConstraints? passthroughExtensions;
IssuancePolicy({
this.allowedIssuanceModes,
this.allowedKeyTypes,
this.backdateDuration,
this.baselineValues,
this.identityConstraints,
this.maximumLifetime,
this.passthroughExtensions,
});
IssuancePolicy.fromJson(core.Map json_)
: this(
allowedIssuanceModes: json_.containsKey('allowedIssuanceModes')
? IssuanceModes.fromJson(
json_['allowedIssuanceModes']
as core.Map<core.String, core.dynamic>,
)
: null,
allowedKeyTypes: (json_['allowedKeyTypes'] as core.List?)
?.map(
(value) => AllowedKeyType.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
backdateDuration: json_['backdateDuration'] as core.String?,
baselineValues: json_.containsKey('baselineValues')
? X509Parameters.fromJson(
json_['baselineValues'] as core.Map<core.String, core.dynamic>,
)
: null,
identityConstraints: json_.containsKey('identityConstraints')
? CertificateIdentityConstraints.fromJson(
json_['identityConstraints']
as core.Map<core.String, core.dynamic>,
)
: null,
maximumLifetime: json_['maximumLifetime'] as core.String?,
passthroughExtensions: json_.containsKey('passthroughExtensions')
? CertificateExtensionConstraints.fromJson(
json_['passthroughExtensions']
as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final allowedIssuanceModes = this.allowedIssuanceModes;
final allowedKeyTypes = this.allowedKeyTypes;
final backdateDuration = this.backdateDuration;
final baselineValues = this.baselineValues;
final identityConstraints = this.identityConstraints;
final maximumLifetime = this.maximumLifetime;
final passthroughExtensions = this.passthroughExtensions;
return {
'allowedIssuanceModes': ?allowedIssuanceModes,
'allowedKeyTypes': ?allowedKeyTypes,
'backdateDuration': ?backdateDuration,
'baselineValues': ?baselineValues,
'identityConstraints': ?identityConstraints,
'maximumLifetime': ?maximumLifetime,
'passthroughExtensions': ?passthroughExtensions,
};
}
}
/// A KeyId identifies a specific public key, usually by hashing the public key.
class KeyId {
/// The value of this KeyId encoded in lowercase hexadecimal.
///
/// This is most likely the 160 bit SHA-1 hash of the public key.
///
/// Optional.
core.String? keyId;
KeyId({this.keyId});
KeyId.fromJson(core.Map json_) : this(keyId: json_['keyId'] as core.String?);
core.Map<core.String, core.dynamic> toJson() {
final keyId = this.keyId;
return {'keyId': ?keyId};
}
}
/// A KeyUsage describes key usage values that may appear in an X.509
/// certificate.
class KeyUsage {
/// Describes high-level ways in which a key may be used.
KeyUsageOptions? baseKeyUsage;
/// Detailed scenarios in which a key may be used.
ExtendedKeyUsageOptions? extendedKeyUsage;
/// Used to describe extended key usages that are not listed in the
/// KeyUsage.ExtendedKeyUsageOptions message.
core.List<ObjectId>? unknownExtendedKeyUsages;
KeyUsage({
this.baseKeyUsage,
this.extendedKeyUsage,
this.unknownExtendedKeyUsages,
});
KeyUsage.fromJson(core.Map json_)
: this(
baseKeyUsage: json_.containsKey('baseKeyUsage')
? KeyUsageOptions.fromJson(
json_['baseKeyUsage'] as core.Map<core.String, core.dynamic>,
)
: null,
extendedKeyUsage: json_.containsKey('extendedKeyUsage')
? ExtendedKeyUsageOptions.fromJson(
json_['extendedKeyUsage']
as core.Map<core.String, core.dynamic>,
)
: null,
unknownExtendedKeyUsages:
(json_['unknownExtendedKeyUsages'] as core.List?)
?.map(
(value) => ObjectId.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final baseKeyUsage = this.baseKeyUsage;
final extendedKeyUsage = this.extendedKeyUsage;
final unknownExtendedKeyUsages = this.unknownExtendedKeyUsages;
return {
'baseKeyUsage': ?baseKeyUsage,
'extendedKeyUsage': ?extendedKeyUsage,
'unknownExtendedKeyUsages': ?unknownExtendedKeyUsages,
};
}
}
/// KeyUsage.KeyUsageOptions corresponds to the key usage values described in
/// https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
class KeyUsageOptions {
/// The key may be used to sign certificates.
core.bool? certSign;
/// The key may be used for cryptographic commitments.
///
/// Note that this may also be referred to as "non-repudiation".
core.bool? contentCommitment;
/// The key may be used sign certificate revocation lists.
core.bool? crlSign;
/// The key may be used to encipher data.
core.bool? dataEncipherment;
/// The key may be used to decipher only.
core.bool? decipherOnly;
/// The key may be used for digital signatures.
core.bool? digitalSignature;
/// The key may be used to encipher only.
core.bool? encipherOnly;
/// The key may be used in a key agreement protocol.
core.bool? keyAgreement;
/// The key may be used to encipher other keys.
core.bool? keyEncipherment;
KeyUsageOptions({
this.certSign,
this.contentCommitment,
this.crlSign,
this.dataEncipherment,
this.decipherOnly,
this.digitalSignature,
this.encipherOnly,
this.keyAgreement,
this.keyEncipherment,
});
KeyUsageOptions.fromJson(core.Map json_)
: this(
certSign: json_['certSign'] as core.bool?,
contentCommitment: json_['contentCommitment'] as core.bool?,
crlSign: json_['crlSign'] as core.bool?,
dataEncipherment: json_['dataEncipherment'] as core.bool?,
decipherOnly: json_['decipherOnly'] as core.bool?,
digitalSignature: json_['digitalSignature'] as core.bool?,
encipherOnly: json_['encipherOnly'] as core.bool?,
keyAgreement: json_['keyAgreement'] as core.bool?,
keyEncipherment: json_['keyEncipherment'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final certSign = this.certSign;
final contentCommitment = this.contentCommitment;
final crlSign = this.crlSign;
final dataEncipherment = this.dataEncipherment;
final decipherOnly = this.decipherOnly;
final digitalSignature = this.digitalSignature;
final encipherOnly = this.encipherOnly;
final keyAgreement = this.keyAgreement;
final keyEncipherment = this.keyEncipherment;
return {
'certSign': ?certSign,
'contentCommitment': ?contentCommitment,
'crlSign': ?crlSign,
'dataEncipherment': ?dataEncipherment,
'decipherOnly': ?decipherOnly,
'digitalSignature': ?digitalSignature,
'encipherOnly': ?encipherOnly,
'keyAgreement': ?keyAgreement,
'keyEncipherment': ?keyEncipherment,
};
}
}
/// A Cloud KMS key configuration that a CertificateAuthority will use.
class KeyVersionSpec {
/// The algorithm to use for creating a managed Cloud KMS key for a for a
/// simplified experience.
///
/// All managed keys will be have their ProtectionLevel as `HSM`.
/// Possible string values are:
/// - "SIGN_HASH_ALGORITHM_UNSPECIFIED" : Not specified.
/// - "RSA_PSS_2048_SHA256" : maps to
/// CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
/// - "RSA_PSS_3072_SHA256" : maps to CryptoKeyVersionAlgorithm.
/// RSA_SIGN_PSS_3072_SHA256
/// - "RSA_PSS_4096_SHA256" : maps to
/// CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
/// - "RSA_PKCS1_2048_SHA256" : maps to
/// CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
/// - "RSA_PKCS1_3072_SHA256" : maps to
/// CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
/// - "RSA_PKCS1_4096_SHA256" : maps to
/// CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
/// - "EC_P256_SHA256" : maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
/// - "EC_P384_SHA384" : maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
core.String? algorithm;
/// The resource name for an existing Cloud KMS CryptoKeyVersion in the format
/// `projects / * /locations / * /keyRings / * /cryptoKeys / *
/// /cryptoKeyVersions / * `.
///
/// This option enables full flexibility in the key's capabilities and
/// properties.
core.String? cloudKmsKeyVersion;
KeyVersionSpec({this.algorithm, this.cloudKmsKeyVersion});
KeyVersionSpec.fromJson(core.Map json_)
: this(
algorithm: json_['algorithm'] as core.String?,
cloudKmsKeyVersion: json_['cloudKmsKeyVersion'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final algorithm = this.algorithm;
final cloudKmsKeyVersion = this.cloudKmsKeyVersion;
return {'algorithm': ?algorithm, 'cloudKmsKeyVersion': ?cloudKmsKeyVersion};
}
}
/// Response message for CertificateAuthorityService.ListCaPools.
class ListCaPoolsResponse {
/// The list of CaPools.
core.List<CaPool>? caPools;
/// A token to retrieve next page of results.
///
/// Pass this value in ListCertificateAuthoritiesRequest.page_token to
/// retrieve the next page of results.
core.String? nextPageToken;
/// A list of locations (e.g. "us-west1") that could not be reached.
core.List<core.String>? unreachable;
ListCaPoolsResponse({this.caPools, this.nextPageToken, this.unreachable});
ListCaPoolsResponse.fromJson(core.Map json_)
: this(
caPools: (json_['caPools'] as core.List?)
?.map(
(value) =>
CaPool.fromJson(value as core.Map<core.String, core.dynamic>),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
unreachable: (json_['unreachable'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final caPools = this.caPools;
final nextPageToken = this.nextPageToken;
final unreachable = this.unreachable;
return {
'caPools': ?caPools,
'nextPageToken': ?nextPageToken,
'unreachable': ?unreachable,
};
}
}
/// Response message for CertificateAuthorityService.ListCertificateAuthorities.
class ListCertificateAuthoritiesResponse {
/// The list of CertificateAuthorities.
core.List<CertificateAuthority>? certificateAuthorities;
/// A token to retrieve next page of results.
///
/// Pass this value in ListCertificateAuthoritiesRequest.page_token to
/// retrieve the next page of results.
core.String? nextPageToken;
/// A list of locations (e.g. "us-west1") that could not be reached.
core.List<core.String>? unreachable;
ListCertificateAuthoritiesResponse({
this.certificateAuthorities,
this.nextPageToken,
this.unreachable,
});
ListCertificateAuthoritiesResponse.fromJson(core.Map json_)
: this(
certificateAuthorities: (json_['certificateAuthorities'] as core.List?)
?.map(
(value) => CertificateAuthority.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
unreachable: (json_['unreachable'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final certificateAuthorities = this.certificateAuthorities;
final nextPageToken = this.nextPageToken;
final unreachable = this.unreachable;
return {
'certificateAuthorities': ?certificateAuthorities,
'nextPageToken': ?nextPageToken,
'unreachable': ?unreachable,
};
}
}
/// Response message for
/// CertificateAuthorityService.ListCertificateRevocationLists.
class ListCertificateRevocationListsResponse {
/// The list of CertificateRevocationLists.
core.List<CertificateRevocationList>? certificateRevocationLists;
/// A token to retrieve next page of results.
///
/// Pass this value in ListCertificateRevocationListsRequest.page_token to
/// retrieve the next page of results.
core.String? nextPageToken;
/// A list of locations (e.g. "us-west1") that could not be reached.
core.List<core.String>? unreachable;
ListCertificateRevocationListsResponse({
this.certificateRevocationLists,
this.nextPageToken,
this.unreachable,
});
ListCertificateRevocationListsResponse.fromJson(core.Map json_)
: this(
certificateRevocationLists:
(json_['certificateRevocationLists'] as core.List?)
?.map(
(value) => CertificateRevocationList.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
unreachable: (json_['unreachable'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final certificateRevocationLists = this.certificateRevocationLists;
final nextPageToken = this.nextPageToken;
final unreachable = this.unreachable;
return {
'certificateRevocationLists': ?certificateRevocationLists,
'nextPageToken': ?nextPageToken,
'unreachable': ?unreachable,
};
}
}
/// Response message for CertificateAuthorityService.ListCertificateTemplates.
class ListCertificateTemplatesResponse {
/// The list of CertificateTemplates.
core.List<CertificateTemplate>? certificateTemplates;
/// A token to retrieve next page of results.
///
/// Pass this value in ListCertificateTemplatesRequest.page_token to retrieve
/// the next page of results.
core.String? nextPageToken;
/// A list of locations (e.g. "us-west1") that could not be reached.
core.List<core.String>? unreachable;
ListCertificateTemplatesResponse({
this.certificateTemplates,
this.nextPageToken,
this.unreachable,
});
ListCertificateTemplatesResponse.fromJson(core.Map json_)
: this(
certificateTemplates: (json_['certificateTemplates'] as core.List?)
?.map(
(value) => CertificateTemplate.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
unreachable: (json_['unreachable'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final certificateTemplates = this.certificateTemplates;
final nextPageToken = this.nextPageToken;
final unreachable = this.unreachable;
return {
'certificateTemplates': ?certificateTemplates,
'nextPageToken': ?nextPageToken,
'unreachable': ?unreachable,
};
}
}
/// Response message for CertificateAuthorityService.ListCertificates.
class ListCertificatesResponse {
/// The list of Certificates.
core.List<Certificate>? certificates;
/// A token to retrieve next page of results.
///
/// Pass this value in ListCertificatesRequest.page_token to retrieve the next
/// page of results.
core.String? nextPageToken;
/// A list of locations (e.g. "us-west1") that could not be reached.
core.List<core.String>? unreachable;
ListCertificatesResponse({
this.certificates,
this.nextPageToken,
this.unreachable,
});
ListCertificatesResponse.fromJson(core.Map json_)
: this(
certificates: (json_['certificates'] as core.List?)
?.map(
(value) => Certificate.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
unreachable: (json_['unreachable'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final certificates = this.certificates;
final nextPageToken = this.nextPageToken;
final unreachable = this.unreachable;
return {
'certificates': ?certificates,
'nextPageToken': ?nextPageToken,
'unreachable': ?unreachable,
};
}
}
/// The response message for Locations.ListLocations.
class ListLocationsResponse {
/// A list of locations that matches the specified filter in the request.
core.List<Location>? locations;
/// The standard List next-page token.
core.String? nextPageToken;
ListLocationsResponse({this.locations, this.nextPageToken});
ListLocationsResponse.fromJson(core.Map json_)
: this(
locations: (json_['locations'] as core.List?)
?.map(
(value) => Location.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final locations = this.locations;
final nextPageToken = this.nextPageToken;
return {'locations': ?locations, 'nextPageToken': ?nextPageToken};
}
}
/// The response message for Operations.ListOperations.
class ListOperationsResponse {
/// The standard List next-page token.
core.String? nextPageToken;
/// A list of operations that matches the specified filter in the request.
core.List<Operation>? operations;
/// Unordered list.
///
/// Unreachable resources. Populated when the request sets
/// `ListOperationsRequest.return_partial_success` and reads across
/// collections. For example, when attempting to list all resources across all
/// supported locations.
core.List<core.String>? unreachable;
ListOperationsResponse({
this.nextPageToken,
this.operations,
this.unreachable,
});
ListOperationsResponse.fromJson(core.Map json_)
: this(
nextPageToken: json_['nextPageToken'] as core.String?,
operations: (json_['operations'] as core.List?)
?.map(
(value) => Operation.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
unreachable: (json_['unreachable'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final nextPageToken = this.nextPageToken;
final operations = this.operations;
final unreachable = this.unreachable;
return {
'nextPageToken': ?nextPageToken,
'operations': ?operations,
'unreachable': ?unreachable,
};
}
}
/// A resource that represents a Google Cloud location.
typedef Location = $Location00;
/// Describes the X.509 name constraints extension, per
/// https://tools.ietf.org/html/rfc5280#section-4.2.1.10
class NameConstraints {
/// Indicates whether or not the name constraints are marked critical.
core.bool? critical;
/// Contains excluded DNS names.
///
/// Any DNS name that can be constructed by simply adding zero or more labels
/// to the left-hand side of the name satisfies the name constraint. For
/// example, `example.com`, `www.example.com`, `www.sub.example.com` would
/// satisfy `example.com` while `example1.com` does not.
core.List<core.String>? excludedDnsNames;
/// Contains the excluded email addresses.
///
/// The value can be a particular email address, a hostname to indicate all
/// email addresses on that host or a domain with a leading period (e.g.
/// `.example.com`) to indicate all email addresses in that domain.
core.List<core.String>? excludedEmailAddresses;
/// Contains the excluded IP ranges.
///
/// For IPv4 addresses, the ranges are expressed using CIDR notation as
/// specified in RFC 4632. For IPv6 addresses, the ranges are expressed in
/// similar encoding as IPv4 addresses.
core.List<core.String>? excludedIpRanges;
/// Contains the excluded URIs that apply to the host part of the name.
///
/// The value can be a hostname or a domain with a leading period (like
/// `.example.com`)
core.List<core.String>? excludedUris;
/// Contains permitted DNS names.
///
/// Any DNS name that can be constructed by simply adding zero or more labels
/// to the left-hand side of the name satisfies the name constraint. For
/// example, `example.com`, `www.example.com`, `www.sub.example.com` would
/// satisfy `example.com` while `example1.com` does not.
core.List<core.String>? permittedDnsNames;
/// Contains the permitted email addresses.
///
/// The value can be a particular email address, a hostname to indicate all
/// email addresses on that host or a domain with a leading period (e.g.
/// `.example.com`) to indicate all email addresses in that domain.
core.List<core.String>? permittedEmailAddresses;
/// Contains the permitted IP ranges.
///
/// For IPv4 addresses, the ranges are expressed using CIDR notation as
/// specified in RFC 4632. For IPv6 addresses, the ranges are expressed in
/// similar encoding as IPv4 addresses.
core.List<core.String>? permittedIpRanges;
/// Contains the permitted URIs that apply to the host part of the name.
///
/// The value can be a hostname or a domain with a leading period (like
/// `.example.com`)
core.List<core.String>? permittedUris;
NameConstraints({
this.critical,
this.excludedDnsNames,
this.excludedEmailAddresses,
this.excludedIpRanges,
this.excludedUris,
this.permittedDnsNames,
this.permittedEmailAddresses,
this.permittedIpRanges,
this.permittedUris,
});
NameConstraints.fromJson(core.Map json_)
: this(
critical: json_['critical'] as core.bool?,
excludedDnsNames: (json_['excludedDnsNames'] as core.List?)
?.map((value) => value as core.String)
.toList(),
excludedEmailAddresses: (json_['excludedEmailAddresses'] as core.List?)
?.map((value) => value as core.String)
.toList(),
excludedIpRanges: (json_['excludedIpRanges'] as core.List?)
?.map((value) => value as core.String)
.toList(),
excludedUris: (json_['excludedUris'] as core.List?)
?.map((value) => value as core.String)
.toList(),
permittedDnsNames: (json_['permittedDnsNames'] as core.List?)
?.map((value) => value as core.String)
.toList(),
permittedEmailAddresses:
(json_['permittedEmailAddresses'] as core.List?)
?.map((value) => value as core.String)
.toList(),
permittedIpRanges: (json_['permittedIpRanges'] as core.List?)
?.map((value) => value as core.String)
.toList(),
permittedUris: (json_['permittedUris'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final critical = this.critical;
final excludedDnsNames = this.excludedDnsNames;
final excludedEmailAddresses = this.excludedEmailAddresses;
final excludedIpRanges = this.excludedIpRanges;
final excludedUris = this.excludedUris;
final permittedDnsNames = this.permittedDnsNames;
final permittedEmailAddresses = this.permittedEmailAddresses;
final permittedIpRanges = this.permittedIpRanges;
final permittedUris = this.permittedUris;
return {
'critical': ?critical,
'excludedDnsNames': ?excludedDnsNames,
'excludedEmailAddresses': ?excludedEmailAddresses,
'excludedIpRanges': ?excludedIpRanges,
'excludedUris': ?excludedUris,
'permittedDnsNames': ?permittedDnsNames,
'permittedEmailAddresses': ?permittedEmailAddresses,
'permittedIpRanges': ?permittedIpRanges,
'permittedUris': ?permittedUris,
};
}
}
/// An ObjectId specifies an object identifier (OID).
///
/// These provide context and describe types in ASN.1 messages.
class ObjectId {
/// The parts of an OID path.
///
/// The most significant parts of the path come first.
///
/// Required.
core.List<core.int>? objectIdPath;
ObjectId({this.objectIdPath});
ObjectId.fromJson(core.Map json_)
: this(
objectIdPath: (json_['objectIdPath'] as core.List?)
?.map((value) => value as core.int)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final objectIdPath = this.objectIdPath;
return {'objectIdPath': ?objectIdPath};
}
}
/// This resource represents a long-running operation that is the result of a
/// network API call.
class Operation {
/// If the value is `false`, it means the operation is still in progress.
///
/// If `true`, the operation is completed, and either `error` or `response` is
/// available.
core.bool? done;
/// The error result of the operation in case of failure or cancellation.
Status? error;
/// Service-specific metadata associated with the operation.
///
/// It typically contains progress information and common metadata such as
/// create time. Some services might not provide such metadata. Any method
/// that returns a long-running operation should document the metadata type,
/// if any.
///
/// The values for Object must be JSON objects. It can consist of `num`,
/// `String`, `bool` and `null` as well as `Map` and `List` values.
core.Map<core.String, core.Object?>? metadata;
/// The server-assigned name, which is only unique within the same service
/// that originally returns it.
///
/// If you use the default HTTP mapping, the `name` should be a resource name
/// ending with `operations/{unique_id}`.
core.String? name;
/// The normal, successful response of the operation.
///
/// If the original method returns no data on success, such as `Delete`, the
/// response is `google.protobuf.Empty`. If the original method is standard
/// `Get`/`Create`/`Update`, the response should be the resource. For other
/// methods, the response should have the type `XxxResponse`, where `Xxx` is
/// the original method name. For example, if the original method name is
/// `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
///
/// The values for Object must be JSON objects. It can consist of `num`,
/// `String`, `bool` and `null` as well as `Map` and `List` values.
core.Map<core.String, core.Object?>? response;
Operation({this.done, this.error, this.metadata, this.name, this.response});
Operation.fromJson(core.Map json_)
: this(
done: json_['done'] as core.bool?,
error: json_.containsKey('error')
? Status.fromJson(
json_['error'] as core.Map<core.String, core.dynamic>,
)
: null,
metadata: json_.containsKey('metadata')
? json_['metadata'] as core.Map<core.String, core.dynamic>
: null,
name: json_['name'] as core.String?,
response: json_.containsKey('response')
? json_['response'] as core.Map<core.String, core.dynamic>
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final done = this.done;
final error = this.error;
final metadata = this.metadata;
final name = this.name;
final response = this.response;
return {
'done': ?done,
'error': ?error,
'metadata': ?metadata,
'name': ?name,
'response': ?response,
};
}
}
/// An Identity and Access Management (IAM) policy, which specifies access
/// controls for Google Cloud resources.
///
/// A `Policy` is a collection of `bindings`. A `binding` binds one or more
/// `members`, or principals, to a single `role`. Principals can be user
/// accounts, service accounts, Google groups, and domains (such as G Suite). A
/// `role` is a named list of permissions; each `role` can be an IAM predefined
/// role or a user-created custom role. For some types of Google Cloud
/// resources, a `binding` can also specify a `condition`, which is a logical
/// expression that allows access to a resource only if the expression evaluates
/// to `true`. A condition can add constraints based on attributes of the
/// request, the resource, or both. To learn which resources support conditions
/// in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
/// **JSON example:** ``` { "bindings": [ { "role":
/// "roles/resourcemanager.organizationAdmin", "members": [
/// "user:mike@example.com", "group:admins@example.com", "domain:google.com",
/// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role":
/// "roles/resourcemanager.organizationViewer", "members": [
/// "user:eve@example.com" ], "condition": { "title": "expirable access",
/// "description": "Does not grant access after Sep 2020", "expression":
/// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag":
/// "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: -
/// members: - user:mike@example.com - group:admins@example.com -
/// domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
/// role: roles/resourcemanager.organizationAdmin - members: -
/// user:eve@example.com role: roles/resourcemanager.organizationViewer
/// condition: title: expirable access description: Does not grant access after
/// Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
/// etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features,
/// see the [IAM documentation](https://cloud.google.com/iam/docs/).
class Policy {
/// Specifies cloud audit logging configuration for this policy.
core.List<AuditConfig>? auditConfigs;
/// Associates a list of `members`, or principals, with a `role`.
///
/// Optionally, may specify a `condition` that determines how and when the
/// `bindings` are applied. Each of the `bindings` must contain at least one
/// principal. The `bindings` in a `Policy` can refer to up to 1,500
/// principals; up to 250 of these principals can be Google groups. Each
/// occurrence of a principal counts towards these limits. For example, if the
/// `bindings` grant 50 different roles to `user:alice@example.com`, and not
/// to any other principal, then you can add another 1,450 principals to the
/// `bindings` in the `Policy`.
core.List<Binding>? bindings;
/// `etag` is used for optimistic concurrency control as a way to help prevent
/// simultaneous updates of a policy from overwriting each other.
///
/// It is strongly suggested that systems make use of the `etag` in the
/// read-modify-write cycle to perform policy updates in order to avoid race
/// conditions: An `etag` is returned in the response to `getIamPolicy`, and
/// systems are expected to put that etag in the request to `setIamPolicy` to
/// ensure that their change will be applied to the same version of the
/// policy. **Important:** If you use IAM Conditions, you must include the
/// `etag` field whenever you call `setIamPolicy`. If you omit this field,
/// then IAM allows you to overwrite a version `3` policy with a version `1`
/// policy, and all of the conditions in the version `3` policy are lost.
core.String? etag;
core.List<core.int> get etagAsBytes => convert.base64.decode(etag!);
set etagAsBytes(core.List<core.int> bytes_) {
etag = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Specifies the format of the policy.
///
/// Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
/// are rejected. Any operation that affects conditional role bindings must
/// specify version `3`. This requirement applies to the following operations:
/// * Getting a policy that includes a conditional role binding * Adding a
/// conditional role binding to a policy * Changing a conditional role binding
/// in a policy * Removing any role binding, with or without a condition, from
/// a policy that includes conditions **Important:** If you use IAM
/// Conditions, you must include the `etag` field whenever you call
/// `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a
/// version `3` policy with a version `1` policy, and all of the conditions in
/// the version `3` policy are lost. If a policy does not include any
/// conditions, operations on that policy may specify any valid version or
/// leave the field unset. To learn which resources support conditions in
/// their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
core.int? version;
Policy({this.auditConfigs, this.bindings, this.etag, this.version});
Policy.fromJson(core.Map json_)
: this(
auditConfigs: (json_['auditConfigs'] as core.List?)
?.map(
(value) => AuditConfig.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
bindings: (json_['bindings'] as core.List?)
?.map(
(value) => Binding.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
etag: json_['etag'] as core.String?,
version: json_['version'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final auditConfigs = this.auditConfigs;
final bindings = this.bindings;
final etag = this.etag;
final version = this.version;
return {
'auditConfigs': ?auditConfigs,
'bindings': ?bindings,
'etag': ?etag,
'version': ?version,
};
}
}
/// A PublicKey describes a public key.
class PublicKey {
/// The format of the public key.
///
/// Required.
/// Possible string values are:
/// - "KEY_FORMAT_UNSPECIFIED" : Default unspecified value.
/// - "PEM" : The key is PEM-encoded as defined in
/// [RFC 7468](https://tools.ietf.org/html/rfc7468). It can be any of the
/// following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC
/// 5280
/// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1) or
/// a PEM-encoded X.509 certificate signing request (CSR). If a
/// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1) is
/// specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or
/// a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it
/// will used solely for the purpose of extracting the public key. When
/// generated by the service, it will always be an RFC 5280
/// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
/// structure containing an algorithm identifier and a key.
core.String? format;
/// A public key.
///
/// The padding and encoding must match with the `KeyFormat` value specified
/// for the `format` field.
///
/// Required.
core.String? key;
core.List<core.int> get keyAsBytes => convert.base64.decode(key!);
set keyAsBytes(core.List<core.int> bytes_) {
key = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
PublicKey({this.format, this.key});
PublicKey.fromJson(core.Map json_)
: this(
format: json_['format'] as core.String?,
key: json_['key'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final format = this.format;
final key = this.key;
return {'format': ?format, 'key': ?key};
}
}
/// Options relating to the publication of each CertificateAuthority's CA
/// certificate and CRLs and their inclusion as extensions in issued
/// Certificates.
///
/// The options set here apply to certificates issued by any
/// CertificateAuthority in the CaPool.
class PublishingOptions {
/// Specifies the encoding format of each CertificateAuthority resource's CA
/// certificate and CRLs.
///
/// If this is omitted, CA certificates and CRLs will be published in PEM.
///
/// Optional.
/// Possible string values are:
/// - "ENCODING_FORMAT_UNSPECIFIED" : Not specified. By default, PEM format
/// will be used.
/// - "PEM" : The CertificateAuthority's CA certificate and CRLs will be
/// published in PEM format.
/// - "DER" : The CertificateAuthority's CA certificate and CRLs will be
/// published in DER format.
core.String? encodingFormat;
/// When true, publishes each CertificateAuthority's CA certificate and
/// includes its URL in the "Authority Information Access" X.509 extension in
/// all issued Certificates.
///
/// If this is false, the CA certificate will not be published and the
/// corresponding X.509 extension will not be written in issued certificates.
///
/// Optional.
core.bool? publishCaCert;
/// When true, publishes each CertificateAuthority's CRL and includes its URL
/// in the "CRL Distribution Points" X.509 extension in all issued
/// Certificates.
///
/// If this is false, CRLs will not be published and the corresponding X.509
/// extension will not be written in issued certificates. CRLs will expire 7
/// days from their creation. However, we will rebuild daily. CRLs are also
/// rebuilt shortly after a certificate is revoked.
///
/// Optional.
core.bool? publishCrl;
PublishingOptions({this.encodingFormat, this.publishCaCert, this.publishCrl});
PublishingOptions.fromJson(core.Map json_)
: this(
encodingFormat: json_['encodingFormat'] as core.String?,
publishCaCert: json_['publishCaCert'] as core.bool?,
publishCrl: json_['publishCrl'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final encodingFormat = this.encodingFormat;
final publishCaCert = this.publishCaCert;
final publishCrl = this.publishCrl;
return {
'encodingFormat': ?encodingFormat,
'publishCaCert': ?publishCaCert,
'publishCrl': ?publishCrl,
};
}
}
/// RelativeDistinguishedName specifies a relative distinguished name which will
/// be used to build a distinguished name.
class RelativeDistinguishedName {
/// Attributes describes the attribute value assertions in the RDN.
core.List<AttributeTypeAndValue>? attributes;
RelativeDistinguishedName({this.attributes});
RelativeDistinguishedName.fromJson(core.Map json_)
: this(
attributes: (json_['attributes'] as core.List?)
?.map(
(value) => AttributeTypeAndValue.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final attributes = this.attributes;
return {'attributes': ?attributes};
}
}
/// Describes fields that are relavent to the revocation of a Certificate.
class RevocationDetails {
/// Indicates why a Certificate was revoked.
/// Possible string values are:
/// - "REVOCATION_REASON_UNSPECIFIED" : Default unspecified value. This value
/// does indicate that a Certificate has been revoked, but that a reason has
/// not been recorded.
/// - "KEY_COMPROMISE" : Key material for this Certificate may have leaked.
/// - "CERTIFICATE_AUTHORITY_COMPROMISE" : The key material for a certificate
/// authority in the issuing path may have leaked.
/// - "AFFILIATION_CHANGED" : The subject or other attributes in this
/// Certificate have changed.
/// - "SUPERSEDED" : This Certificate has been superseded.
/// - "CESSATION_OF_OPERATION" : This Certificate or entities in the issuing
/// path have ceased to operate.
/// - "CERTIFICATE_HOLD" : This Certificate should not be considered valid, it
/// is expected that it may become valid in the future.
/// - "PRIVILEGE_WITHDRAWN" : This Certificate no longer has permission to
/// assert the listed attributes.
/// - "ATTRIBUTE_AUTHORITY_COMPROMISE" : The authority which determines
/// appropriate attributes for a Certificate may have been compromised.
core.String? revocationState;
/// The time at which this Certificate was revoked.
core.String? revocationTime;
RevocationDetails({this.revocationState, this.revocationTime});
RevocationDetails.fromJson(core.Map json_)
: this(
revocationState: json_['revocationState'] as core.String?,
revocationTime: json_['revocationTime'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final revocationState = this.revocationState;
final revocationTime = this.revocationTime;
return {
'revocationState': ?revocationState,
'revocationTime': ?revocationTime,
};
}
}
/// Request message for CertificateAuthorityService.RevokeCertificate.
class RevokeCertificateRequest {
/// The RevocationReason for revoking this certificate.
///
/// Required.
/// Possible string values are:
/// - "REVOCATION_REASON_UNSPECIFIED" : Default unspecified value. This value
/// does indicate that a Certificate has been revoked, but that a reason has
/// not been recorded.
/// - "KEY_COMPROMISE" : Key material for this Certificate may have leaked.
/// - "CERTIFICATE_AUTHORITY_COMPROMISE" : The key material for a certificate
/// authority in the issuing path may have leaked.
/// - "AFFILIATION_CHANGED" : The subject or other attributes in this
/// Certificate have changed.
/// - "SUPERSEDED" : This Certificate has been superseded.
/// - "CESSATION_OF_OPERATION" : This Certificate or entities in the issuing
/// path have ceased to operate.
/// - "CERTIFICATE_HOLD" : This Certificate should not be considered valid, it
/// is expected that it may become valid in the future.
/// - "PRIVILEGE_WITHDRAWN" : This Certificate no longer has permission to
/// assert the listed attributes.
/// - "ATTRIBUTE_AUTHORITY_COMPROMISE" : The authority which determines
/// appropriate attributes for a Certificate may have been compromised.
core.String? reason;
/// An ID to identify requests.
///
/// Specify a unique request ID so that if you must retry your request, the
/// server will know to ignore the request if it has already been completed.
/// The server will guarantee that for at least 60 minutes since the first
/// request. For example, consider a situation where you make an initial
/// request and the request times out. If you make the request again with the
/// same request ID, the server can check if original operation with the same
/// request ID was received, and if so, will ignore the second request. This
/// prevents clients from accidentally creating duplicate commitments. The
/// request ID must be a valid UUID with the exception that zero UUID is not
/// supported (00000000-0000-0000-0000-000000000000).
///
/// Optional.
core.String? requestId;
RevokeCertificateRequest({this.reason, this.requestId});
RevokeCertificateRequest.fromJson(core.Map json_)
: this(
reason: json_['reason'] as core.String?,
requestId: json_['requestId'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final reason = this.reason;
final requestId = this.requestId;
return {'reason': ?reason, 'requestId': ?requestId};
}
}
/// Describes a revoked Certificate.
class RevokedCertificate {
/// The resource name for the Certificate in the format `projects / *
/// /locations / * /caPools / * /certificates / * `.
core.String? certificate;
/// The serial number of the Certificate.
core.String? hexSerialNumber;
/// The reason the Certificate was revoked.
/// Possible string values are:
/// - "REVOCATION_REASON_UNSPECIFIED" : Default unspecified value. This value
/// does indicate that a Certificate has been revoked, but that a reason has
/// not been recorded.
/// - "KEY_COMPROMISE" : Key material for this Certificate may have leaked.
/// - "CERTIFICATE_AUTHORITY_COMPROMISE" : The key material for a certificate
/// authority in the issuing path may have leaked.
/// - "AFFILIATION_CHANGED" : The subject or other attributes in this
/// Certificate have changed.
/// - "SUPERSEDED" : This Certificate has been superseded.
/// - "CESSATION_OF_OPERATION" : This Certificate or entities in the issuing
/// path have ceased to operate.
/// - "CERTIFICATE_HOLD" : This Certificate should not be considered valid, it
/// is expected that it may become valid in the future.
/// - "PRIVILEGE_WITHDRAWN" : This Certificate no longer has permission to
/// assert the listed attributes.
/// - "ATTRIBUTE_AUTHORITY_COMPROMISE" : The authority which determines
/// appropriate attributes for a Certificate may have been compromised.
core.String? revocationReason;
RevokedCertificate({
this.certificate,
this.hexSerialNumber,
this.revocationReason,
});
RevokedCertificate.fromJson(core.Map json_)
: this(
certificate: json_['certificate'] as core.String?,
hexSerialNumber: json_['hexSerialNumber'] as core.String?,
revocationReason: json_['revocationReason'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final certificate = this.certificate;
final hexSerialNumber = this.hexSerialNumber;
final revocationReason = this.revocationReason;
return {
'certificate': ?certificate,
'hexSerialNumber': ?hexSerialNumber,
'revocationReason': ?revocationReason,
};
}
}
/// Describes an RSA key that may be used in a Certificate issued from a CaPool.
class RsaKeyType {
/// The maximum allowed RSA modulus size (inclusive), in bits.
///
/// If this is not set, or if set to zero, the service will not enforce an
/// explicit upper bound on RSA modulus sizes.
///
/// Optional.
core.String? maxModulusSize;
/// The minimum allowed RSA modulus size (inclusive), in bits.
///
/// If this is not set, or if set to zero, the service-level min RSA modulus
/// size will continue to apply.
///
/// Optional.
core.String? minModulusSize;
RsaKeyType({this.maxModulusSize, this.minModulusSize});
RsaKeyType.fromJson(core.Map json_)
: this(
maxModulusSize: json_['maxModulusSize'] as core.String?,
minModulusSize: json_['minModulusSize'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final maxModulusSize = this.maxModulusSize;
final minModulusSize = this.minModulusSize;
return {
'maxModulusSize': ?maxModulusSize,
'minModulusSize': ?minModulusSize,
};
}
}
/// Request message for `SetIamPolicy` method.
class SetIamPolicyRequest {
/// REQUIRED: The complete policy to be applied to the `resource`.
///
/// The size of the policy is limited to a few 10s of KB. An empty policy is a
/// valid policy but certain Google Cloud services (such as Projects) might
/// reject them.
Policy? policy;
/// OPTIONAL: A FieldMask specifying which fields of the policy to modify.
///
/// Only the fields in the mask will be modified. If no mask is provided, the
/// following default mask is used: `paths: "bindings, etag"`
core.String? updateMask;
SetIamPolicyRequest({this.policy, this.updateMask});
SetIamPolicyRequest.fromJson(core.Map json_)
: this(
policy: json_.containsKey('policy')
? Policy.fromJson(
json_['policy'] as core.Map<core.String, core.dynamic>,
)
: null,
updateMask: json_['updateMask'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final policy = this.policy;
final updateMask = this.updateMask;
return {'policy': ?policy, 'updateMask': ?updateMask};
}
}
/// The `Status` type defines a logical error model that is suitable for
/// different programming environments, including REST APIs and RPC APIs.
///
/// It is used by [gRPC](https://github.com/grpc). Each `Status` message
/// contains three pieces of data: error code, error message, and error details.
/// You can find out more about this error model and how to work with it in the
/// [API Design Guide](https://cloud.google.com/apis/design/errors).
typedef Status = $Status00;
/// Subject describes parts of a distinguished name that, in turn, describes the
/// subject of the certificate.
class Subject {
/// The "common name" of the subject.
core.String? commonName;
/// The country code of the subject.
core.String? countryCode;
/// The locality or city of the subject.
core.String? locality;
/// The organization of the subject.
core.String? organization;
/// The organizational_unit of the subject.
core.String? organizationalUnit;
/// The postal code of the subject.
core.String? postalCode;
/// The province, territory, or regional state of the subject.
core.String? province;
/// This field can be used in place of the named subject fields.
core.List<RelativeDistinguishedName>? rdnSequence;
/// The street address of the subject.
core.String? streetAddress;
Subject({
this.commonName,
this.countryCode,
this.locality,
this.organization,
this.organizationalUnit,
this.postalCode,
this.province,
this.rdnSequence,
this.streetAddress,
});
Subject.fromJson(core.Map json_)
: this(
commonName: json_['commonName'] as core.String?,
countryCode: json_['countryCode'] as core.String?,
locality: json_['locality'] as core.String?,
organization: json_['organization'] as core.String?,
organizationalUnit: json_['organizationalUnit'] as core.String?,
postalCode: json_['postalCode'] as core.String?,
province: json_['province'] as core.String?,
rdnSequence: (json_['rdnSequence'] as core.List?)
?.map(
(value) => RelativeDistinguishedName.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
streetAddress: json_['streetAddress'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final commonName = this.commonName;
final countryCode = this.countryCode;
final locality = this.locality;
final organization = this.organization;
final organizationalUnit = this.organizationalUnit;
final postalCode = this.postalCode;
final province = this.province;
final rdnSequence = this.rdnSequence;
final streetAddress = this.streetAddress;
return {
'commonName': ?commonName,
'countryCode': ?countryCode,
'locality': ?locality,
'organization': ?organization,
'organizationalUnit': ?organizationalUnit,
'postalCode': ?postalCode,
'province': ?province,
'rdnSequence': ?rdnSequence,
'streetAddress': ?streetAddress,
};
}
}
/// SubjectAltNames corresponds to a more modern way of listing what the
/// asserted identity is in a certificate (i.e., compared to the "common name"
/// in the distinguished name).
class SubjectAltNames {
/// Contains additional subject alternative name values.
///
/// For each custom_san, the `value` field must contain an ASN.1 encoded
/// UTF8String.
core.List<X509Extension>? customSans;
/// Contains only valid, fully-qualified host names.
core.List<core.String>? dnsNames;
/// Contains only valid RFC 2822 E-mail addresses.
core.List<core.String>? emailAddresses;
/// Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
core.List<core.String>? ipAddresses;
/// Contains only valid RFC 3986 URIs.
core.List<core.String>? uris;
SubjectAltNames({
this.customSans,
this.dnsNames,
this.emailAddresses,
this.ipAddresses,
this.uris,
});
SubjectAltNames.fromJson(core.Map json_)
: this(
customSans: (json_['customSans'] as core.List?)
?.map(
(value) => X509Extension.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
dnsNames: (json_['dnsNames'] as core.List?)
?.map((value) => value as core.String)
.toList(),
emailAddresses: (json_['emailAddresses'] as core.List?)
?.map((value) => value as core.String)
.toList(),
ipAddresses: (json_['ipAddresses'] as core.List?)
?.map((value) => value as core.String)
.toList(),
uris: (json_['uris'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final customSans = this.customSans;
final dnsNames = this.dnsNames;
final emailAddresses = this.emailAddresses;
final ipAddresses = this.ipAddresses;
final uris = this.uris;
return {
'customSans': ?customSans,
'dnsNames': ?dnsNames,
'emailAddresses': ?emailAddresses,
'ipAddresses': ?ipAddresses,
'uris': ?uris,
};
}
}
/// These values are used to create the distinguished name and subject
/// alternative name fields in an X.509 certificate.
class SubjectConfig {
/// Contains distinguished name fields such as the common name, location and
/// organization.
///
/// Optional.
Subject? subject;
/// The subject alternative name fields.
///
/// Optional.
SubjectAltNames? subjectAltName;
SubjectConfig({this.subject, this.subjectAltName});
SubjectConfig.fromJson(core.Map json_)
: this(
subject: json_.containsKey('subject')
? Subject.fromJson(
json_['subject'] as core.Map<core.String, core.dynamic>,
)
: null,
subjectAltName: json_.containsKey('subjectAltName')
? SubjectAltNames.fromJson(
json_['subjectAltName'] as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final subject = this.subject;
final subjectAltName = this.subjectAltName;
return {'subject': ?subject, 'subjectAltName': ?subjectAltName};
}
}
/// These values describe fields in an issued X.509 certificate such as the
/// distinguished name, subject alternative names, serial number, and lifetime.
class SubjectDescription {
/// The serial number encoded in lowercase hexadecimal.
core.String? hexSerialNumber;
/// For convenience, the actual lifetime of an issued certificate.
core.String? lifetime;
/// The time after which the certificate is expired.
///
/// Per RFC 5280, the validity period for a certificate is the period of time
/// from not_before_time through not_after_time, inclusive. Corresponds to
/// 'not_before_time' + 'lifetime' - 1 second.
core.String? notAfterTime;
/// The time at which the certificate becomes valid.
core.String? notBeforeTime;
/// Contains distinguished name fields such as the common name, location and /
/// organization.
Subject? subject;
/// The subject alternative name fields.
SubjectAltNames? subjectAltName;
SubjectDescription({
this.hexSerialNumber,
this.lifetime,
this.notAfterTime,
this.notBeforeTime,
this.subject,
this.subjectAltName,
});
SubjectDescription.fromJson(core.Map json_)
: this(
hexSerialNumber: json_['hexSerialNumber'] as core.String?,
lifetime: json_['lifetime'] as core.String?,
notAfterTime: json_['notAfterTime'] as core.String?,
notBeforeTime: json_['notBeforeTime'] as core.String?,
subject: json_.containsKey('subject')
? Subject.fromJson(
json_['subject'] as core.Map<core.String, core.dynamic>,
)
: null,
subjectAltName: json_.containsKey('subjectAltName')
? SubjectAltNames.fromJson(
json_['subjectAltName'] as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final hexSerialNumber = this.hexSerialNumber;
final lifetime = this.lifetime;
final notAfterTime = this.notAfterTime;
final notBeforeTime = this.notBeforeTime;
final subject = this.subject;
final subjectAltName = this.subjectAltName;
return {
'hexSerialNumber': ?hexSerialNumber,
'lifetime': ?lifetime,
'notAfterTime': ?notAfterTime,
'notBeforeTime': ?notBeforeTime,
'subject': ?subject,
'subjectAltName': ?subjectAltName,
};
}
}
/// Describes a subordinate CA's issuers.
///
/// This is either a resource name to a known issuing CertificateAuthority, or a
/// PEM issuer certificate chain.
class SubordinateConfig {
/// This can refer to a CertificateAuthority that was used to create a
/// subordinate CertificateAuthority.
///
/// This field is used for information and usability purposes only. The
/// resource name is in the format `projects / * /locations / * /caPools / *
/// /certificateAuthorities / * `.
///
/// Required.
core.String? certificateAuthority;
/// Contains the PEM certificate chain for the issuers of this
/// CertificateAuthority, but not pem certificate for this CA itself.
///
/// Required.
SubordinateConfigChain? pemIssuerChain;
SubordinateConfig({this.certificateAuthority, this.pemIssuerChain});
SubordinateConfig.fromJson(core.Map json_)
: this(
certificateAuthority: json_['certificateAuthority'] as core.String?,
pemIssuerChain: json_.containsKey('pemIssuerChain')
? SubordinateConfigChain.fromJson(
json_['pemIssuerChain'] as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final certificateAuthority = this.certificateAuthority;
final pemIssuerChain = this.pemIssuerChain;
return {
'certificateAuthority': ?certificateAuthority,
'pemIssuerChain': ?pemIssuerChain,
};
}
}
/// This message describes a subordinate CA's issuer certificate chain.
///
/// This wrapper exists for compatibility reasons.
class SubordinateConfigChain {
/// Expected to be in leaf-to-root order according to RFC 5246.
///
/// Required.
core.List<core.String>? pemCertificates;
SubordinateConfigChain({this.pemCertificates});
SubordinateConfigChain.fromJson(core.Map json_)
: this(
pemCertificates: (json_['pemCertificates'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final pemCertificates = this.pemCertificates;
return {'pemCertificates': ?pemCertificates};
}
}
/// Request message for `TestIamPermissions` method.
typedef TestIamPermissionsRequest = $TestIamPermissionsRequest00;
/// Response message for `TestIamPermissions` method.
typedef TestIamPermissionsResponse = $PermissionsResponse;
/// Request message for
/// CertificateAuthorityService.UndeleteCertificateAuthority.
typedef UndeleteCertificateAuthorityRequest = $Request03;
/// User-defined URLs for accessing content published by this
/// CertificateAuthority.
class UserDefinedAccessUrls {
/// A list of URLs where the issuer CA certificate may be downloaded, which
/// appears in the "Authority Information Access" extension in the
/// certificate.
///
/// If specified, the default Cloud Storage URLs will be omitted.
///
/// Optional.
core.List<core.String>? aiaIssuingCertificateUrls;
/// A list of URLs where to obtain CRL information, i.e. the
/// DistributionPoint.fullName described by
/// https://tools.ietf.org/html/rfc5280#section-4.2.1.13.
///
/// If specified, the default Cloud Storage URLs will be omitted.
///
/// Optional.
core.List<core.String>? crlAccessUrls;
UserDefinedAccessUrls({this.aiaIssuingCertificateUrls, this.crlAccessUrls});
UserDefinedAccessUrls.fromJson(core.Map json_)
: this(
aiaIssuingCertificateUrls:
(json_['aiaIssuingCertificateUrls'] as core.List?)
?.map((value) => value as core.String)
.toList(),
crlAccessUrls: (json_['crlAccessUrls'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final aiaIssuingCertificateUrls = this.aiaIssuingCertificateUrls;
final crlAccessUrls = this.crlAccessUrls;
return {
'aiaIssuingCertificateUrls': ?aiaIssuingCertificateUrls,
'crlAccessUrls': ?crlAccessUrls,
};
}
}
/// An X509Extension specifies an X.509 extension, which may be used in
/// different parts of X.509 objects like certificates, CSRs, and CRLs.
class X509Extension {
/// Indicates whether or not this extension is critical (i.e., if the client
/// does not know how to handle this extension, the client should consider
/// this to be an error).
///
/// Optional.
core.bool? critical;
/// The OID for this X.509 extension.
///
/// Required.
ObjectId? objectId;
/// The value of this X.509 extension.
///
/// Required.
core.String? value;
core.List<core.int> get valueAsBytes => convert.base64.decode(value!);
set valueAsBytes(core.List<core.int> bytes_) {
value = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
X509Extension({this.critical, this.objectId, this.value});
X509Extension.fromJson(core.Map json_)
: this(
critical: json_['critical'] as core.bool?,
objectId: json_.containsKey('objectId')
? ObjectId.fromJson(
json_['objectId'] as core.Map<core.String, core.dynamic>,
)
: null,
value: json_['value'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final critical = this.critical;
final objectId = this.objectId;
final value = this.value;
return {'critical': ?critical, 'objectId': ?objectId, 'value': ?value};
}
}
/// An X509Parameters is used to describe certain fields of an X.509
/// certificate, such as the key usage fields, fields specific to CA
/// certificates, certificate policy extensions and custom extensions.
class X509Parameters {
/// Describes custom X.509 extensions.
///
/// Optional.
core.List<X509Extension>? additionalExtensions;
/// Describes Online Certificate Status Protocol (OCSP) endpoint addresses
/// that appear in the "Authority Information Access" extension in the
/// certificate.
///
/// Optional.
core.List<core.String>? aiaOcspServers;
/// Describes options in this X509Parameters that are relevant in a CA
/// certificate.
///
/// If not specified, a default basic constraints extension with `is_ca=false`
/// will be added for leaf certificates.
///
/// Optional.
CaOptions? caOptions;
/// Indicates the intended use for keys that correspond to a certificate.
///
/// Optional.
KeyUsage? keyUsage;
/// Describes the X.509 name constraints extension.
///
/// Optional.
NameConstraints? nameConstraints;
/// Describes the X.509 certificate policy object identifiers, per
/// https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
///
/// Optional.
core.List<ObjectId>? policyIds;
X509Parameters({
this.additionalExtensions,
this.aiaOcspServers,
this.caOptions,
this.keyUsage,
this.nameConstraints,
this.policyIds,
});
X509Parameters.fromJson(core.Map json_)
: this(
additionalExtensions: (json_['additionalExtensions'] as core.List?)
?.map(
(value) => X509Extension.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
aiaOcspServers: (json_['aiaOcspServers'] as core.List?)
?.map((value) => value as core.String)
.toList(),
caOptions: json_.containsKey('caOptions')
? CaOptions.fromJson(
json_['caOptions'] as core.Map<core.String, core.dynamic>,
)
: null,
keyUsage: json_.containsKey('keyUsage')
? KeyUsage.fromJson(
json_['keyUsage'] as core.Map<core.String, core.dynamic>,
)
: null,
nameConstraints: json_.containsKey('nameConstraints')
? NameConstraints.fromJson(
json_['nameConstraints'] as core.Map<core.String, core.dynamic>,
)
: null,
policyIds: (json_['policyIds'] as core.List?)
?.map(
(value) => ObjectId.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final additionalExtensions = this.additionalExtensions;
final aiaOcspServers = this.aiaOcspServers;
final caOptions = this.caOptions;
final keyUsage = this.keyUsage;
final nameConstraints = this.nameConstraints;
final policyIds = this.policyIds;
return {
'additionalExtensions': ?additionalExtensions,
'aiaOcspServers': ?aiaOcspServers,
'caOptions': ?caOptions,
'keyUsage': ?keyUsage,
'nameConstraints': ?nameConstraints,
'policyIds': ?policyIds,
};
}
}