diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index 3d2f8282..8807efca 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,16 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. docker: image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest - digest: sha256:a4d7b2cfc6a9d6b378a6b2458740eae15fcab28854bd23dad3a15102d2e47c87 + digest: sha256:7c853edc4136ae8f19f9d46d4569d38de2e446db2eea057f32e412bdba255846 diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index ac72e1c1..f7701e51 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -21,7 +21,7 @@ If you are still having issues, please include as much information as possible: General, Core, and Other are also allowed as types 2. OS type and version: 3. Java version: -4. security-private-ca version(s): +4. version(s): #### Steps to reproduce diff --git a/.github/workflows/approve-readme.yaml b/.github/workflows/approve-readme.yaml index 7513acae..c5132427 100644 --- a/.github/workflows/approve-readme.yaml +++ b/.github/workflows/approve-readme.yaml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'googleapis' && github.head_ref == 'autosynth-readme' steps: - - uses: actions/github-script@v3 + - uses: actions/github-script@v5 with: github-token: ${{secrets.YOSHI_APPROVER_TOKEN}} script: | diff --git a/.github/workflows/auto-release.yaml b/.github/workflows/auto-release.yaml index 9b4fd4d8..59c7cadd 100644 --- a/.github/workflows/auto-release.yaml +++ b/.github/workflows/auto-release.yaml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest if: contains(github.head_ref, 'release-please') steps: - - uses: actions/github-script@v3 + - uses: actions/github-script@v5 with: github-token: ${{secrets.YOSHI_APPROVER_TOKEN}} debug: true diff --git a/.kokoro/build.sh b/.kokoro/build.sh index 9ccc4e11..1a26db84 100755 --- a/.kokoro/build.sh +++ b/.kokoro/build.sh @@ -47,15 +47,15 @@ set +e case ${JOB_TYPE} in test) - mvn test -B -Dclirr.skip=true -Denforcer.skip=true + mvn test -B -ntp -Dclirr.skip=true -Denforcer.skip=true RETURN_CODE=$? ;; lint) - mvn com.coveo:fmt-maven-plugin:check + mvn com.coveo:fmt-maven-plugin:check -B -ntp RETURN_CODE=$? ;; javadoc) - mvn javadoc:javadoc javadoc:test-javadoc + mvn javadoc:javadoc javadoc:test-javadoc -B -ntp RETURN_CODE=$? ;; integration) @@ -71,7 +71,7 @@ integration) ;; graalvm) # Run Unit and Integration Tests with Native Image - mvn -ntp -Pnative -Penable-integration-tests test + mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative -Penable-integration-tests test RETURN_CODE=$? ;; samples) @@ -104,7 +104,7 @@ samples) fi ;; clirr) - mvn -B -Denforcer.skip=true clirr:check + mvn -B -ntp -Denforcer.skip=true clirr:check RETURN_CODE=$? ;; *) diff --git a/.kokoro/nightly/java11-integration.cfg b/.kokoro/nightly/java11-integration.cfg new file mode 100644 index 00000000..58049cc3 --- /dev/null +++ b/.kokoro/nightly/java11-integration.cfg @@ -0,0 +1,37 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +# Configure the docker image for kokoro-trampoline. +env_vars: { + key: "TRAMPOLINE_IMAGE" + value: "gcr.io/cloud-devrel-public-resources/java11014" +} + +env_vars: { + key: "JOB_TYPE" + value: "integration" +} +# TODO: remove this after we've migrated all tests and scripts +env_vars: { + key: "GCLOUD_PROJECT" + value: "gcloud-devel" +} + +env_vars: { + key: "GOOGLE_CLOUD_PROJECT" + value: "gcloud-devel" +} + +env_vars: { + key: "ENABLE_FLAKYBOT" + value: "true" +} + +env_vars: { + key: "GOOGLE_APPLICATION_CREDENTIALS" + value: "secret_manager/java-it-service-account" +} + +env_vars: { + key: "SECRET_MANAGER_KEYS" + value: "java-it-service-account" +} diff --git a/.repo-metadata.json b/.repo-metadata.json index 08501129..801b3c10 100644 --- a/.repo-metadata.json +++ b/.repo-metadata.json @@ -1,10 +1,10 @@ { - "name": "security-private-ca", + "api_shortname": "security-private-ca", "name_pretty": "Certificate Authority Service", "product_documentation": "https://cloud.google.com/certificate-authority-service/docs", "api_description": "simplifies the deployment and management of private CAs without managing infrastructure.", "client_documentation": "https://cloud.google.com/java/docs/reference/google-cloud-security-private-ca/latest/history", - "release_level": "ga", + "release_level": "stable", "transport": "grpc", "language": "java", "repo": "googleapis/java-security-private-ca", diff --git a/CHANGELOG.md b/CHANGELOG.md index 6bf9e779..46a89c28 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,20 @@ # Changelog +### [2.2.3](https://github.com/googleapis/java-security-private-ca/compare/v2.2.2...v2.2.3) (2022-02-03) + + +### Documentation + +* mark CaPool.lifetime as IMMUTABLE docs: add format requirements on `custom_sans` ([#352](https://github.com/googleapis/java-security-private-ca/issues/352)) ([0717859](https://github.com/googleapis/java-security-private-ca/commit/07178595dc099c757f6e15f6349128c74b2b8a21)) + + +### Dependencies + +* **java:** update actions/github-script action to v5 ([#1339](https://github.com/googleapis/java-security-private-ca/issues/1339)) ([#349](https://github.com/googleapis/java-security-private-ca/issues/349)) ([cf03371](https://github.com/googleapis/java-security-private-ca/commit/cf03371296eb974118cd2f876817e995f0e3fc89)) +* update dependency com.google.api.grpc:grpc-google-iam-v1 to v1.2.1 ([#326](https://github.com/googleapis/java-security-private-ca/issues/326)) ([e842575](https://github.com/googleapis/java-security-private-ca/commit/e842575a699623c616985d05e74b0b6d83ba7f3b)) +* update dependency com.google.api.grpc:proto-google-iam-v1 to v1.2.1 ([#327](https://github.com/googleapis/java-security-private-ca/issues/327)) ([845072c](https://github.com/googleapis/java-security-private-ca/commit/845072c79f46f6434a07ce59517b4bb90f115d78)) +* update dependency com.google.cloud:google-cloud-shared-dependencies to v2.7.0 ([#351](https://github.com/googleapis/java-security-private-ca/issues/351)) ([2045348](https://github.com/googleapis/java-security-private-ca/commit/2045348cf5d0f3f9be99dc9150f93e23c5fe24a0)) + ### [2.2.2](https://www.github.com/googleapis/java-security-private-ca/compare/v2.2.1...v2.2.2) (2022-01-07) diff --git a/README.md b/README.md index 0257dd05..ef76876f 100644 --- a/README.md +++ b/README.md @@ -19,20 +19,20 @@ If you are using Maven, add this to your pom.xml file: com.google.cloud google-cloud-security-private-ca - 2.2.1 + 2.2.2 ``` If you are using Gradle without BOM, add this to your dependencies ```Groovy -implementation 'com.google.cloud:google-cloud-security-private-ca:2.2.1' +implementation 'com.google.cloud:google-cloud-security-private-ca:2.2.2' ``` If you are using SBT, add this to your dependencies ```Scala -libraryDependencies += "com.google.cloud" % "google-cloud-security-private-ca" % "2.2.1" +libraryDependencies += "com.google.cloud" % "google-cloud-security-private-ca" % "2.2.2" ``` ## Authentication @@ -200,7 +200,7 @@ Java is a registered trademark of Oracle and/or its affiliates. [kokoro-badge-link-4]: http://storage.googleapis.com/cloud-devrel-public/java/badges/java-security-private-ca/java8-win.html [kokoro-badge-image-5]: http://storage.googleapis.com/cloud-devrel-public/java/badges/java-security-private-ca/java11.svg [kokoro-badge-link-5]: http://storage.googleapis.com/cloud-devrel-public/java/badges/java-security-private-ca/java11.html -[stability-image]: https://img.shields.io/badge/stability-ga-green +[stability-image]: https://img.shields.io/badge/stability-stable-green [maven-version-image]: https://img.shields.io/maven-central/v/com.google.cloud/google-cloud-security-private-ca.svg [maven-version-link]: https://search.maven.org/search?q=g:com.google.cloud%20AND%20a:google-cloud-security-private-ca&core=gav [authentication]: https://github.com/googleapis/google-cloud-java#authentication diff --git a/google-cloud-security-private-ca-bom/pom.xml b/google-cloud-security-private-ca-bom/pom.xml index ed0c3336..efbc940f 100644 --- a/google-cloud-security-private-ca-bom/pom.xml +++ b/google-cloud-security-private-ca-bom/pom.xml @@ -3,12 +3,12 @@ 4.0.0 com.google.cloud google-cloud-security-private-ca-bom - 2.2.2 + 2.2.3 pom com.google.cloud google-cloud-shared-config - 1.2.4 + 1.2.6 Google Certificate Authority Service BOM @@ -57,27 +57,27 @@ com.google.cloud google-cloud-security-private-ca - 2.2.2 + 2.2.3 com.google.api.grpc grpc-google-cloud-security-private-ca-v1beta1 - 0.9.2 + 0.9.3 com.google.api.grpc grpc-google-cloud-security-private-ca-v1 - 2.2.2 + 2.2.3 com.google.api.grpc proto-google-cloud-security-private-ca-v1beta1 - 0.9.2 + 0.9.3 com.google.api.grpc proto-google-cloud-security-private-ca-v1 - 2.2.2 + 2.2.3 diff --git a/google-cloud-security-private-ca/pom.xml b/google-cloud-security-private-ca/pom.xml index e69281c8..370cbccd 100644 --- a/google-cloud-security-private-ca/pom.xml +++ b/google-cloud-security-private-ca/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.google.cloud google-cloud-security-private-ca - 2.2.2 + 2.2.3 jar Google Certificate Authority Service https://github.com/googleapis/java-security-private-ca @@ -11,7 +11,7 @@ com.google.cloud google-cloud-security-private-ca-parent - 2.2.2 + 2.2.3 google-cloud-security-private-ca diff --git a/grpc-google-cloud-security-private-ca-v1/pom.xml b/grpc-google-cloud-security-private-ca-v1/pom.xml index 66dc5fe1..ddf88bf7 100644 --- a/grpc-google-cloud-security-private-ca-v1/pom.xml +++ b/grpc-google-cloud-security-private-ca-v1/pom.xml @@ -4,13 +4,13 @@ 4.0.0 com.google.api.grpc grpc-google-cloud-security-private-ca-v1 - 2.2.2 + 2.2.3 grpc-google-cloud-security-private-ca-v1 GRPC library for google-cloud-security-private-ca com.google.cloud google-cloud-security-private-ca-parent - 2.2.2 + 2.2.3 diff --git a/grpc-google-cloud-security-private-ca-v1beta1/pom.xml b/grpc-google-cloud-security-private-ca-v1beta1/pom.xml index 11314602..758cdfb5 100644 --- a/grpc-google-cloud-security-private-ca-v1beta1/pom.xml +++ b/grpc-google-cloud-security-private-ca-v1beta1/pom.xml @@ -4,13 +4,13 @@ 4.0.0 com.google.api.grpc grpc-google-cloud-security-private-ca-v1beta1 - 0.9.2 + 0.9.3 grpc-google-cloud-security-private-ca-v1beta1 GRPC library for google-cloud-security-private-ca com.google.cloud google-cloud-security-private-ca-parent - 2.2.2 + 2.2.3 diff --git a/pom.xml b/pom.xml index 50364ebc..20793ee9 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ com.google.cloud google-cloud-security-private-ca-parent pom - 2.2.2 + 2.2.3 Google Certificate Authority Service Parent https://github.com/googleapis/java- @@ -14,7 +14,7 @@ com.google.cloud google-cloud-shared-config - 1.2.4 + 1.2.6 @@ -61,44 +61,44 @@ com.google.cloud google-cloud-security-private-ca - 2.2.2 + 2.2.3 com.google.api.grpc proto-google-cloud-security-private-ca-v1 - 2.2.2 + 2.2.3 com.google.api.grpc grpc-google-cloud-security-private-ca-v1 - 2.2.2 + 2.2.3 com.google.api.grpc proto-google-cloud-security-private-ca-v1beta1 - 0.9.2 + 0.9.3 com.google.api.grpc grpc-google-cloud-security-private-ca-v1beta1 - 0.9.2 + 0.9.3 com.google.api.grpc proto-google-iam-v1 - 1.1.7 + 1.2.1 com.google.api.grpc grpc-google-iam-v1 - 1.1.7 + 1.2.1 com.google.cloud google-cloud-shared-dependencies - 2.6.0 + 2.7.0 pom import diff --git a/proto-google-cloud-security-private-ca-v1/pom.xml b/proto-google-cloud-security-private-ca-v1/pom.xml index b49cc57f..7cb070b0 100644 --- a/proto-google-cloud-security-private-ca-v1/pom.xml +++ b/proto-google-cloud-security-private-ca-v1/pom.xml @@ -4,13 +4,13 @@ 4.0.0 com.google.api.grpc proto-google-cloud-security-private-ca-v1 - 2.2.2 + 2.2.3 proto-google-cloud-security-private-ca-v1 Proto library for google-cloud-security-private-ca com.google.cloud google-cloud-security-private-ca-parent - 2.2.2 + 2.2.3 diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java index f23cbb2d..69bdf9bc 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java @@ -1863,9 +1863,9 @@ public interface RsaKeyTypeOrBuilder * * * 
-         * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
-         * or if set to zero, the service-level min RSA modulus size will
-         * continue to apply.
+         * Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
+         * not set, or if set to zero, the service-level min RSA modulus size
+         * will continue to apply.
          *
* * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL]; @@ -1878,9 +1878,9 @@ public interface RsaKeyTypeOrBuilder * * * 
-         * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
-         * or if set to zero, the service will not enforce an explicit upper
-         * bound on RSA modulus sizes.
+         * Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
+         * not set, or if set to zero, the service will not enforce an explicit
+         * upper bound on RSA modulus sizes.
          *
* * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL]; @@ -1994,9 +1994,9 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { * * * 
-         * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
-         * or if set to zero, the service-level min RSA modulus size will
-         * continue to apply.
+         * Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
+         * not set, or if set to zero, the service-level min RSA modulus size
+         * will continue to apply.
          *
* * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL]; @@ -2014,9 +2014,9 @@ public long getMinModulusSize() { * * * 
-         * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
-         * or if set to zero, the service will not enforce an explicit upper
-         * bound on RSA modulus sizes.
+         * Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
+         * not set, or if set to zero, the service will not enforce an explicit
+         * upper bound on RSA modulus sizes.
          *
* * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL]; @@ -2428,9 +2428,9 @@ public Builder mergeFrom( * * * 
-           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service-level min RSA modulus size will
-           * continue to apply.
+           * Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
+           * not set, or if set to zero, the service-level min RSA modulus size
+           * will continue to apply.
            *
* * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL]; @@ -2445,9 +2445,9 @@ public long getMinModulusSize() { * * * 
-           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service-level min RSA modulus size will
-           * continue to apply.
+           * Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
+           * not set, or if set to zero, the service-level min RSA modulus size
+           * will continue to apply.
            *
* * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL]; @@ -2465,9 +2465,9 @@ public Builder setMinModulusSize(long value) { * * * 
-           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service-level min RSA modulus size will
-           * continue to apply.
+           * Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
+           * not set, or if set to zero, the service-level min RSA modulus size
+           * will continue to apply.
            *
* * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL]; @@ -2486,9 +2486,9 @@ public Builder clearMinModulusSize() { * * * 
-           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service will not enforce an explicit upper
-           * bound on RSA modulus sizes.
+           * Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
+           * not set, or if set to zero, the service will not enforce an explicit
+           * upper bound on RSA modulus sizes.
            *
* * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL]; @@ -2503,9 +2503,9 @@ public long getMaxModulusSize() { * * * 
-           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service will not enforce an explicit upper
-           * bound on RSA modulus sizes.
+           * Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
+           * not set, or if set to zero, the service will not enforce an explicit
+           * upper bound on RSA modulus sizes.
            *
* * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL]; @@ -2523,9 +2523,9 @@ public Builder setMaxModulusSize(long value) { * * * 
-           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service will not enforce an explicit upper
-           * bound on RSA modulus sizes.
+           * Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
+           * not set, or if set to zero, the service will not enforce an explicit
+           * upper bound on RSA modulus sizes.
            *
* * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL]; diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthority.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthority.java index cd2e0cf9..758823f3 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthority.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthority.java @@ -772,7 +772,7 @@ private State(int value) { * [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] * values. For RSA signing algorithms, the PSS algorithms should be preferred, * use PKCS1 algorithms if required for compatibility. For further - * recommandations, see + * recommendations, see * https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations. * * @@ -3410,12 +3410,14 @@ public com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder getConf * * * 
-   * Required. The desired lifetime of the CA certificate. Used to create the
+   * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
    * "not_before_time" and "not_after_time" fields inside an X.509
    * certificate.
    *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; + * * * @return Whether the lifetime field is set. */ @@ -3427,12 +3429,14 @@ public boolean hasLifetime() { * * * 
-   * Required. The desired lifetime of the CA certificate. Used to create the
+   * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
    * "not_before_time" and "not_after_time" fields inside an X.509
    * certificate.
    *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; + * * * @return The lifetime. */ @@ -3444,12 +3448,14 @@ public com.google.protobuf.Duration getLifetime() { * * * 
-   * Required. The desired lifetime of the CA certificate. Used to create the
+   * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
    * "not_before_time" and "not_after_time" fields inside an X.509
    * certificate.
    *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; + * */ @java.lang.Override public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() { @@ -5457,12 +5463,13 @@ public com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder getConf * * * 
-     * Required. The desired lifetime of the CA certificate. Used to create the
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
      * "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; * * * @return Whether the lifetime field is set. @@ -5474,12 +5481,13 @@ public boolean hasLifetime() { * * * 
-     * Required. The desired lifetime of the CA certificate. Used to create the
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
      * "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; * * * @return The lifetime. @@ -5495,12 +5503,13 @@ public com.google.protobuf.Duration getLifetime() { * * * 
-     * Required. The desired lifetime of the CA certificate. Used to create the
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
      * "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; * */ public Builder setLifetime(com.google.protobuf.Duration value) { @@ -5520,12 +5529,13 @@ public Builder setLifetime(com.google.protobuf.Duration value) { * * * 
-     * Required. The desired lifetime of the CA certificate. Used to create the
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
      * "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; * */ public Builder setLifetime(com.google.protobuf.Duration.Builder builderForValue) { @@ -5542,12 +5552,13 @@ public Builder setLifetime(com.google.protobuf.Duration.Builder builderForValue) * * * 
-     * Required. The desired lifetime of the CA certificate. Used to create the
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
      * "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; * */ public Builder mergeLifetime(com.google.protobuf.Duration value) { @@ -5569,12 +5580,13 @@ public Builder mergeLifetime(com.google.protobuf.Duration value) { * * * 
-     * Required. The desired lifetime of the CA certificate. Used to create the
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
      * "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; * */ public Builder clearLifetime() { @@ -5592,12 +5604,13 @@ public Builder clearLifetime() { * * * 
-     * Required. The desired lifetime of the CA certificate. Used to create the
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
      * "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; * */ public com.google.protobuf.Duration.Builder getLifetimeBuilder() { @@ -5609,12 +5622,13 @@ public com.google.protobuf.Duration.Builder getLifetimeBuilder() { * * * 
-     * Required. The desired lifetime of the CA certificate. Used to create the
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
      * "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; * */ public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() { @@ -5628,12 +5642,13 @@ public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() { * * * 
-     * Required. The desired lifetime of the CA certificate. Used to create the
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
      * "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; * */ private com.google.protobuf.SingleFieldBuilderV3< diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityOrBuilder.java index 767d6338..7b2d1a94 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityOrBuilder.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityOrBuilder.java @@ -124,12 +124,14 @@ public interface CertificateAuthorityOrBuilder * * * 
-   * Required. The desired lifetime of the CA certificate. Used to create the
+   * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
    * "not_before_time" and "not_after_time" fields inside an X.509
    * certificate.
    *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; + * * * @return Whether the lifetime field is set. */ @@ -138,12 +140,14 @@ public interface CertificateAuthorityOrBuilder * * * 
-   * Required. The desired lifetime of the CA certificate. Used to create the
+   * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
    * "not_before_time" and "not_after_time" fields inside an X.509
    * certificate.
    *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; + * * * @return The lifetime. */ @@ -152,12 +156,14 @@ public interface CertificateAuthorityOrBuilder * * * 
-   * Required. The desired lifetime of the CA certificate. Used to create the
+   * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
    * "not_before_time" and "not_after_time" fields inside an X.509
    * certificate.
    *
* - * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED]; + * + * .google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE]; + * */ com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder(); diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java index 29a60edf..54336924 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java @@ -331,11 +331,11 @@ public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificat * retry your request, the server will know to ignore the request if it has * already been completed. The server will guarantee that for at least 60 * minutes since the first request. - * For example, consider a situation where you make an initial request and t - * he request times out. If you make the request again with the same request - * ID, the server can check if original operation with the same request ID - * was received, and if so, will ignore the second request. This prevents - * clients from accidentally creating duplicate commitments. + * For example, consider a situation where you make an initial request and the + * request times out. If you make the request again with the same request ID, + * the server can check if original operation with the same request ID was + * received, and if so, will ignore the second request. This prevents clients + * from accidentally creating duplicate commitments. * The request ID must be a valid UUID with the exception that zero UUID is * not supported (00000000-0000-0000-0000-000000000000). * @@ -364,11 +364,11 @@ public java.lang.String getRequestId() { * retry your request, the server will know to ignore the request if it has * already been completed. The server will guarantee that for at least 60 * minutes since the first request. - * For example, consider a situation where you make an initial request and t - * he request times out. If you make the request again with the same request - * ID, the server can check if original operation with the same request ID - * was received, and if so, will ignore the second request. This prevents - * clients from accidentally creating duplicate commitments. + * For example, consider a situation where you make an initial request and the + * request times out. If you make the request again with the same request ID, + * the server can check if original operation with the same request ID was + * received, and if so, will ignore the second request. This prevents clients + * from accidentally creating duplicate commitments. * The request ID must be a valid UUID with the exception that zero UUID is * not supported (00000000-0000-0000-0000-000000000000). * @@ -1353,11 +1353,11 @@ public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificat * retry your request, the server will know to ignore the request if it has * already been completed. The server will guarantee that for at least 60 * minutes since the first request. - * For example, consider a situation where you make an initial request and t - * he request times out. If you make the request again with the same request - * ID, the server can check if original operation with the same request ID - * was received, and if so, will ignore the second request. This prevents - * clients from accidentally creating duplicate commitments. + * For example, consider a situation where you make an initial request and the + * request times out. If you make the request again with the same request ID, + * the server can check if original operation with the same request ID was + * received, and if so, will ignore the second request. This prevents clients + * from accidentally creating duplicate commitments. * The request ID must be a valid UUID with the exception that zero UUID is * not supported (00000000-0000-0000-0000-000000000000). * @@ -1385,11 +1385,11 @@ public java.lang.String getRequestId() { * retry your request, the server will know to ignore the request if it has * already been completed. The server will guarantee that for at least 60 * minutes since the first request. - * For example, consider a situation where you make an initial request and t - * he request times out. If you make the request again with the same request - * ID, the server can check if original operation with the same request ID - * was received, and if so, will ignore the second request. This prevents - * clients from accidentally creating duplicate commitments. + * For example, consider a situation where you make an initial request and the + * request times out. If you make the request again with the same request ID, + * the server can check if original operation with the same request ID was + * received, and if so, will ignore the second request. This prevents clients + * from accidentally creating duplicate commitments. * The request ID must be a valid UUID with the exception that zero UUID is * not supported (00000000-0000-0000-0000-000000000000). * @@ -1417,11 +1417,11 @@ public com.google.protobuf.ByteString getRequestIdBytes() { * retry your request, the server will know to ignore the request if it has * already been completed. The server will guarantee that for at least 60 * minutes since the first request. - * For example, consider a situation where you make an initial request and t - * he request times out. If you make the request again with the same request - * ID, the server can check if original operation with the same request ID - * was received, and if so, will ignore the second request. This prevents - * clients from accidentally creating duplicate commitments. + * For example, consider a situation where you make an initial request and the + * request times out. If you make the request again with the same request ID, + * the server can check if original operation with the same request ID was + * received, and if so, will ignore the second request. This prevents clients + * from accidentally creating duplicate commitments. * The request ID must be a valid UUID with the exception that zero UUID is * not supported (00000000-0000-0000-0000-000000000000). * @@ -1448,11 +1448,11 @@ public Builder setRequestId(java.lang.String value) { * retry your request, the server will know to ignore the request if it has * already been completed. The server will guarantee that for at least 60 * minutes since the first request. - * For example, consider a situation where you make an initial request and t - * he request times out. If you make the request again with the same request - * ID, the server can check if original operation with the same request ID - * was received, and if so, will ignore the second request. This prevents - * clients from accidentally creating duplicate commitments. + * For example, consider a situation where you make an initial request and the + * request times out. If you make the request again with the same request ID, + * the server can check if original operation with the same request ID was + * received, and if so, will ignore the second request. This prevents clients + * from accidentally creating duplicate commitments. * The request ID must be a valid UUID with the exception that zero UUID is * not supported (00000000-0000-0000-0000-000000000000). * @@ -1475,11 +1475,11 @@ public Builder clearRequestId() { * retry your request, the server will know to ignore the request if it has * already been completed. The server will guarantee that for at least 60 * minutes since the first request. - * For example, consider a situation where you make an initial request and t - * he request times out. If you make the request again with the same request - * ID, the server can check if original operation with the same request ID - * was received, and if so, will ignore the second request. This prevents - * clients from accidentally creating duplicate commitments. + * For example, consider a situation where you make an initial request and the + * request times out. If you make the request again with the same request ID, + * the server can check if original operation with the same request ID was + * received, and if so, will ignore the second request. This prevents clients + * from accidentally creating duplicate commitments. * The request ID must be a valid UUID with the exception that zero UUID is * not supported (00000000-0000-0000-0000-000000000000). * diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java index 27440c2a..b2ee534f 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java @@ -134,11 +134,11 @@ public interface CreateCertificateRequestOrBuilder * retry your request, the server will know to ignore the request if it has * already been completed. The server will guarantee that for at least 60 * minutes since the first request. - * For example, consider a situation where you make an initial request and t - * he request times out. If you make the request again with the same request - * ID, the server can check if original operation with the same request ID - * was received, and if so, will ignore the second request. This prevents - * clients from accidentally creating duplicate commitments. + * For example, consider a situation where you make an initial request and the + * request times out. If you make the request again with the same request ID, + * the server can check if original operation with the same request ID was + * received, and if so, will ignore the second request. This prevents clients + * from accidentally creating duplicate commitments. * The request ID must be a valid UUID with the exception that zero UUID is * not supported (00000000-0000-0000-0000-000000000000). * @@ -156,11 +156,11 @@ public interface CreateCertificateRequestOrBuilder * retry your request, the server will know to ignore the request if it has * already been completed. The server will guarantee that for at least 60 * minutes since the first request. - * For example, consider a situation where you make an initial request and t - * he request times out. If you make the request again with the same request - * ID, the server can check if original operation with the same request ID - * was received, and if so, will ignore the second request. This prevents - * clients from accidentally creating duplicate commitments. + * For example, consider a situation where you make an initial request and the + * request times out. If you make the request again with the same request ID, + * the server can check if original operation with the same request ID was + * received, and if so, will ignore the second request. This prevents clients + * from accidentally creating duplicate commitments. * The request ID must be a valid UUID with the exception that zero UUID is * not supported (00000000-0000-0000-0000-000000000000). * diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java index 3896931f..85c9030e 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java @@ -198,324 +198,324 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() { java.lang.String[] descriptorData = { "\n2google/cloud/security/privateca/v1/res" + "ources.proto\022\"google.cloud.security.priv" - + "ateca.v1\032\037google/api/field_behavior.prot" - + "o\032\031google/api/resource.proto\032\036google/pro" - + "tobuf/duration.proto\032\037google/protobuf/ti" - + "mestamp.proto\032\026google/type/expr.proto\032\034g" - + "oogle/api/annotations.proto\"\362\017\n\024Certific" + + "ateca.v1\032\034google/api/annotations.proto\032\037" + + "google/api/field_behavior.proto\032\031google/" + + "api/resource.proto\032\036google/protobuf/dura" + + "tion.proto\032\037google/protobuf/timestamp.pr" + + "oto\032\026google/type/expr.proto\"\365\017\n\024Certific" + "ateAuthority\022\021\n\004name\030\001 \001(\tB\003\340A\003\022S\n\004type\030" + "\002 \001(\0162=.google.cloud.security.privateca." + "v1.CertificateAuthority.TypeB\006\340A\002\340A\005\022M\n\006" + "config\030\003 \001(\01325.google.cloud.security.pri" - + "vateca.v1.CertificateConfigB\006\340A\002\340A\005\0220\n\010l" + + "vateca.v1.CertificateConfigB\006\340A\002\340A\005\0223\n\010l" + "ifetime\030\004 \001(\0132\031.google.protobuf.Duration" - + "B\003\340A\002\022a\n\010key_spec\030\005 \001(\0132G.google.cloud.s" - + "ecurity.privateca.v1.CertificateAuthorit" - + "y.KeyVersionSpecB\006\340A\002\340A\005\022V\n\022subordinate_" - + "config\030\006 \001(\01325.google.cloud.security.pri" - + "vateca.v1.SubordinateConfigB\003\340A\001\022B\n\004tier" - + "\030\007 \001(\0162/.google.cloud.security.privateca" - + ".v1.CaPool.TierB\003\340A\003\022R\n\005state\030\010 \001(\0162>.go" + + "B\006\340A\002\340A\005\022a\n\010key_spec\030\005 \001(\0132G.google.clou" + + "d.security.privateca.v1.CertificateAutho" + + "rity.KeyVersionSpecB\006\340A\002\340A\005\022V\n\022subordina" + + "te_config\030\006 \001(\01325.google.cloud.security." + + "privateca.v1.SubordinateConfigB\003\340A\001\022B\n\004t" + + "ier\030\007 \001(\0162/.google.cloud.security.privat" + + "eca.v1.CaPool.TierB\003\340A\003\022R\n\005state\030\010 \001(\0162>" + + ".google.cloud.security.privateca.v1.Cert" + + "ificateAuthority.StateB\003\340A\003\022 \n\023pem_ca_ce" + + "rtificates\030\t \003(\tB\003\340A\003\022d\n\033ca_certificate_" + + "descriptions\030\n \003(\0132:.google.cloud.securi" + + "ty.privateca.v1.CertificateDescriptionB\003" + + "\340A\003\022\027\n\ngcs_bucket\030\013 \001(\tB\003\340A\005\022]\n\013access_u" + + "rls\030\014 \001(\0132C.google.cloud.security.privat" + + "eca.v1.CertificateAuthority.AccessUrlsB\003" + + "\340A\003\0224\n\013create_time\030\r \001(\0132\032.google.protob" + + "uf.TimestampB\003\340A\003\0224\n\013update_time\030\016 \001(\0132\032" + + ".google.protobuf.TimestampB\003\340A\003\0224\n\013delet" + + "e_time\030\017 \001(\0132\032.google.protobuf.Timestamp" + + "B\003\340A\003\0224\n\013expire_time\030\020 \001(\0132\032.google.prot" + + "obuf.TimestampB\003\340A\003\022Y\n\006labels\030\021 \003(\0132D.go" + "ogle.cloud.security.privateca.v1.Certifi" - + "cateAuthority.StateB\003\340A\003\022 \n\023pem_ca_certi" - + "ficates\030\t \003(\tB\003\340A\003\022d\n\033ca_certificate_des" - + "criptions\030\n \003(\0132:.google.cloud.security." - + "privateca.v1.CertificateDescriptionB\003\340A\003" - + "\022\027\n\ngcs_bucket\030\013 \001(\tB\003\340A\005\022]\n\013access_urls" - + "\030\014 \001(\0132C.google.cloud.security.privateca" - + ".v1.CertificateAuthority.AccessUrlsB\003\340A\003" - + "\0224\n\013create_time\030\r \001(\0132\032.google.protobuf." - + "TimestampB\003\340A\003\0224\n\013update_time\030\016 \001(\0132\032.go" - + "ogle.protobuf.TimestampB\003\340A\003\0224\n\013delete_t" - + "ime\030\017 \001(\0132\032.google.protobuf.TimestampB\003\340" - + "A\003\0224\n\013expire_time\030\020 \001(\0132\032.google.protobu" - + "f.TimestampB\003\340A\003\022Y\n\006labels\030\021 \003(\0132D.googl" + + "cateAuthority.LabelsEntryB\003\340A\001\032H\n\nAccess" + + "Urls\022!\n\031ca_certificate_access_url\030\001 \001(\t\022" + + "\027\n\017crl_access_urls\030\002 \003(\t\032\240\001\n\016KeyVersionS" + + "pec\022\037\n\025cloud_kms_key_version\030\001 \001(\tH\000\022_\n\t" + + "algorithm\030\002 \001(\0162J.google.cloud.security." + + "privateca.v1.CertificateAuthority.SignHa" + + "shAlgorithmH\000B\014\n\nKeyVersion\032-\n\013LabelsEnt" + + "ry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\">\n\004Ty" + + "pe\022\024\n\020TYPE_UNSPECIFIED\020\000\022\017\n\013SELF_SIGNED\020" + + "\001\022\017\n\013SUBORDINATE\020\002\"p\n\005State\022\025\n\021STATE_UNS" + + "PECIFIED\020\000\022\013\n\007ENABLED\020\001\022\014\n\010DISABLED\020\002\022\n\n" + + "\006STAGED\020\003\022\034\n\030AWAITING_USER_ACTIVATION\020\004\022" + + "\013\n\007DELETED\020\005\"\374\001\n\021SignHashAlgorithm\022#\n\037SI" + + "GN_HASH_ALGORITHM_UNSPECIFIED\020\000\022\027\n\023RSA_P" + + "SS_2048_SHA256\020\001\022\027\n\023RSA_PSS_3072_SHA256\020" + + "\002\022\027\n\023RSA_PSS_4096_SHA256\020\003\022\031\n\025RSA_PKCS1_" + + "2048_SHA256\020\006\022\031\n\025RSA_PKCS1_3072_SHA256\020\007" + + "\022\031\n\025RSA_PKCS1_4096_SHA256\020\010\022\022\n\016EC_P256_S" + + "HA256\020\004\022\022\n\016EC_P384_SHA384\020\005:\235\001\352A\231\001\n-priv" + + "ateca.googleapis.com/CertificateAuthorit" + + "y\022hprojects/{project}/locations/{locatio" + + "n}/caPools/{ca_pool}/certificateAuthorit" + + "ies/{certificate_authority}\"\360\016\n\006CaPool\022\021" + + "\n\004name\030\001 \001(\tB\003\340A\003\022E\n\004tier\030\002 \001(\0162/.google" + + ".cloud.security.privateca.v1.CaPool.Tier" + + "B\006\340A\002\340A\005\022W\n\017issuance_policy\030\003 \001(\01329.goog" + + "le.cloud.security.privateca.v1.CaPool.Is" + + "suancePolicyB\003\340A\001\022]\n\022publishing_options\030" + + "\004 \001(\0132<.google.cloud.security.privateca." + + "v1.CaPool.PublishingOptionsB\003\340A\001\022K\n\006labe" + + "ls\030\005 \003(\01326.google.cloud.security.private" + + "ca.v1.CaPool.LabelsEntryB\003\340A\001\032K\n\021Publish" + + "ingOptions\022\034\n\017publish_ca_cert\030\001 \001(\010B\003\340A\001" + + "\022\030\n\013publish_crl\030\002 \001(\010B\003\340A\001\032\357\t\n\016IssuanceP" + + "olicy\022h\n\021allowed_key_types\030\001 \003(\0132H.googl" + + "e.cloud.security.privateca.v1.CaPool.Iss" + + "uancePolicy.AllowedKeyTypeB\003\340A\001\0228\n\020maxim" + + "um_lifetime\030\002 \001(\0132\031.google.protobuf.Dura" + + "tionB\003\340A\001\022l\n\026allowed_issuance_modes\030\003 \001(" + + "\0132G.google.cloud.security.privateca.v1.C" + + "aPool.IssuancePolicy.IssuanceModesB\003\340A\001\022" + + "P\n\017baseline_values\030\004 \001(\01322.google.cloud." + + "security.privateca.v1.X509ParametersB\003\340A" + + "\001\022e\n\024identity_constraints\030\005 \001(\0132B.google" + + ".cloud.security.privateca.v1.Certificate" + + "IdentityConstraintsB\003\340A\001\022h\n\026passthrough_" + + "extensions\030\006 \001(\0132C.google.cloud.security" + + ".privateca.v1.CertificateExtensionConstr" + + "aintsB\003\340A\001\032\305\004\n\016AllowedKeyType\022b\n\003rsa\030\001 \001" + + "(\0132S.google.cloud.security.privateca.v1." + + "CaPool.IssuancePolicy.AllowedKeyType.Rsa" + + "KeyTypeH\000\022l\n\016elliptic_curve\030\002 \001(\0132R.goog" + + "le.cloud.security.privateca.v1.CaPool.Is" + + "suancePolicy.AllowedKeyType.EcKeyTypeH\000\032" + + "J\n\nRsaKeyType\022\035\n\020min_modulus_size\030\001 \001(\003B" + + "\003\340A\001\022\035\n\020max_modulus_size\030\002 \001(\003B\003\340A\001\032\210\002\n\t" + + "EcKeyType\022\211\001\n\023signature_algorithm\030\001 \001(\0162" + + "g.google.cloud.security.privateca.v1.CaP" + + "ool.IssuancePolicy.AllowedKeyType.EcKeyT" + + "ype.EcSignatureAlgorithmB\003\340A\001\"o\n\024EcSigna" + + "tureAlgorithm\022&\n\"EC_SIGNATURE_ALGORITHM_" + + "UNSPECIFIED\020\000\022\016\n\nECDSA_P256\020\001\022\016\n\nECDSA_P" + + "384\020\002\022\017\n\013EDDSA_25519\020\003B\n\n\010key_type\032`\n\rIs" + + "suanceModes\022%\n\030allow_csr_based_issuance\030" + + "\001 \001(\010B\003\340A\001\022(\n\033allow_config_based_issuanc" + + "e\030\002 \001(\010B\003\340A\001\032-\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t" + + "\022\r\n\005value\030\002 \001(\t:\0028\001\"8\n\004Tier\022\024\n\020TIER_UNSP" + + "ECIFIED\020\000\022\016\n\nENTERPRISE\020\001\022\n\n\006DEVOPS\020\002:_\352" + + "A\\\n\037privateca.googleapis.com/CaPool\0229pro" + + "jects/{project}/locations/{location}/caP" + + "ools/{ca_pool}\"\274\010\n\031CertificateRevocation" + + "List\022\021\n\004name\030\001 \001(\tB\003\340A\003\022\034\n\017sequence_numb" + + "er\030\002 \001(\003B\003\340A\003\022s\n\024revoked_certificates\030\003 " + + "\003(\0132P.google.cloud.security.privateca.v1" + + ".CertificateRevocationList.RevokedCertif" + + "icateB\003\340A\003\022\024\n\007pem_crl\030\004 \001(\tB\003\340A\003\022\027\n\nacce" + + "ss_url\030\005 \001(\tB\003\340A\003\022W\n\005state\030\006 \001(\0162C.googl" + "e.cloud.security.privateca.v1.Certificat" - + "eAuthority.LabelsEntryB\003\340A\001\032H\n\nAccessUrl" - + "s\022!\n\031ca_certificate_access_url\030\001 \001(\t\022\027\n\017" - + "crl_access_urls\030\002 \003(\t\032\240\001\n\016KeyVersionSpec" - + "\022\037\n\025cloud_kms_key_version\030\001 \001(\tH\000\022_\n\talg" - + "orithm\030\002 \001(\0162J.google.cloud.security.pri" - + "vateca.v1.CertificateAuthority.SignHashA" - + "lgorithmH\000B\014\n\nKeyVersion\032-\n\013LabelsEntry\022" - + "\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\">\n\004Type\022" - + "\024\n\020TYPE_UNSPECIFIED\020\000\022\017\n\013SELF_SIGNED\020\001\022\017" - + "\n\013SUBORDINATE\020\002\"p\n\005State\022\025\n\021STATE_UNSPEC" - + "IFIED\020\000\022\013\n\007ENABLED\020\001\022\014\n\010DISABLED\020\002\022\n\n\006ST" - + "AGED\020\003\022\034\n\030AWAITING_USER_ACTIVATION\020\004\022\013\n\007" - + "DELETED\020\005\"\374\001\n\021SignHashAlgorithm\022#\n\037SIGN_" - + "HASH_ALGORITHM_UNSPECIFIED\020\000\022\027\n\023RSA_PSS_" - + "2048_SHA256\020\001\022\027\n\023RSA_PSS_3072_SHA256\020\002\022\027" - + "\n\023RSA_PSS_4096_SHA256\020\003\022\031\n\025RSA_PKCS1_204" - + "8_SHA256\020\006\022\031\n\025RSA_PKCS1_3072_SHA256\020\007\022\031\n" - + "\025RSA_PKCS1_4096_SHA256\020\010\022\022\n\016EC_P256_SHA2" - + "56\020\004\022\022\n\016EC_P384_SHA384\020\005:\235\001\352A\231\001\n-private" - + "ca.googleapis.com/CertificateAuthority\022h" - + "projects/{project}/locations/{location}/" - + "caPools/{ca_pool}/certificateAuthorities" - + "/{certificate_authority}\"\360\016\n\006CaPool\022\021\n\004n" - + "ame\030\001 \001(\tB\003\340A\003\022E\n\004tier\030\002 \001(\0162/.google.cl" - + "oud.security.privateca.v1.CaPool.TierB\006\340" - + "A\002\340A\005\022W\n\017issuance_policy\030\003 \001(\01329.google." - + "cloud.security.privateca.v1.CaPool.Issua" - + "ncePolicyB\003\340A\001\022]\n\022publishing_options\030\004 \001" - + "(\0132<.google.cloud.security.privateca.v1." - + "CaPool.PublishingOptionsB\003\340A\001\022K\n\006labels\030" - + "\005 \003(\01326.google.cloud.security.privateca." - + "v1.CaPool.LabelsEntryB\003\340A\001\032K\n\021Publishing" - + "Options\022\034\n\017publish_ca_cert\030\001 \001(\010B\003\340A\001\022\030\n" - + "\013publish_crl\030\002 \001(\010B\003\340A\001\032\357\t\n\016IssuancePoli" - + "cy\022h\n\021allowed_key_types\030\001 \003(\0132H.google.c" - + "loud.security.privateca.v1.CaPool.Issuan" - + "cePolicy.AllowedKeyTypeB\003\340A\001\0228\n\020maximum_" - + "lifetime\030\002 \001(\0132\031.google.protobuf.Duratio" - + "nB\003\340A\001\022l\n\026allowed_issuance_modes\030\003 \001(\0132G" - + ".google.cloud.security.privateca.v1.CaPo" - + "ol.IssuancePolicy.IssuanceModesB\003\340A\001\022P\n\017" - + "baseline_values\030\004 \001(\01322.google.cloud.sec" - + "urity.privateca.v1.X509ParametersB\003\340A\001\022e" - + "\n\024identity_constraints\030\005 \001(\0132B.google.cl" - + "oud.security.privateca.v1.CertificateIde" - + "ntityConstraintsB\003\340A\001\022h\n\026passthrough_ext" - + "ensions\030\006 \001(\0132C.google.cloud.security.pr" - + "ivateca.v1.CertificateExtensionConstrain" - + "tsB\003\340A\001\032\305\004\n\016AllowedKeyType\022b\n\003rsa\030\001 \001(\0132" - + "S.google.cloud.security.privateca.v1.CaP" - + "ool.IssuancePolicy.AllowedKeyType.RsaKey" - + "TypeH\000\022l\n\016elliptic_curve\030\002 \001(\0132R.google." - + "cloud.security.privateca.v1.CaPool.Issua" - + "ncePolicy.AllowedKeyType.EcKeyTypeH\000\032J\n\n" - + "RsaKeyType\022\035\n\020min_modulus_size\030\001 \001(\003B\003\340A" - + "\001\022\035\n\020max_modulus_size\030\002 \001(\003B\003\340A\001\032\210\002\n\tEcK" - + "eyType\022\211\001\n\023signature_algorithm\030\001 \001(\0162g.g" - + "oogle.cloud.security.privateca.v1.CaPool" - + ".IssuancePolicy.AllowedKeyType.EcKeyType" - + ".EcSignatureAlgorithmB\003\340A\001\"o\n\024EcSignatur" - + "eAlgorithm\022&\n\"EC_SIGNATURE_ALGORITHM_UNS" - + "PECIFIED\020\000\022\016\n\nECDSA_P256\020\001\022\016\n\nECDSA_P384" - + "\020\002\022\017\n\013EDDSA_25519\020\003B\n\n\010key_type\032`\n\rIssua" - + "nceModes\022%\n\030allow_csr_based_issuance\030\001 \001" - + "(\010B\003\340A\001\022(\n\033allow_config_based_issuance\030\002" - + " \001(\010B\003\340A\001\032-\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n" - + "\005value\030\002 \001(\t:\0028\001\"8\n\004Tier\022\024\n\020TIER_UNSPECI" - + "FIED\020\000\022\016\n\nENTERPRISE\020\001\022\n\n\006DEVOPS\020\002:_\352A\\\n" - + "\037privateca.googleapis.com/CaPool\0229projec" - + "ts/{project}/locations/{location}/caPool" - + "s/{ca_pool}\"\274\010\n\031CertificateRevocationLis" - + "t\022\021\n\004name\030\001 \001(\tB\003\340A\003\022\034\n\017sequence_number\030" - + "\002 \001(\003B\003\340A\003\022s\n\024revoked_certificates\030\003 \003(\013" - + "2P.google.cloud.security.privateca.v1.Ce" - + "rtificateRevocationList.RevokedCertifica" - + "teB\003\340A\003\022\024\n\007pem_crl\030\004 \001(\tB\003\340A\003\022\027\n\naccess_" - + "url\030\005 \001(\tB\003\340A\003\022W\n\005state\030\006 \001(\0162C.google.c" - + "loud.security.privateca.v1.CertificateRe" - + "vocationList.StateB\003\340A\003\0224\n\013create_time\030\007" - + " \001(\0132\032.google.protobuf.TimestampB\003\340A\003\0224\n" - + "\013update_time\030\010 \001(\0132\032.google.protobuf.Tim" - + "estampB\003\340A\003\022\030\n\013revision_id\030\t \001(\tB\003\340A\003\022^\n" - + "\006labels\030\n \003(\0132I.google.cloud.security.pr" - + "ivateca.v1.CertificateRevocationList.Lab" - + "elsEntryB\003\340A\001\032\300\001\n\022RevokedCertificate\022>\n\013" - + "certificate\030\001 \001(\tB)\372A&\n$privateca.google" - + "apis.com/Certificate\022\031\n\021hex_serial_numbe" - + "r\030\002 \001(\t\022O\n\021revocation_reason\030\003 \001(\01624.goo" - + "gle.cloud.security.privateca.v1.Revocati" - + "onReason\032-\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005" - + "value\030\002 \001(\t:\0028\001\":\n\005State\022\025\n\021STATE_UNSPEC" - + "IFIED\020\000\022\n\n\006ACTIVE\020\001\022\016\n\nSUPERSEDED\020\002:\334\001\352A" - + "\330\001\n2privateca.googleapis.com/Certificate" - + "RevocationList\022\241\001projects/{project}/loca" - + "tions/{location}/caPools/{ca_pool}/certi" - + "ficateAuthorities/{certificate_authority" - + "}/certificateRevocationLists/{certificat" - + "e_revocation_list}\"\217\n\n\013Certificate\022:\n\004na" - + "me\030\001 \001(\tB,\340A\003\372A&\n$privateca.googleapis.c" - + "om/Certificate\022\026\n\007pem_csr\030\002 \001(\tB\003\340A\005H\000\022L" - + "\n\006config\030\003 \001(\01325.google.cloud.security.p" - + "rivateca.v1.CertificateConfigB\003\340A\005H\000\022[\n\034" - + "issuer_certificate_authority\030\004 \001(\tB5\340A\003\372" - + "A/\n-privateca.googleapis.com/Certificate" - + "Authority\0223\n\010lifetime\030\005 \001(\0132\031.google.pro" - + "tobuf.DurationB\006\340A\002\340A\005\022R\n\024certificate_te" - + "mplate\030\006 \001(\tB4\340A\005\372A.\n,privateca.googleap" - + "is.com/CertificateTemplate\022Q\n\014subject_mo" - + "de\030\007 \001(\01626.google.cloud.security.private" - + "ca.v1.SubjectRequestModeB\003\340A\005\022b\n\022revocat" - + "ion_details\030\010 \001(\0132A.google.cloud.securit" - + "y.privateca.v1.Certificate.RevocationDet" - + "ailsB\003\340A\003\022\034\n\017pem_certificate\030\t \001(\tB\003\340A\003\022" - + "`\n\027certificate_description\030\n \001(\0132:.googl" - + "e.cloud.security.privateca.v1.Certificat" - + "eDescriptionB\003\340A\003\022\"\n\025pem_certificate_cha" - + "in\030\013 \003(\tB\003\340A\003\0224\n\013create_time\030\014 \001(\0132\032.goo" - + "gle.protobuf.TimestampB\003\340A\003\0224\n\013update_ti" - + "me\030\r \001(\0132\032.google.protobuf.TimestampB\003\340A" - + "\003\022P\n\006labels\030\016 \003(\0132;.google.cloud.securit" - + "y.privateca.v1.Certificate.LabelsEntryB\003" - + "\340A\001\032\230\001\n\021RevocationDetails\022N\n\020revocation_" - + "state\030\001 \001(\01624.google.cloud.security.priv" - + "ateca.v1.RevocationReason\0223\n\017revocation_" - + "time\030\002 \001(\0132\032.google.protobuf.Timestamp\032-" - + "\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(" - + "\t:\0028\001:\177\352A|\n$privateca.googleapis.com/Cer" - + "tificate\022Tprojects/{project}/locations/{" - + "location}/caPools/{ca_pool}/certificates" - + "/{certificate}B\024\n\022certificate_config\"\227\006\n" - + "\023CertificateTemplate\022B\n\004name\030\001 \001(\tB4\340A\003\372" - + "A.\n,privateca.googleapis.com/Certificate" - + "Template\022R\n\021predefined_values\030\002 \001(\01322.go" - + "ogle.cloud.security.privateca.v1.X509Par" - + "ametersB\003\340A\001\022e\n\024identity_constraints\030\003 \001" - + "(\0132B.google.cloud.security.privateca.v1." - + "CertificateIdentityConstraintsB\003\340A\001\022h\n\026p" - + "assthrough_extensions\030\004 \001(\0132C.google.clo" - + "ud.security.privateca.v1.CertificateExte" - + "nsionConstraintsB\003\340A\001\022\030\n\013description\030\005 \001" - + "(\tB\003\340A\001\0224\n\013create_time\030\006 \001(\0132\032.google.pr" - + "otobuf.TimestampB\003\340A\003\0224\n\013update_time\030\007 \001" - + "(\0132\032.google.protobuf.TimestampB\003\340A\003\022X\n\006l" - + "abels\030\010 \003(\0132C.google.cloud.security.priv" - + "ateca.v1.CertificateTemplate.LabelsEntry" - + "B\003\340A\001\032-\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005val" - + "ue\030\002 \001(\t:\0028\001:\207\001\352A\203\001\n,privateca.googleapi" - + "s.com/CertificateTemplate\022Sprojects/{pro" - + "ject}/locations/{location}/certificateTe" - + "mplates/{certificate_template}\"\337\003\n\016X509P" - + "arameters\022D\n\tkey_usage\030\001 \001(\0132,.google.cl" - + "oud.security.privateca.v1.KeyUsageB\003\340A\001\022" - + "U\n\nca_options\030\002 \001(\0132<.google.cloud.secur" - + "ity.privateca.v1.X509Parameters.CaOption" - + "sB\003\340A\001\022E\n\npolicy_ids\030\003 \003(\0132,.google.clou" - + "d.security.privateca.v1.ObjectIdB\003\340A\001\022\035\n" - + "\020aia_ocsp_servers\030\004 \003(\tB\003\340A\001\022U\n\025addition" - + "al_extensions\030\005 \003(\01321.google.cloud.secur" - + "ity.privateca.v1.X509ExtensionB\003\340A\001\032s\n\tC" - + "aOptions\022\027\n\005is_ca\030\001 \001(\010B\003\340A\001H\000\210\001\001\022(\n\026max" - + "_issuer_path_length\030\002 \001(\005B\003\340A\001H\001\210\001\001B\010\n\006_" - + "is_caB\031\n\027_max_issuer_path_length\"\251\002\n\021Sub" - + "ordinateConfig\022V\n\025certificate_authority\030" - + "\001 \001(\tB5\340A\002\372A/\n-privateca.googleapis.com/" - + "CertificateAuthorityH\000\022m\n\020pem_issuer_cha" - + "in\030\002 \001(\0132L.google.cloud.security.private" - + "ca.v1.SubordinateConfig.SubordinateConfi" - + "gChainB\003\340A\002H\000\0327\n\026SubordinateConfigChain\022" - + "\035\n\020pem_certificates\030\001 \003(\tB\003\340A\002B\024\n\022subord" - + "inate_config\"\235\001\n\tPublicKey\022\020\n\003key\030\001 \001(\014B" - + "\003\340A\002\022L\n\006format\030\002 \001(\01627.google.cloud.secu" - + "rity.privateca.v1.PublicKey.KeyFormatB\003\340" - + "A\002\"0\n\tKeyFormat\022\032\n\026KEY_FORMAT_UNSPECIFIE" - + "D\020\000\022\007\n\003PEM\020\001\"\264\003\n\021CertificateConfig\022`\n\016su" - + "bject_config\030\001 \001(\0132C.google.cloud.securi" - + "ty.privateca.v1.CertificateConfig.Subjec" - + "tConfigB\003\340A\002\022L\n\013x509_config\030\002 \001(\01322.goog" - + "le.cloud.security.privateca.v1.X509Param" - + "etersB\003\340A\002\022F\n\npublic_key\030\003 \001(\0132-.google." - + "cloud.security.privateca.v1.PublicKeyB\003\340" - + "A\001\032\246\001\n\rSubjectConfig\022A\n\007subject\030\001 \001(\0132+." - + "google.cloud.security.privateca.v1.Subje" - + "ctB\003\340A\002\022R\n\020subject_alt_name\030\002 \001(\01323.goog" - + "le.cloud.security.privateca.v1.SubjectAl" - + "tNamesB\003\340A\001\"\241\010\n\026CertificateDescription\022j" - + "\n\023subject_description\030\001 \001(\0132M.google.clo" - + "ud.security.privateca.v1.CertificateDesc" - + "ription.SubjectDescription\022L\n\020x509_descr" - + "iption\030\002 \001(\01322.google.cloud.security.pri" - + "vateca.v1.X509Parameters\022A\n\npublic_key\030\003" - + " \001(\0132-.google.cloud.security.privateca.v" - + "1.PublicKey\022X\n\016subject_key_id\030\004 \001(\0132@.go" + + "eRevocationList.StateB\003\340A\003\0224\n\013create_tim" + + "e\030\007 \001(\0132\032.google.protobuf.TimestampB\003\340A\003" + + "\0224\n\013update_time\030\010 \001(\0132\032.google.protobuf." + + "TimestampB\003\340A\003\022\030\n\013revision_id\030\t \001(\tB\003\340A\003" + + "\022^\n\006labels\030\n \003(\0132I.google.cloud.security" + + ".privateca.v1.CertificateRevocationList." + + "LabelsEntryB\003\340A\001\032\300\001\n\022RevokedCertificate\022" + + ">\n\013certificate\030\001 \001(\tB)\372A&\n$privateca.goo" + + "gleapis.com/Certificate\022\031\n\021hex_serial_nu" + + "mber\030\002 \001(\t\022O\n\021revocation_reason\030\003 \001(\01624." + + "google.cloud.security.privateca.v1.Revoc" + + "ationReason\032-\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022" + + "\r\n\005value\030\002 \001(\t:\0028\001\":\n\005State\022\025\n\021STATE_UNS" + + "PECIFIED\020\000\022\n\n\006ACTIVE\020\001\022\016\n\nSUPERSEDED\020\002:\334" + + "\001\352A\330\001\n2privateca.googleapis.com/Certific" + + "ateRevocationList\022\241\001projects/{project}/l" + + "ocations/{location}/caPools/{ca_pool}/ce" + + "rtificateAuthorities/{certificate_author" + + "ity}/certificateRevocationLists/{certifi" + + "cate_revocation_list}\"\217\n\n\013Certificate\022:\n" + + "\004name\030\001 \001(\tB,\340A\003\372A&\n$privateca.googleapi" + + "s.com/Certificate\022\026\n\007pem_csr\030\002 \001(\tB\003\340A\005H" + + "\000\022L\n\006config\030\003 \001(\01325.google.cloud.securit" + + "y.privateca.v1.CertificateConfigB\003\340A\005H\000\022" + + "[\n\034issuer_certificate_authority\030\004 \001(\tB5\340" + + "A\003\372A/\n-privateca.googleapis.com/Certific" + + "ateAuthority\0223\n\010lifetime\030\005 \001(\0132\031.google." + + "protobuf.DurationB\006\340A\002\340A\005\022R\n\024certificate" + + "_template\030\006 \001(\tB4\340A\005\372A.\n,privateca.googl" + + "eapis.com/CertificateTemplate\022Q\n\014subject" + + "_mode\030\007 \001(\01626.google.cloud.security.priv" + + "ateca.v1.SubjectRequestModeB\003\340A\005\022b\n\022revo" + + "cation_details\030\010 \001(\0132A.google.cloud.secu" + + "rity.privateca.v1.Certificate.Revocation" + + "DetailsB\003\340A\003\022\034\n\017pem_certificate\030\t \001(\tB\003\340" + + "A\003\022`\n\027certificate_description\030\n \001(\0132:.go" + "ogle.cloud.security.privateca.v1.Certifi" - + "cateDescription.KeyId\022Z\n\020authority_key_i" - + "d\030\005 \001(\0132@.google.cloud.security.privatec" - + "a.v1.CertificateDescription.KeyId\022\037\n\027crl" - + "_distribution_points\030\006 \003(\t\022$\n\034aia_issuin" - + "g_certificate_urls\030\007 \003(\t\022k\n\020cert_fingerp" - + "rint\030\010 \001(\0132Q.google.cloud.security.priva" - + "teca.v1.CertificateDescription.Certifica" - + "teFingerprint\032\322\002\n\022SubjectDescription\022<\n\007" - + "subject\030\001 \001(\0132+.google.cloud.security.pr" - + "ivateca.v1.Subject\022M\n\020subject_alt_name\030\002" - + " \001(\01323.google.cloud.security.privateca.v" - + "1.SubjectAltNames\022\031\n\021hex_serial_number\030\003" - + " \001(\t\022+\n\010lifetime\030\004 \001(\0132\031.google.protobuf" - + ".Duration\0223\n\017not_before_time\030\005 \001(\0132\032.goo" - + "gle.protobuf.Timestamp\0222\n\016not_after_time" - + "\030\006 \001(\0132\032.google.protobuf.Timestamp\032\034\n\005Ke" - + "yId\022\023\n\006key_id\030\001 \001(\tB\003\340A\001\032-\n\026CertificateF" - + "ingerprint\022\023\n\013sha256_hash\030\001 \001(\t\"\'\n\010Objec" - + "tId\022\033\n\016object_id_path\030\001 \003(\005B\003\340A\002\"\200\001\n\rX50" - + "9Extension\022D\n\tobject_id\030\001 \001(\0132,.google.c" - + "loud.security.privateca.v1.ObjectIdB\003\340A\002" - + "\022\025\n\010critical\030\002 \001(\010B\003\340A\001\022\022\n\005value\030\003 \001(\014B\003" - + "\340A\002\"\242\005\n\010KeyUsage\022T\n\016base_key_usage\030\001 \001(\013" - + "2<.google.cloud.security.privateca.v1.Ke" - + "yUsage.KeyUsageOptions\022`\n\022extended_key_u" - + "sage\030\002 \001(\0132D.google.cloud.security.priva" - + "teca.v1.KeyUsage.ExtendedKeyUsageOptions" - + "\022Q\n\033unknown_extended_key_usages\030\003 \003(\0132,." - + "google.cloud.security.privateca.v1.Objec" - + "tId\032\347\001\n\017KeyUsageOptions\022\031\n\021digital_signa" - + "ture\030\001 \001(\010\022\032\n\022content_commitment\030\002 \001(\010\022\030" - + "\n\020key_encipherment\030\003 \001(\010\022\031\n\021data_enciphe" - + "rment\030\004 \001(\010\022\025\n\rkey_agreement\030\005 \001(\010\022\021\n\tce" - + "rt_sign\030\006 \001(\010\022\020\n\010crl_sign\030\007 \001(\010\022\025\n\rencip" - + "her_only\030\010 \001(\010\022\025\n\rdecipher_only\030\t \001(\010\032\240\001" - + "\n\027ExtendedKeyUsageOptions\022\023\n\013server_auth" - + "\030\001 \001(\010\022\023\n\013client_auth\030\002 \001(\010\022\024\n\014code_sign" - + "ing\030\003 \001(\010\022\030\n\020email_protection\030\004 \001(\010\022\025\n\rt" - + "ime_stamping\030\005 \001(\010\022\024\n\014ocsp_signing\030\006 \001(\010" - + "\"\270\001\n\007Subject\022\023\n\013common_name\030\001 \001(\t\022\024\n\014cou" - + "ntry_code\030\002 \001(\t\022\024\n\014organization\030\003 \001(\t\022\033\n" - + "\023organizational_unit\030\004 \001(\t\022\020\n\010locality\030\005" - + " \001(\t\022\020\n\010province\030\006 \001(\t\022\026\n\016street_address" - + "\030\007 \001(\t\022\023\n\013postal_code\030\010 \001(\t\"\251\001\n\017SubjectA" - + "ltNames\022\021\n\tdns_names\030\001 \003(\t\022\014\n\004uris\030\002 \003(\t" - + "\022\027\n\017email_addresses\030\003 \003(\t\022\024\n\014ip_addresse" - + "s\030\004 \003(\t\022F\n\013custom_sans\030\005 \003(\01321.google.cl" - + "oud.security.privateca.v1.X509Extension\"" - + "\372\001\n\036CertificateIdentityConstraints\022.\n\016ce" - + "l_expression\030\001 \001(\0132\021.google.type.ExprB\003\340" - + "A\001\022+\n\031allow_subject_passthrough\030\002 \001(\010B\003\340" - + "A\002H\000\210\001\001\0225\n#allow_subject_alt_names_passt" - + "hrough\030\003 \001(\010B\003\340A\002H\001\210\001\001B\034\n\032_allow_subject" - + "_passthroughB&\n$_allow_subject_alt_names" - + "_passthrough\"\236\003\n\037CertificateExtensionCon" - + "straints\022|\n\020known_extensions\030\001 \003(\0162].goo" - + "gle.cloud.security.privateca.v1.Certific" - + "ateExtensionConstraints.KnownCertificate" - + "ExtensionB\003\340A\001\022P\n\025additional_extensions\030" - + "\002 \003(\0132,.google.cloud.security.privateca." - + "v1.ObjectIdB\003\340A\001\"\252\001\n\031KnownCertificateExt" - + "ension\022+\n\'KNOWN_CERTIFICATE_EXTENSION_UN" - + "SPECIFIED\020\000\022\022\n\016BASE_KEY_USAGE\020\001\022\026\n\022EXTEN" - + "DED_KEY_USAGE\020\002\022\016\n\nCA_OPTIONS\020\003\022\016\n\nPOLIC" - + "Y_IDS\020\004\022\024\n\020AIA_OCSP_SERVERS\020\005*\207\002\n\020Revoca" - + "tionReason\022!\n\035REVOCATION_REASON_UNSPECIF" - + "IED\020\000\022\022\n\016KEY_COMPROMISE\020\001\022$\n CERTIFICATE" - + "_AUTHORITY_COMPROMISE\020\002\022\027\n\023AFFILIATION_C" - + "HANGED\020\003\022\016\n\nSUPERSEDED\020\004\022\032\n\026CESSATION_OF" - + "_OPERATION\020\005\022\024\n\020CERTIFICATE_HOLD\020\006\022\027\n\023PR" - + "IVILEGE_WITHDRAWN\020\007\022\"\n\036ATTRIBUTE_AUTHORI" - + "TY_COMPROMISE\020\010*]\n\022SubjectRequestMode\022$\n" - + " SUBJECT_REQUEST_MODE_UNSPECIFIED\020\000\022\013\n\007D" - + "EFAULT\020\001\022\024\n\020REFLECTED_SPIFFE\020\002B\206\002\n&com.g" - + "oogle.cloud.security.privateca.v1B\027Priva" - + "teCaResourcesProtoP\001ZKgoogle.golang.org/" - + "genproto/googleapis/cloud/security/priva" - + "teca/v1;privateca\370\001\001\252\002\"Google.Cloud.Secu" - + "rity.PrivateCA.V1\312\002\"Google\\Cloud\\Securit" - + "y\\PrivateCA\\V1\352\002&Google::Cloud::Security" - + "::PrivateCA::V1b\006proto3" + + "cateDescriptionB\003\340A\003\022\"\n\025pem_certificate_" + + "chain\030\013 \003(\tB\003\340A\003\0224\n\013create_time\030\014 \001(\0132\032." + + "google.protobuf.TimestampB\003\340A\003\0224\n\013update" + + "_time\030\r \001(\0132\032.google.protobuf.TimestampB" + + "\003\340A\003\022P\n\006labels\030\016 \003(\0132;.google.cloud.secu" + + "rity.privateca.v1.Certificate.LabelsEntr" + + "yB\003\340A\001\032\230\001\n\021RevocationDetails\022N\n\020revocati" + + "on_state\030\001 \001(\01624.google.cloud.security.p" + + "rivateca.v1.RevocationReason\0223\n\017revocati" + + "on_time\030\002 \001(\0132\032.google.protobuf.Timestam" + + "p\032-\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002" + + " \001(\t:\0028\001:\177\352A|\n$privateca.googleapis.com/" + + "Certificate\022Tprojects/{project}/location" + + "s/{location}/caPools/{ca_pool}/certifica" + + "tes/{certificate}B\024\n\022certificate_config\"" + + "\227\006\n\023CertificateTemplate\022B\n\004name\030\001 \001(\tB4\340" + + "A\003\372A.\n,privateca.googleapis.com/Certific" + + "ateTemplate\022R\n\021predefined_values\030\002 \001(\01322" + + ".google.cloud.security.privateca.v1.X509" + + "ParametersB\003\340A\001\022e\n\024identity_constraints\030" + + "\003 \001(\0132B.google.cloud.security.privateca." + + "v1.CertificateIdentityConstraintsB\003\340A\001\022h" + + "\n\026passthrough_extensions\030\004 \001(\0132C.google." + + "cloud.security.privateca.v1.CertificateE" + + "xtensionConstraintsB\003\340A\001\022\030\n\013description\030" + + "\005 \001(\tB\003\340A\001\0224\n\013create_time\030\006 \001(\0132\032.google" + + ".protobuf.TimestampB\003\340A\003\0224\n\013update_time\030" + + "\007 \001(\0132\032.google.protobuf.TimestampB\003\340A\003\022X" + + "\n\006labels\030\010 \003(\0132C.google.cloud.security.p" + + "rivateca.v1.CertificateTemplate.LabelsEn" + + "tryB\003\340A\001\032-\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005" + + "value\030\002 \001(\t:\0028\001:\207\001\352A\203\001\n,privateca.google" + + "apis.com/CertificateTemplate\022Sprojects/{" + + "project}/locations/{location}/certificat" + + "eTemplates/{certificate_template}\"\337\003\n\016X5" + + "09Parameters\022D\n\tkey_usage\030\001 \001(\0132,.google" + + ".cloud.security.privateca.v1.KeyUsageB\003\340" + + "A\001\022U\n\nca_options\030\002 \001(\0132<.google.cloud.se" + + "curity.privateca.v1.X509Parameters.CaOpt" + + "ionsB\003\340A\001\022E\n\npolicy_ids\030\003 \003(\0132,.google.c" + + "loud.security.privateca.v1.ObjectIdB\003\340A\001" + + "\022\035\n\020aia_ocsp_servers\030\004 \003(\tB\003\340A\001\022U\n\025addit" + + "ional_extensions\030\005 \003(\01321.google.cloud.se" + + "curity.privateca.v1.X509ExtensionB\003\340A\001\032s" + + "\n\tCaOptions\022\027\n\005is_ca\030\001 \001(\010B\003\340A\001H\000\210\001\001\022(\n\026" + + "max_issuer_path_length\030\002 \001(\005B\003\340A\001H\001\210\001\001B\010" + + "\n\006_is_caB\031\n\027_max_issuer_path_length\"\251\002\n\021" + + "SubordinateConfig\022V\n\025certificate_authori" + + "ty\030\001 \001(\tB5\340A\002\372A/\n-privateca.googleapis.c" + + "om/CertificateAuthorityH\000\022m\n\020pem_issuer_" + + "chain\030\002 \001(\0132L.google.cloud.security.priv" + + "ateca.v1.SubordinateConfig.SubordinateCo" + + "nfigChainB\003\340A\002H\000\0327\n\026SubordinateConfigCha" + + "in\022\035\n\020pem_certificates\030\001 \003(\tB\003\340A\002B\024\n\022sub" + + "ordinate_config\"\235\001\n\tPublicKey\022\020\n\003key\030\001 \001" + + "(\014B\003\340A\002\022L\n\006format\030\002 \001(\01627.google.cloud.s" + + "ecurity.privateca.v1.PublicKey.KeyFormat" + + "B\003\340A\002\"0\n\tKeyFormat\022\032\n\026KEY_FORMAT_UNSPECI" + + "FIED\020\000\022\007\n\003PEM\020\001\"\264\003\n\021CertificateConfig\022`\n" + + "\016subject_config\030\001 \001(\0132C.google.cloud.sec" + + "urity.privateca.v1.CertificateConfig.Sub" + + "jectConfigB\003\340A\002\022L\n\013x509_config\030\002 \001(\01322.g" + + "oogle.cloud.security.privateca.v1.X509Pa" + + "rametersB\003\340A\002\022F\n\npublic_key\030\003 \001(\0132-.goog" + + "le.cloud.security.privateca.v1.PublicKey" + + "B\003\340A\001\032\246\001\n\rSubjectConfig\022A\n\007subject\030\001 \001(\013" + + "2+.google.cloud.security.privateca.v1.Su" + + "bjectB\003\340A\002\022R\n\020subject_alt_name\030\002 \001(\01323.g" + + "oogle.cloud.security.privateca.v1.Subjec" + + "tAltNamesB\003\340A\001\"\241\010\n\026CertificateDescriptio" + + "n\022j\n\023subject_description\030\001 \001(\0132M.google." + + "cloud.security.privateca.v1.CertificateD" + + "escription.SubjectDescription\022L\n\020x509_de" + + "scription\030\002 \001(\01322.google.cloud.security." + + "privateca.v1.X509Parameters\022A\n\npublic_ke" + + "y\030\003 \001(\0132-.google.cloud.security.privatec" + + "a.v1.PublicKey\022X\n\016subject_key_id\030\004 \001(\0132@" + + ".google.cloud.security.privateca.v1.Cert" + + "ificateDescription.KeyId\022Z\n\020authority_ke" + + "y_id\030\005 \001(\0132@.google.cloud.security.priva" + + "teca.v1.CertificateDescription.KeyId\022\037\n\027" + + "crl_distribution_points\030\006 \003(\t\022$\n\034aia_iss" + + "uing_certificate_urls\030\007 \003(\t\022k\n\020cert_fing" + + "erprint\030\010 \001(\0132Q.google.cloud.security.pr" + + "ivateca.v1.CertificateDescription.Certif" + + "icateFingerprint\032\322\002\n\022SubjectDescription\022" + + "<\n\007subject\030\001 \001(\0132+.google.cloud.security" + + ".privateca.v1.Subject\022M\n\020subject_alt_nam" + + "e\030\002 \001(\01323.google.cloud.security.privatec" + + "a.v1.SubjectAltNames\022\031\n\021hex_serial_numbe" + + "r\030\003 \001(\t\022+\n\010lifetime\030\004 \001(\0132\031.google.proto" + + "buf.Duration\0223\n\017not_before_time\030\005 \001(\0132\032." + + "google.protobuf.Timestamp\0222\n\016not_after_t" + + "ime\030\006 \001(\0132\032.google.protobuf.Timestamp\032\034\n" + + "\005KeyId\022\023\n\006key_id\030\001 \001(\tB\003\340A\001\032-\n\026Certifica" + + "teFingerprint\022\023\n\013sha256_hash\030\001 \001(\t\"\'\n\010Ob" + + "jectId\022\033\n\016object_id_path\030\001 \003(\005B\003\340A\002\"\200\001\n\r" + + "X509Extension\022D\n\tobject_id\030\001 \001(\0132,.googl" + + "e.cloud.security.privateca.v1.ObjectIdB\003" + + "\340A\002\022\025\n\010critical\030\002 \001(\010B\003\340A\001\022\022\n\005value\030\003 \001(" + + "\014B\003\340A\002\"\242\005\n\010KeyUsage\022T\n\016base_key_usage\030\001 " + + "\001(\0132<.google.cloud.security.privateca.v1" + + ".KeyUsage.KeyUsageOptions\022`\n\022extended_ke" + + "y_usage\030\002 \001(\0132D.google.cloud.security.pr" + + "ivateca.v1.KeyUsage.ExtendedKeyUsageOpti" + + "ons\022Q\n\033unknown_extended_key_usages\030\003 \003(\013" + + "2,.google.cloud.security.privateca.v1.Ob" + + "jectId\032\347\001\n\017KeyUsageOptions\022\031\n\021digital_si" + + "gnature\030\001 \001(\010\022\032\n\022content_commitment\030\002 \001(" + + "\010\022\030\n\020key_encipherment\030\003 \001(\010\022\031\n\021data_enci" + + "pherment\030\004 \001(\010\022\025\n\rkey_agreement\030\005 \001(\010\022\021\n" + + "\tcert_sign\030\006 \001(\010\022\020\n\010crl_sign\030\007 \001(\010\022\025\n\ren" + + "cipher_only\030\010 \001(\010\022\025\n\rdecipher_only\030\t \001(\010" + + "\032\240\001\n\027ExtendedKeyUsageOptions\022\023\n\013server_a" + + "uth\030\001 \001(\010\022\023\n\013client_auth\030\002 \001(\010\022\024\n\014code_s" + + "igning\030\003 \001(\010\022\030\n\020email_protection\030\004 \001(\010\022\025" + + "\n\rtime_stamping\030\005 \001(\010\022\024\n\014ocsp_signing\030\006 " + + "\001(\010\"\270\001\n\007Subject\022\023\n\013common_name\030\001 \001(\t\022\024\n\014" + + "country_code\030\002 \001(\t\022\024\n\014organization\030\003 \001(\t" + + "\022\033\n\023organizational_unit\030\004 \001(\t\022\020\n\010localit" + + "y\030\005 \001(\t\022\020\n\010province\030\006 \001(\t\022\026\n\016street_addr" + + "ess\030\007 \001(\t\022\023\n\013postal_code\030\010 \001(\t\"\251\001\n\017Subje" + + "ctAltNames\022\021\n\tdns_names\030\001 \003(\t\022\014\n\004uris\030\002 " + + "\003(\t\022\027\n\017email_addresses\030\003 \003(\t\022\024\n\014ip_addre" + + "sses\030\004 \003(\t\022F\n\013custom_sans\030\005 \003(\01321.google" + + ".cloud.security.privateca.v1.X509Extensi" + + "on\"\372\001\n\036CertificateIdentityConstraints\022.\n" + + "\016cel_expression\030\001 \001(\0132\021.google.type.Expr" + + "B\003\340A\001\022+\n\031allow_subject_passthrough\030\002 \001(\010" + + "B\003\340A\002H\000\210\001\001\0225\n#allow_subject_alt_names_pa" + + "ssthrough\030\003 \001(\010B\003\340A\002H\001\210\001\001B\034\n\032_allow_subj" + + "ect_passthroughB&\n$_allow_subject_alt_na" + + "mes_passthrough\"\236\003\n\037CertificateExtension" + + "Constraints\022|\n\020known_extensions\030\001 \003(\0162]." + + "google.cloud.security.privateca.v1.Certi" + + "ficateExtensionConstraints.KnownCertific" + + "ateExtensionB\003\340A\001\022P\n\025additional_extensio" + + "ns\030\002 \003(\0132,.google.cloud.security.private" + + "ca.v1.ObjectIdB\003\340A\001\"\252\001\n\031KnownCertificate" + + "Extension\022+\n\'KNOWN_CERTIFICATE_EXTENSION" + + "_UNSPECIFIED\020\000\022\022\n\016BASE_KEY_USAGE\020\001\022\026\n\022EX" + + "TENDED_KEY_USAGE\020\002\022\016\n\nCA_OPTIONS\020\003\022\016\n\nPO" + + "LICY_IDS\020\004\022\024\n\020AIA_OCSP_SERVERS\020\005*\207\002\n\020Rev" + + "ocationReason\022!\n\035REVOCATION_REASON_UNSPE" + + "CIFIED\020\000\022\022\n\016KEY_COMPROMISE\020\001\022$\n CERTIFIC" + + "ATE_AUTHORITY_COMPROMISE\020\002\022\027\n\023AFFILIATIO" + + "N_CHANGED\020\003\022\016\n\nSUPERSEDED\020\004\022\032\n\026CESSATION" + + "_OF_OPERATION\020\005\022\024\n\020CERTIFICATE_HOLD\020\006\022\027\n" + + "\023PRIVILEGE_WITHDRAWN\020\007\022\"\n\036ATTRIBUTE_AUTH" + + "ORITY_COMPROMISE\020\010*]\n\022SubjectRequestMode" + + "\022$\n SUBJECT_REQUEST_MODE_UNSPECIFIED\020\000\022\013" + + "\n\007DEFAULT\020\001\022\024\n\020REFLECTED_SPIFFE\020\002B\206\002\n&co" + + "m.google.cloud.security.privateca.v1B\027Pr" + + "ivateCaResourcesProtoP\001ZKgoogle.golang.o" + + "rg/genproto/googleapis/cloud/security/pr" + + "ivateca/v1;privateca\370\001\001\252\002\"Google.Cloud.S" + + "ecurity.PrivateCA.V1\312\002\"Google\\Cloud\\Secu" + + "rity\\PrivateCA\\V1\352\002&Google::Cloud::Secur" + + "ity::PrivateCA::V1b\006proto3" }; descriptor = com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom( descriptorData, new com.google.protobuf.Descriptors.FileDescriptor[] { + com.google.api.AnnotationsProto.getDescriptor(), com.google.api.FieldBehaviorProto.getDescriptor(), com.google.api.ResourceProto.getDescriptor(), com.google.protobuf.DurationProto.getDescriptor(), com.google.protobuf.TimestampProto.getDescriptor(), com.google.type.ExprProto.getDescriptor(), - com.google.api.AnnotationsProto.getDescriptor(), }); internal_static_google_cloud_security_privateca_v1_CertificateAuthority_descriptor = getDescriptor().getMessageTypes().get(0); @@ -977,12 +977,12 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() { registry.add(com.google.api.ResourceProto.resourceReference); com.google.protobuf.Descriptors.FileDescriptor.internalUpdateFileDescriptor( descriptor, registry); + com.google.api.AnnotationsProto.getDescriptor(); com.google.api.FieldBehaviorProto.getDescriptor(); com.google.api.ResourceProto.getDescriptor(); com.google.protobuf.DurationProto.getDescriptor(); com.google.protobuf.TimestampProto.getDescriptor(); com.google.type.ExprProto.getDescriptor(); - com.google.api.AnnotationsProto.getDescriptor(); } // @@protoc_insertion_point(outer_class_scope) diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNames.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNames.java index 23b1851c..7d02c0b1 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNames.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNames.java @@ -430,6 +430,8 @@ public com.google.protobuf.ByteString getIpAddressesBytes(int index) { * * 
    * Contains additional subject alternative name values.
+   * For each custom_san, the `value` field must contain an ASN.1 encoded
+   * UTF8String.
    *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -443,6 +445,8 @@ public java.util.List getC * * 
    * Contains additional subject alternative name values.
+   * For each custom_san, the `value` field must contain an ASN.1 encoded
+   * UTF8String.
    *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -457,6 +461,8 @@ public java.util.List getC * * 
    * Contains additional subject alternative name values.
+   * For each custom_san, the `value` field must contain an ASN.1 encoded
+   * UTF8String.
    *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -470,6 +476,8 @@ public int getCustomSansCount() { * * 
    * Contains additional subject alternative name values.
+   * For each custom_san, the `value` field must contain an ASN.1 encoded
+   * UTF8String.
    *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -483,6 +491,8 @@ public com.google.cloud.security.privateca.v1.X509Extension getCustomSans(int in * * 
    * Contains additional subject alternative name values.
+   * For each custom_san, the `value` field must contain an ASN.1 encoded
+   * UTF8String.
    *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1683,6 +1693,8 @@ private void ensureCustomSansIsMutable() { * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1700,6 +1712,8 @@ private void ensureCustomSansIsMutable() { * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1716,6 +1730,8 @@ public int getCustomSansCount() { * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1732,6 +1748,8 @@ public com.google.cloud.security.privateca.v1.X509Extension getCustomSans(int in * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1755,6 +1773,8 @@ public Builder setCustomSans( * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1775,6 +1795,8 @@ public Builder setCustomSans( * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1797,6 +1819,8 @@ public Builder addCustomSans(com.google.cloud.security.privateca.v1.X509Extensio * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1820,6 +1844,8 @@ public Builder addCustomSans( * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1840,6 +1866,8 @@ public Builder addCustomSans( * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1860,6 +1888,8 @@ public Builder addCustomSans( * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1880,6 +1910,8 @@ public Builder addAllCustomSans( * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1899,6 +1931,8 @@ public Builder clearCustomSans() { * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1918,6 +1952,8 @@ public Builder removeCustomSans(int index) { * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1931,6 +1967,8 @@ public com.google.cloud.security.privateca.v1.X509Extension.Builder getCustomSan * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1948,6 +1986,8 @@ public com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder getCustomSa * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1965,6 +2005,8 @@ public com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder getCustomSa * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1978,6 +2020,8 @@ public com.google.cloud.security.privateca.v1.X509Extension.Builder addCustomSan * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -1993,6 +2037,8 @@ public com.google.cloud.security.privateca.v1.X509Extension.Builder addCustomSan * * 
      * Contains additional subject alternative name values.
+     * For each custom_san, the `value` field must contain an ASN.1 encoded
+     * UTF8String.
      *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNamesOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNamesOrBuilder.java index 892115a4..41d02a75 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNamesOrBuilder.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNamesOrBuilder.java @@ -232,6 +232,8 @@ public interface SubjectAltNamesOrBuilder * * 
    * Contains additional subject alternative name values.
+   * For each custom_san, the `value` field must contain an ASN.1 encoded
+   * UTF8String.
    *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -242,6 +244,8 @@ public interface SubjectAltNamesOrBuilder * * 
    * Contains additional subject alternative name values.
+   * For each custom_san, the `value` field must contain an ASN.1 encoded
+   * UTF8String.
    *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -252,6 +256,8 @@ public interface SubjectAltNamesOrBuilder * * 
    * Contains additional subject alternative name values.
+   * For each custom_san, the `value` field must contain an ASN.1 encoded
+   * UTF8String.
    *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -262,6 +268,8 @@ public interface SubjectAltNamesOrBuilder * * 
    * Contains additional subject alternative name values.
+   * For each custom_san, the `value` field must contain an ASN.1 encoded
+   * UTF8String.
    *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; @@ -273,6 +281,8 @@ public interface SubjectAltNamesOrBuilder * * 
    * Contains additional subject alternative name values.
+   * For each custom_san, the `value` field must contain an ASN.1 encoded
+   * UTF8String.
    *
* * repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5; diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfig.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfig.java index 92db171a..28343f30 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfig.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfig.java @@ -1013,10 +1013,9 @@ public SubordinateConfigCase getSubordinateConfigCase() { * * * 
-   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-   * is used for information and usability purposes only. The resource name
-   * is in the format
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+   * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+   * and usability purposes only. The resource name is in the format
    * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    *
* @@ -1033,10 +1032,9 @@ public boolean hasCertificateAuthority() { * * * 
-   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-   * is used for information and usability purposes only. The resource name
-   * is in the format
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+   * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+   * and usability purposes only. The resource name is in the format
    * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    *
* @@ -1066,10 +1064,9 @@ public java.lang.String getCertificateAuthority() { * * * 
-   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-   * is used for information and usability purposes only. The resource name
-   * is in the format
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+   * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+   * and usability purposes only. The resource name is in the format
    * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    *
* @@ -1557,10 +1554,9 @@ public Builder clearSubordinateConfig() { * * * 
-     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-     * is used for information and usability purposes only. The resource name
-     * is in the format
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+     * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+     * and usability purposes only. The resource name is in the format
      * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      *
* @@ -1578,10 +1574,9 @@ public boolean hasCertificateAuthority() { * * * 
-     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-     * is used for information and usability purposes only. The resource name
-     * is in the format
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+     * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+     * and usability purposes only. The resource name is in the format
      * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      *
* @@ -1612,10 +1607,9 @@ public java.lang.String getCertificateAuthority() { * * * 
-     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-     * is used for information and usability purposes only. The resource name
-     * is in the format
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+     * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+     * and usability purposes only. The resource name is in the format
      * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      *
* @@ -1646,10 +1640,9 @@ public com.google.protobuf.ByteString getCertificateAuthorityBytes() { * * * 
-     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-     * is used for information and usability purposes only. The resource name
-     * is in the format
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+     * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+     * and usability purposes only. The resource name is in the format
      * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      *
* @@ -1673,10 +1666,9 @@ public Builder setCertificateAuthority(java.lang.String value) { * * * 
-     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-     * is used for information and usability purposes only. The resource name
-     * is in the format
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+     * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+     * and usability purposes only. The resource name is in the format
      * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      *
* @@ -1698,10 +1690,9 @@ public Builder clearCertificateAuthority() { * * * 
-     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-     * is used for information and usability purposes only. The resource name
-     * is in the format
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+     * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+     * and usability purposes only. The resource name is in the format
      * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      *
* diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfigOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfigOrBuilder.java index 16b55db4..bdb43a70 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfigOrBuilder.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfigOrBuilder.java @@ -27,10 +27,9 @@ public interface SubordinateConfigOrBuilder * * * 
-   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-   * is used for information and usability purposes only. The resource name
-   * is in the format
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+   * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+   * and usability purposes only. The resource name is in the format
    * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    *
* @@ -45,10 +44,9 @@ public interface SubordinateConfigOrBuilder * * * 
-   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-   * is used for information and usability purposes only. The resource name
-   * is in the format
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+   * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+   * and usability purposes only. The resource name is in the format
    * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    *
* @@ -63,10 +61,9 @@ public interface SubordinateConfigOrBuilder * * * 
-   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
-   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
-   * is used for information and usability purposes only. The resource name
-   * is in the format
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
+   * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
+   * and usability purposes only. The resource name is in the format
    * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    *
* diff --git a/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto index fb73f15b..2eaa1c8a 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto +++ b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto @@ -1,4 +1,4 @@ -// Copyright 2021 Google LLC +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -16,12 +16,12 @@ syntax = "proto3"; package google.cloud.security.privateca.v1; +import "google/api/annotations.proto"; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/timestamp.proto"; import "google/type/expr.proto"; -import "google/api/annotations.proto"; option cc_enable_arenas = true; option csharp_namespace = "Google.Cloud.Security.PrivateCA.V1"; @@ -40,34 +40,6 @@ message CertificateAuthority { pattern: "projects/{project}/locations/{location}/caPools/{ca_pool}/certificateAuthorities/{certificate_authority}" }; - // URLs where a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will publish content. - message AccessUrls { - // The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is - // published. This will only be set for CAs that have been activated. - string ca_certificate_access_url = 1; - - // The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This - // will only be set for CAs that have been activated. - repeated string crl_access_urls = 2; - } - - // A Cloud KMS key configuration that a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will use. - message KeyVersionSpec { - oneof KeyVersion { - // The resource name for an existing Cloud KMS CryptoKeyVersion in the - // format - // `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. - // This option enables full flexibility in the key's capabilities and - // properties. - string cloud_kms_key_version = 1; - - // The algorithm to use for creating a managed Cloud KMS key for a for a - // simplified experience. All managed keys will be have their - // [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`. - SignHashAlgorithm algorithm = 2; - } - } - // The type of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating its issuing chain. enum Type { // Not specified. @@ -115,6 +87,34 @@ message CertificateAuthority { DELETED = 5; } + // URLs where a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will publish content. + message AccessUrls { + // The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is + // published. This will only be set for CAs that have been activated. + string ca_certificate_access_url = 1; + + // The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This + // will only be set for CAs that have been activated. + repeated string crl_access_urls = 2; + } + + // A Cloud KMS key configuration that a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will use. + message KeyVersionSpec { + oneof KeyVersion { + // The resource name for an existing Cloud KMS CryptoKeyVersion in the + // format + // `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + // This option enables full flexibility in the key's capabilities and + // properties. + string cloud_kms_key_version = 1; + + // The algorithm to use for creating a managed Cloud KMS key for a for a + // simplified experience. All managed keys will be have their + // [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`. + SignHashAlgorithm algorithm = 2; + } + } + // The algorithm of a Cloud KMS CryptoKeyVersion of a // [CryptoKey][google.cloud.kms.v1.CryptoKey] with the // [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value @@ -122,7 +122,7 @@ message CertificateAuthority { // [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] // values. For RSA signing algorithms, the PSS algorithms should be preferred, // use PKCS1 algorithms if required for compatibility. For further - // recommandations, see + // recommendations, see // https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations. enum SignHashAlgorithm { // Not specified. @@ -169,10 +169,13 @@ message CertificateAuthority { (google.api.field_behavior) = IMMUTABLE ]; - // Required. The desired lifetime of the CA certificate. Used to create the + // Required. Immutable. The desired lifetime of the CA certificate. Used to create the // "not_before_time" and "not_after_time" fields inside an X.509 // certificate. - google.protobuf.Duration lifetime = 4 [(google.api.field_behavior) = REQUIRED]; + google.protobuf.Duration lifetime = 4 [ + (google.api.field_behavior) = REQUIRED, + (google.api.field_behavior) = IMMUTABLE + ]; // Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key @@ -246,6 +249,19 @@ message CaPool { pattern: "projects/{project}/locations/{location}/caPools/{ca_pool}" }; + // The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool], indicating its supported functionality and/or + // billing SKU. + enum Tier { + // Not specified. + TIER_UNSPECIFIED = 0; + + // Enterprise tier. + ENTERPRISE = 1; + + // DevOps tier. + DEVOPS = 2; + } + // Options relating to the publication of each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA // certificate and CRLs and their inclusion as extensions in issued // [Certificates][google.cloud.security.privateca.v1.Certificate]. The options set here apply to certificates @@ -279,14 +295,14 @@ message CaPool { // Describes an RSA key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from // a [CaPool][google.cloud.security.privateca.v1.CaPool]. message RsaKeyType { - // Optional. The minimum allowed RSA modulus size, in bits. If this is not set, - // or if set to zero, the service-level min RSA modulus size will - // continue to apply. + // Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is + // not set, or if set to zero, the service-level min RSA modulus size + // will continue to apply. int64 min_modulus_size = 1 [(google.api.field_behavior) = OPTIONAL]; - // Optional. The maximum allowed RSA modulus size, in bits. If this is not set, - // or if set to zero, the service will not enforce an explicit upper - // bound on RSA modulus sizes. + // Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is + // not set, or if set to zero, the service will not enforce an explicit + // upper bound on RSA modulus sizes. int64 max_modulus_size = 2 [(google.api.field_behavior) = OPTIONAL]; } @@ -382,19 +398,6 @@ message CaPool { CertificateExtensionConstraints passthrough_extensions = 6 [(google.api.field_behavior) = OPTIONAL]; } - // The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool], indicating its supported functionality and/or - // billing SKU. - enum Tier { - // Not specified. - TIER_UNSPECIFIED = 0; - - // Enterprise tier. - ENTERPRISE = 1; - - // DevOps tier. - DEVOPS = 2; - } - // Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the // format `projects/*/locations/*/caPools/*`. string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; @@ -691,10 +694,9 @@ message SubordinateConfig { } oneof subordinate_config { - // Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that - // was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field - // is used for information and usability purposes only. The resource name - // is in the format + // Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a + // subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information + // and usability purposes only. The resource name is in the format // `projects/*/locations/*/caPools/*/certificateAuthorities/*`. string certificate_authority = 1 [ (google.api.field_behavior) = REQUIRED, @@ -985,6 +987,8 @@ message SubjectAltNames { repeated string ip_addresses = 4; // Contains additional subject alternative name values. + // For each custom_san, the `value` field must contain an ASN.1 encoded + // UTF8String. repeated X509Extension custom_sans = 5; } diff --git a/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto index f13ce093..4dcfc4f0 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto +++ b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto @@ -1,4 +1,4 @@ -// Copyright 2021 Google LLC +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -385,11 +385,11 @@ message CreateCertificateRequest { // already been completed. The server will guarantee that for at least 60 // minutes since the first request. // - // For example, consider a situation where you make an initial request and t - // he request times out. If you make the request again with the same request - // ID, the server can check if original operation with the same request ID - // was received, and if so, will ignore the second request. This prevents - // clients from accidentally creating duplicate commitments. + // For example, consider a situation where you make an initial request and the + // request times out. If you make the request again with the same request ID, + // the server can check if original operation with the same request ID was + // received, and if so, will ignore the second request. This prevents clients + // from accidentally creating duplicate commitments. // // The request ID must be a valid UUID with the exception that zero UUID is // not supported (00000000-0000-0000-0000-000000000000). diff --git a/proto-google-cloud-security-private-ca-v1beta1/pom.xml b/proto-google-cloud-security-private-ca-v1beta1/pom.xml index 1813497b..ad726c04 100644 --- a/proto-google-cloud-security-private-ca-v1beta1/pom.xml +++ b/proto-google-cloud-security-private-ca-v1beta1/pom.xml @@ -4,13 +4,13 @@ 4.0.0 com.google.api.grpc proto-google-cloud-security-private-ca-v1beta1 - 0.9.2 + 0.9.3 proto-google-cloud-security-private-ca-v1beta1 Proto library for google-cloud-security-private-ca com.google.cloud google-cloud-security-private-ca-parent - 2.2.2 + 2.2.3 diff --git a/samples/install-without-bom/pom.xml b/samples/install-without-bom/pom.xml index ebfddaf0..4adb3200 100644 --- a/samples/install-without-bom/pom.xml +++ b/samples/install-without-bom/pom.xml @@ -29,7 +29,7 @@ com.google.cloud google-cloud-security-private-ca - 2.2.1 + 2.2.2 @@ -53,7 +53,7 @@ org.codehaus.mojo build-helper-maven-plugin - 3.2.0 + 3.3.0 add-snippets-source diff --git a/samples/snapshot/pom.xml b/samples/snapshot/pom.xml index 6b23b367..7a28d2a9 100644 --- a/samples/snapshot/pom.xml +++ b/samples/snapshot/pom.xml @@ -28,7 +28,7 @@ com.google.cloud google-cloud-security-private-ca - 2.2.2 + 2.2.3 @@ -52,7 +52,7 @@ org.codehaus.mojo build-helper-maven-plugin - 3.2.0 + 3.3.0 add-snippets-source diff --git a/samples/snippets/pom.xml b/samples/snippets/pom.xml index 4d3ad3fa..da84aed9 100644 --- a/samples/snippets/pom.xml +++ b/samples/snippets/pom.xml @@ -40,7 +40,7 @@ com.google.cloud libraries-bom - 24.1.2 + 24.2.0 pom import @@ -52,7 +52,7 @@ com.google.cloud google-cloud-security-private-ca - 2.2.1 + 2.2.2 org.bouncycastle diff --git a/versions.txt b/versions.txt index 95db89db..572acce3 100644 --- a/versions.txt +++ b/versions.txt @@ -1,8 +1,8 @@ # Format: # module:released-version:current-version -google-cloud-security-private-ca:2.2.2:2.2.2 -grpc-google-cloud-security-private-ca-v1beta1:0.9.2:0.9.2 -grpc-google-cloud-security-private-ca-v1:2.2.2:2.2.2 -proto-google-cloud-security-private-ca-v1beta1:0.9.2:0.9.2 -proto-google-cloud-security-private-ca-v1:2.2.2:2.2.2 +google-cloud-security-private-ca:2.2.3:2.2.3 +grpc-google-cloud-security-private-ca-v1beta1:0.9.3:0.9.3 +grpc-google-cloud-security-private-ca-v1:2.2.3:2.2.3 +proto-google-cloud-security-private-ca-v1beta1:0.9.3:0.9.3 +proto-google-cloud-security-private-ca-v1:2.2.3:2.2.3